Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a major health data breach affecting millions due to a missing password. We'll also discuss how Surfshark is stepping up its game by introducing a free data leak-checking tool. In insurance news, Johnson and Johnson have been hit by a data breach, and Allianz reports a 14% increase in large cyber claims, primarily driven by data breaches and privacy violations.

We'll also touch on the rising cost of data breaches in India, and how organizations can turn these breaches into opportunities to strengthen cybersecurity. In the tech world, Zendesk has been helping Internet Archive secure their account after a hacker breached their email system. We'll also discuss the latest research on the growing security risk due to hybrid work environments, and how the energy sector is being affected by breaches linked to software and IT vendors.

Stay tuned for more updates on data security management regulations in China, new security requirements proposed by CISA, and how to rebuild trust after a cybersecurity breach. We'll also be covering the latest vulnerabilities and research in the cybersecurity world.

Data Breaches

1. Major Health Data Breach Due to Missing Password: Millions of individuals have been affected by a significant health data breach, primarily caused by an unprotected and poorly managed database. The breach has exposed a vast amount of personal information. Source: TechRadar
2. Data Breach Impacts Insurer Johnson and Johnson: US insurance company Johnson & Johnson has suffered a data breach, leading to the exposure of personal information. The extent of the breach and its impact are still under investigation. Source: MSSP Alert
3. Allianz Reports Increase in Large Cyber Claims: Insurance company Allianz has reported a 14% increase in large cyber claims, primarily driven by data breaches and privacy violations. Data breaches account for 59% of the reported risks. Source: Claims Journal
4. Data Breach at Arkansas Blue Cross and Blue Shield: Arkansas Blue Cross and Blue Shield has reported a data breach involving the personal information of its members. The breach was caused by a vendor, and the extent of the impact is currently being assessed. Source: KTLO
5. Internet Archive Account Breach: The Internet Archive has experienced a data breach after a hacker infiltrated their email system. The organization is currently reinforcing firewall systems and enhancing data protection measures. Source: The Record

Security Research

1. 67% of Energy Sector Breaches Linked to Software and IT Vendors, SecurityScorecard Reports: A recent report by SecurityScorecard revealed that 67% of breaches in the energy sector are linked to software and IT vendors, highlighting the vulnerability of the supply chain. Source: Morningstar
2. New Research Underscores the Growing Security Risk Due to Hybrid Work Environments: The shift to hybrid work environments has led to an "Access-Trust Gap", a security risk posed by unmanaged devices, according to a recent study. Source: Morningstar
3. Grip Security Releases 2025 SaaS Security Risks Report: Grip Security's latest research report reveals that 90% of SaaS applications and 91% of AI tools are unmanaged, posing significant security risks. Source: GlobeNewswire
4. Research on X-ray security contraband identification technology based on lightweight YOLOv8: A new study aims to improve the identification and localization of contraband targets in X-ray images using lightweight YOLOv8 technology. Source: Nature
5. US Government Pledges to Cyber Threat Sharing Via TLP Protocol: The US government has pledged to share cyber threat information with security researchers via the TLP protocol, emphasizing the importance of partnerships in cybersecurity. Source: Infosecurity Magazine

Top CVEs

1. CVE-2024-31880: IBM Db2 for Linux, UNIX, and Windows (versions 10.5, 11.1, and 11.5) is susceptible to a denial of service attack. Under specific configurations, the server may crash when an authenticated user uses a specially crafted SQL statement. Source: CVE-2024-31880
2. CVE-2024-48657: A SQL Injection vulnerability in the hospital management system in PHP with source code v.1.0.0 allows a remote attacker to execute arbitrary code. Source: CVE-2024-48657
3. CVE-2024-10229: Google Chrome prior to 130.0.6723.69 has an inappropriate implementation in Extensions that allows a remote attacker to bypass site isolation via a crafted Chrome Extension. Source: CVE-2024-10229
4. CVE-2023-50310: IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials using an insecure method that is susceptible to unauthorized interception. Source: CVE-2023-50310
5. CVE-2024-7587: Incorrect Default Permissions vulnerability in GenBroker32, included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, allows a local authenticated attacker to disclose or tamper with confidential information and data, or cause a denial of service condition. Source: CVE-2024-7587

API Security

1. ZZCMS inc.php Information Disclosure: A problematic vulnerability has been identified in ZZCMS 2023, affecting an unknown part of the file 3/qq-connect2.0/API/com/inc.php. This vulnerability leads to information disclosure and can be initiated remotely. The exploit has been publicly disclosed. Source: vulners.com.
2. Umbraco CMS Improper Access Control Vulnerability: An improper access control issue has been identified in Umbraco CMS, allowing low-privilege users to access the webhook API and retrieve restricted information. This vulnerability impacts users with access to the settings. Source: vulners.com.
3. Archer Platform API Authorization Bypass Vulnerability: Archer Platform 2024.03 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system files. Source: vulners.com.
4. Umbraco CMS Improper Access Control Issue: Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. This issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Source: vulners.com.
5. Liferay Portal Workflow Component Vulnerability: The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition. This allows remote authenticated users to modify workflow definitions and execute arbitrary code. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the digital landscape is a battlefield, with data breaches and security threats lurking around every corner. But remember, knowledge is power. By staying informed, we can all play a part in fortifying our defenses and safeguarding our data.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's spread the word and help each other stay one step ahead of the cyber threats. Stay safe, stay vigilant, and see you in the next edition of Secret CISO.