Secret CISO 10/16: Texas DPS and WMDDH data breaches impact over 240,000, Easterseals under investigation, Surfshark launches Data Leak Checker, Brazil arrests USDoD hacker, HashiCorp updates security tools
Good morning! In today's edition of Secret CISO, we're diving into a series of data breaches impacting over 115,000 Texans, 127,000 private records, and even the FBI's InfraGard.
We'll also look at how cybersecurity company, Surfshark, is responding to these threats with their new Data Leak Checker tool. In legal news, Easterseals Central Illinois is under investigation for a data breach, a US government contractor is settling for $300k over a Medicare data breach, and Ticketmaster is being sued over a breach from earlier this year. On the tech front, HashiCorp's security tools Vault and Boundary are getting important new features, and TechRadar's top cheap VPN has built a free tool to help defend against data leaks.
Finally, we'll explore the arrest of a USDoD hacker in Brazil tied to multiple data breaches, and a potential $10K payout for victims of a 23andMe data breach. Stay tuned for these stories and more in today's Secret CISO newsletter.
Data Breaches
- Texas Department of Public Safety Data Breach: A data security breach at the Texas Department of Public Safety has exposed the personal information of over 115,000 Texans. The department is currently investigating the incident. Source: Dallas Express
- WMDDH Data Breach: WMDDH is under investigation for a data breach that has impacted over 127,000 private records. The breach is currently being investigated by Schubert Jonckheer & Kolbe LLP. Source: WV News
- Easterseals Central Illinois Data Breach: Easterseals Central Illinois has reported a data breach to the Attorney General of Maine. The organization experienced a cybersecurity incident that is currently under investigation. Source: Business Wire
- USDoD Hacker Arrested: Brazilian police have arrested a hacker responsible for data breaches at the US Department of Defense, including the FBI's InfraGard and National Public Data breach. The hacker's activities had significant impact and publicity. Source: Hackread
- Ticketmaster Data Breach: Ticketmaster is facing a lawsuit over a data breach that occurred earlier this year. The plaintiff, Daniel Pomeroy, is a customer whose data was compromised in the breach. Source: The Atlanta Journal-Constitution
Security Research
- Small Broadband Provider Organizations Partner to Host 2024 CyberShare Summit: Keatron Evans, Principal Security Researcher at Infosec, emphasizes the need for continuous training and certifications in cybersecurity. The CyberShare Summit aims to provide a platform for this education. Source: telecomreseller.com
- Fortinet Edge Devices Under Attack - Again: Security researchers have found that a patch released in February did not fully resolve a bug in Fortinet's edge devices, leading to another attack. Source: govinfosecurity.com
- Hacked robo-vacuums chase owners, yell slurs: Reports: Security researchers have reported on the poor security of robo-vacuums, which have been hacked to chase owners and yell slurs. Source: conchovalleyhomepage.com
- Chinese Researchers Tap Quantum to Break Encryption: Chinese security researchers have demonstrated a quantum technique to break encryption. However, most experts do not consider this a current threat to modern encryption methods. Source: darkreading.com
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity: Hackers are abusing the EDRSilencer tool to bypass security measures and hide malicious activity, according to Trend Micro researchers. Source: thehackernews.com
Top CVEs
- CVE-2023-32191: RKE, when provisioning a cluster, stores the cluster state in a configmap that could be accessed by non-admin users, leading to potential privilege escalation. Source: CVE-2023-32191
- CVE-2023-32188: NeuVector's JWT token used for authentication can be reverse-engineered, allowing malicious activity within NeuVector. Source: CVE-2023-32188
- CVE-2023-22649: A vulnerability in Rancher's audit logs could lead to sensitive data leakage. This impacts deployments that have Audit Logging enabled and AUDIT_LEVEL set to 1 or above. Source: CVE-2023-22649
- CVE-2024-22029: Insecure permissions in the packaging of Tomcat could allow local users to escalate privileges during package installation. Source: CVE-2024-22029
- CVE-2023-32194: A vulnerability in granting a create or * global role for a resource type of "namespaces" could lead to unauthorized access, creation, updating, or deletion of a namespace. Source: CVE-2023-32194
API Security
- RDS Light Vulnerability (CVE-2024-48918): RDS Light, a simplified version of the Reflective Dialogue System (RDS), has a vulnerability in versions prior to 1.1.0 that could allow injection attacks and potential memory tampering. The vulnerability has been patched in version 1.1.0. Users are advised to upgrade to this version or higher. Source: CVE-2024-48918
- RKE1 Cluster Vulnerability (CVE-2024-22032): An identified vulnerability in RKE1 cluster causes constant reconciliation when secrets encryption configuration is enabled. This results in Kube API secret values being written in plaintext on the AppliedSpec. Source: CVE-2024-22032
- API Server XSS Vulnerability (CVE-2023-32192): An unauthenticated cross-site scripting (XSS) vulnerability has been identified in the API Server's public API endpoint. This vulnerability can be exploited to execute arbitrary JavaScript code. Source: CVE-2023-32192
- Norman API Endpoint XSS Vulnerability (CVE-2023-32193): A similar XSS vulnerability has been identified in Norman's public API endpoint. This vulnerability can be exploited to trigger JavaScript code and execute commands. Source: CVE-2023-32193
- Namespace Permissions Vulnerability (CVE-2023-32194): A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces". This can lead to someone being capable of accessing, creating, updating, or deleting a namespace. Source: CVE-2023-32194
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from data breaches impacting over 115,000 Texans to the launch of Surfshark's Data Leak Checker tool. Remember, staying informed is the first step to staying secure.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. They might find it just as enlightening as you do. Stay safe, stay secure, and see you in the next edition of Secret CISO.