Welcome to today's issue of Secret CISO, where we delve into the latest cybersecurity news and updates. Today, we're focusing on a series of alarming data breaches that have affected millions of people worldwide.

First up, UnitedHealth has confirmed a massive data breach that has affected over 100 million Americans. The stolen data includes sensitive details such as health insurance information, medical records, Social Security numbers, and financial information. This breach has been dubbed the worst healthcare data breach in the country. In another incident, a Social Security data breach has affected 2.9 billion people worldwide. This breach has raised concerns about the potential impact on Medicare services.

Meanwhile, a council has narrowly avoided a six-figure fine after a data breach exposed the personal details of 2,000 staff and councillors. In other news, a class action settlement has been reached with Henry Schein, Inc. about a data breach that impacted personal information.

On the tech front, Samsung's Galaxy S24 smartphone was hacked during a $1 million zero-day spree, highlighting the ongoing threat to mobile security. Finally, despite increasing cybersecurity budgets, security leaders don't believe it's enough to combat the rising tide of cyber threats. Stay tuned for more updates and remember, in the world of cybersecurity, vigilance is key.

Data Breaches

1. UnitedHealth Data Breach: UnitedHealth confirmed a data breach that affected 100 million Americans. The data stolen includes sensitive details such as health insurance information, medical records, Social Security numbers, and financial information. The scale of the hack makes it the worst healthcare data breach in the country. Source: Dailymotion, Inc. Magazine
2. Social Security Data Breach: A Social Security data breach has affected 2.9 billion people worldwide. The impact of this breach is yet to be fully understood, and individuals are advised to be cautious. Source: dailycitizen.news
3. Council Data Breach: A council has escaped a possible six-figure fine after a data breach that put personal details of 2,000 staff and councillors in the public eye. The breach has raised concerns about the security of personal data held by public bodies. Source: Yahoo News Canada, BBC
4. Internet Archive Data Breach: Digital library Internet Archive reportedly suffered a data breach for the second time this month. The latest incident has compromised its user data, raising questions about the platform's security measures. Source: Top Class Actions
5. OnePoint Patient Care Data Breach: US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. The breach has raised concerns about the security of patient data in the healthcare sector. Source: Security Affairs

Security Research

1. Samsung Galaxy S24 Smartphone Hacked During $1 Million Zero Day Spree: During the Pwn2Own hacking event, ethical hackers and security researchers successfully hacked the Samsung Galaxy S24 smartphone. This event has a history dating back to 2007 and attracts some of the best ethical hackers and security researchers. Source: Forbes
2. New Windows Driver Signature bypass allows kernel rootkit installs: Security researcher Alon Leviev reported an update takeover issue that allows kernel rootkit installs by bypassing Windows Driver Signature. However, Microsoft dismissed the issue, stating it did not pose a significant threat. Source: Bleeping Computer
3. Apple Will Pay Security Researchers Up To $1 Million To Hack Its Private AI Cloud: Apple has announced a bug bounty program, offering up to $1 million to security researchers who can successfully hack its private AI cloud. This initiative aims to identify and fix potential vulnerabilities. Source: Slashdot
4. North Korean Hackers Spreading Malware Via Fake Interviews: Security researchers have discovered an ongoing campaign by North Korean hackers spreading malware through backdoored software packages in the NPM software library, using fake interviews as a lure. Source: BankInfoSecurity
5. Windows 11 CLFS Driver Vulnerability Allow Attackers To Escalate Privileges: PoC Exploit Released: A vulnerability in the Windows 11 CLFS driver has been discovered by security researchers, which could allow attackers to escalate privileges. A proof-of-concept exploit has been released, highlighting the potential risk. Source: Cyber Security News

Top CVEs

1. CVE-2024-48234: mipjz 5.0.5 has a Server-side request forgery (SSRF) vulnerability due to unprocessed postAddress parameter in the push method of app\tag\controller\ApiAdminTag.php, potentially allowing unauthorized server access. Source: CVE-2024-48234
2. CVE-2024-8870: The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to inappropriate escaping on the URL in versions up to 2.5.6, enabling unauthenticated attackers to inject arbitrary web scripts. Source: CVE-2024-8870
3. CVE-2024-47821: pyLoad, a free and open-source Download Manager, has a remote code execution vulnerability in versions on the 0.5 branch prior to 0.5.0b3.dev87 due to scripts run when certain actions are completed. Attackers with access to change settings on a pyload server can execute arbitrary code and compromise the system. Source: CVE-2024-47821
4. CVE-2024-48239: WTCMS 1.0 has a Cross Site Scripting vulnerability due to unprocessed app parameters in the plupload method in \AssetController.class.php. Source: CVE-2024-48239
5. CVE-2024-37847: MangoOS before 5.1.4 and Mango API before 4.5.5 have an arbitrary file upload vulnerability that allows attackers to execute arbitrary code via a crafted file. Source: CVE-2024-37847

API Security

1. Download Monitor Plugin for WordPress Unauthorized Data Modification: The Download Monitor plugin for WordPress, up to version 5.0.12, is vulnerable to unauthorized data modification due to a missing capability check. This allows authenticated attackers with Subscriber-level access to revoke existing API keys and generate new ones, potentially compromising the security of the system. Source: CVE-2024-10092
2. pyLoad Remote Code Execution: pyLoad, a free and open-source Download Manager, has a vulnerability in versions on the 0.5 branch prior to 0.5.0b3.dev87 that allows remote code execution. By downloading an executable file to a specific folder and performing a certain action, an attacker with access to change the settings on a pyload server can execute arbitrary code and compromise the system. Source: CVE-2024-47821
3. Denied Host Validation Bypass in Zitadel Actions: A flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost (127.0.0.1). By creating a DNS record that resolves to 127.0.0.1, actions can send requests to localhost despite the intended security measures, potentially leading to unauthorized access or data leakage. Source: GHSA-6CF5-W9H3-4RQV
4. Arbitrary File Upload Vulnerability in MangoOS and Mango API: MangoOS before 5.1.4 and Mango API before 4.5.5 have an arbitrary file upload vulnerability that allows attackers to execute arbitrary code via a crafted file. This could lead to a complete system compromise if exploited. Source: CVE-2024-37847

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From the massive data breach affecting UnitedHealth to the ongoing concerns around Social Security data breaches, it's evident that no sector is immune to these threats. The importance of robust cybersecurity measures cannot be overstated.

As we've seen with the council avoiding a hefty fine after a data breach, the financial implications alone can be staggering, not to mention the potential damage to reputation and customer trust. In the face of these challenges, it's encouraging to see the cybersecurity community's resilience and innovation. From security researchers hacking into Samsung Galaxy smartphones to the development of new magnetic imaging technology to protect infrastructure, the fight against cyber threats is relentless.

However, it's a battle that can't be won alone. Sharing knowledge and staying informed is crucial.

So, if you found today's newsletter helpful, why not share it with your colleagues and friends?

Let's work together to create a safer digital world. Stay vigilant, stay informed, and stay secure.