Subject: Secret CISO Daily Newsletter - 10/25: Data Breaches and Cybersecurity Hello, In today's edition of the Secret CISO newsletter, we delve into the world of data breaches and cybersecurity, highlighting the most impactful stories of the day.

UnitedHealth's tech unit, Change, has been hit by a massive data breach, potentially affecting over 100 million individuals. The breach could have compromised treatment records, social security numbers, and billing information. This incident is now considered the largest data breach in the country's healthcare sector. In other news, healthcare data breaches have also been reported in New York, Florida, and Arkansas, affecting various healthcare providers. These breaches underline the growing need for enhanced data security in the healthcare sector.

As we continue to observe Cybersecurity Awareness Month, we discuss the importance of effective communication during a data breach. Many businesses and organizations are underprepared for such incidents, and striking the right balance in communication is crucial. In a recent report by Portnox, it was revealed that 99% of Chief Information Security Officers (CISOs) fear losing their positions due to a data breach. This statistic underscores the high stakes involved in maintaining robust cybersecurity measures.

Lastly, we explore how tech giants like Apple and Google are encouraging security researchers to find bugs and vulnerabilities in their systems, offering substantial bug bounties in return. This collaborative approach is a positive step towards enhancing cybersecurity across the board. Stay tuned for more updates tomorrow.

Data Breaches

1. Massive Data Breach Hits UnitedHealth Tech Unit: UnitedHealth's tech unit, Change, suffered a massive cyberattack affecting treatment records, social security numbers, and billing information. The breach is considered one of the largest in the country, impacting over 100 million individuals. Source: Digital Watch Observatory, Reuters, MSSP Alert
2. Healthcare Data Breaches Reported in New York, Florida, & Arkansas: Recent data breaches have been reported by Advanced Recovery Equipment & Supplies in New York, We Level Up Treatment in Florida, and Arkansas, highlighting the vulnerability of healthcare data. Specific details about the breaches are not disclosed. Source: The HIPAA Journal
3. Healthcare Giant Henry Schein Reveals Data Breach Following Major Ransomware Attack: Henry Schein, a healthcare giant, has disclosed a data breach following a major ransomware attack in October 2024. The company has filed a data breach notification with the Office of the Maine Attorney General detailing the attacks. Source: TechRadar
4. Landmark Admin Discloses Data Breach Impacting 800,000 People: Landmark has disclosed a data breach impacting 800,000 people. The company has securely restored affected systems, improved its network security, and notified law enforcement of the breach. Source: SecurityWeek
5. Over 940,000 Medicare Beneficiaries Impacted By Data Breach: Wisconsin Physicians Service Insurance Corporation, a contractor for Medicare, recently notified over 940,000 Medicare beneficiaries of a data breach. The specifics of the breach are not disclosed. Source: Mondaq

Security Research

1. Apple opens up Private Cloud Compute to security researchers, offers bug bounties up to $1 million: Apple has released a Virtual Research Environment (VRE) and select PCC source code, allowing the security community to inspect and validate the company's security measures. The company is also offering bug bounties up to $1 million. Source: TechRadar
2. Google Updates Chrome For 2 Billion Windows Users As Dangerous Hackers Exposed: Google has updated Chrome after security researchers discovered a malicious game behind Chrome attacks. The attack was picked up on the PC of a user, highlighting the need for constant security updates. Source: Forbes
3. White House endorses collaboration with cybersecurity researchers: The White House has endorsed collaboration with the cybersecurity research community, highlighting the importance of security vulnerability research. This move signifies a shift in the approach to cybersecurity, with more emphasis on collaboration and transparency. Source: SC Media
4. AWS's Predictable Bucket Names Make Accounts Insecure: A security researcher with Aqua has found that AWS's predictable bucket names make accounts insecure. The researcher suggests that AWS should provide an option for users to modify the bucket name that the open source project creates for its users. Source: Dark Reading
5. Don't be duped: Here's how to spot deepfakes: AI and security expert V.S. Subrahmanian has shared five tips to help avoid getting tricked by modified images and videos, also known as deepfakes. This research highlights the growing concern over the misuse of AI technology. Source: Northwestern Now

Top CVEs

1. "Money Manager EX WebApp Incorrect Access Control": Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution. Source: CVE-2024-41617
2. "Snowflake Connector for Python Logging Issue": The Snowflake Connector for Python prior to version 3.12.3 could log Duo passcodes and Azure SAS tokens when the logging level was set to DEBUG. This could potentially lead to sensitive information disclosure. Source: CVE-2024-49750
3. "OpenRefine Database Extension Vulnerability": OpenRefine versions 3.4-beta to 3.8.3 have a vulnerability in the database extension that allows an attacker to load (local or remote) extension DLLs and run arbitrary code on the server. Source: CVE-2024-47881
4. "Butterfly Effect Limited Monica Your AI Copilot Prompt Injection": Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 has a prompt injection vulnerability in the chatbox that allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant. Source: CVE-2024-48140
5. "SourceCodester Online Exam System Access Control Issue": A critical vulnerability has been found in SourceCodester Online Exam System 1.0 that leads to improper access controls. The attack can be launched remotely. Source: CVE-2024-10353

API Security

1. WPS Telegram Chat plugin for WordPress Unauthorized Data Modification: The WPS Telegram Chat plugin for WordPress versions up to 4.5.4 is vulnerable to unauthorized data modification and data loss due to a missing capability check. This allows attackers with subscriber-level access to have full access to the Telegram Bot API endpoint. Source: CVE-2024-9628
2. WPS Telegram Chat plugin for WordPress Authorization Bypass: The WPS Telegram Chat plugin for WordPress versions up to 4.5.4 is vulnerable to authorization bypass due to a missing capability check. This allows unauthenticated attackers to view the messages sent through the Telegram Bot. Source: CVE-2024-9630
3. Mapster WP Maps plugin for WordPress Unauthorized Data Modification: The Mapster WP Maps plugin for WordPress versions up to 1.5.0 is vulnerable to unauthorized data modification leading to privilege escalation due to an insufficient capability check. This allows attackers with contributor-level access to update arbitrary options on the WordPress site. Source: CVE-2024-9235
4. WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress Unauthorized Data Modification: The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress versions up to 2.3.11 is vulnerable to unauthorized data modification due to a missing capability check. This allows attackers with Subscriber-level access to delete the plugin's API. Source: CVE-2024-9109
5. Order Notification for Telegram plugin for WordPress Unauthorized Test Message Sending: The Order Notification for Telegram plugin for WordPress versions up to 1.0.1 is vulnerable to unauthorized test message sending due to a missing capability check. This allows unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the plugin. Source: CVE-2024-9686

Sponsored by Wallarm API Security Solution

Final Words

That's all for today's edition of Secret CISO. The world of cybersecurity is constantly evolving, and it's our mission to keep you updated on the latest news, trends, and threats. Remember, knowledge is power when it comes to protecting your data and systems.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

Let's work together to create a safer digital world. Stay safe and see you tomorrow!