Good morning, Secret CISO readers! Today's newsletter is packed with crucial updates on the cybersecurity landscape. Healthcare compliance teams are stretched thin due to complex regulations and new risks, with ransomware attacks and data breaches being their biggest concerns. We'll delve into the best cybersecurity practices for patient data sharing in healthcare, a critical topic given the increasing threat landscape. We also bring you the latest threat intelligence report from Check Point Research, highlighting a ransomware attack that threatens to leak 3TB of stolen data.

In regulatory news, the CISA and FBI have released a secure by design alert on cross-site scripting, a timely reminder of the importance of application security in our increasingly digital world. The Information Commissioner has urged organizations to do more to help people affected by data breaches, emphasizing the real-world impact of these incidents. We also cover the evolving nature of cyber threats and how your risk management strategy needs to adapt. In international news, Hungarian MOL's foundation has filed a police report on a data breach, while in the US, Cash App data breach victims have just a few weeks to claim up to $2,575.

Finally, we discuss a major blunder that shows why you can't trust ChatGPT with home security questions, and we explore the current top trends in data analytics. Stay tuned for these stories and more in today's edition of Secret CISO. Stay safe and informed!

Data Breaches

1. Healthcare Compliance Teams Stretched Thin Due to Complex Regulations and New Risks: Healthcare compliance teams are struggling to manage the threat of ransomware attacks and patient data breaches due to complex regulations and new risks. The internal cybersecurity and data management are also a concern. Source: HIPAA Journal
2. 28th October – Threat Intelligence Report - Check Point Research: A new threat intelligence report reveals a significant data breach, with attackers threatening to leak 3TB of stolen data unless a ransom is paid. Check Point Harmony Endpoint and Threat Emulation provide protection against such threats. Source: Check Point Research
3. CISA and FBI release secure by design alert on cross-site scripting: The CISA and FBI have released a secure by design alert on cross-site scripting, following a significant data breach in 2024. The breach was orchestrated by a hacker and highlights the importance of application security. Source: Security Intelligence
4. Hungarian MOL's foundation files police report on data breach - Daily News Hungary: The MOL - New Europe Foundation has reported a data breach to the police. The foundation has not provided further details about the breach. Source: Daily News Hungary
5. Cash App data breach victims have just a few weeks to claim up to $2,575 - 9to5Mac: Victims of the Cash App data breach have a limited time to submit their claims for compensation. The breach affected the app, which is owned by Block, formerly known as Square. Source: 9to5Mac

Security Research

1. Academics' time increasingly taken up with research security: A recent survey has found that research institutes are unprepared for the growing focus on national security amid geopolitical shifts, leading to academics spending more time on research security. Source: Times Higher Education
2. ANALYSIS | From Koeberg to Chernobyl: The challenge of nuclear safety in SA and Ukraine: Energy security expert Olena Lapenko and research fellow Dzvinka Kachur discuss the challenges of nuclear safety in South Africa and Ukraine, drawing parallels between the Koeberg and Chernobyl nuclear plants. Source: News24
3. Change Healthcare history, Telcom hacks, Delta sues CrowdStrike - CISO Series: Security researchers at Aqua have discovered a cryptojacking threat actor, TeamTNT, targeting Docker Hub to deploy a crypto mining worm. Source: CISO Series
4. Lazarus APT exploited zero-day vulnerability in Chrome to steal cryptocurrency: Security experts at Kaspersky's GReAT have discovered that the Lazarus APT exploited a zero-day vulnerability in Chrome to steal cryptocurrency. Source: CXO Today
5. Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel: A new attack technique has been discovered that bypasses Microsoft's security, enabling OS downgrade attacks on Windows. Source: The Hacker News

Top CVEs

1. CVE-2024-10429: A critical vulnerability has been found in WAVLINK WN530H4, WN530HG4, and WN572HG3 up to 20221028. The function set_ipv6 of the file internet.cgi is affected, leading to command injection. The exploit has been publicly disclosed. Source: CVE-2024-10429
2. CVE-2024-50623: Cleo Harmony, VLTrader, and LexiCom before 5.8.0.20 are vulnerable to JavaScript Injection. The details of the vulnerability are currently undisclosed. Source: CVE-2024-50623
3. CVE-2024-10434: A critical vulnerability was found in Tenda AC1206 up to 20241027. The function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate is affected, leading to a stack-based buffer overflow. The exploit has been publicly disclosed. Source: CVE-2024-10434
4. CVE-2024-10435: A critical vulnerability was found in didi Super-Jacoco 1.0. The file /cov/triggerEnvCov is affected, leading to command injection. The exploit has been publicly disclosed. Source: CVE-2024-10435
5. CVE-2024-50624: KDE Kmail before 6.2.0 is vulnerable to man-in-the-middle attacks due to the use of cleartext HTTP for retrieving the configuration. Source: CVE-2024-50624

API Security

1. CVE-2024-50575 - JetBrains YouTrack XSS Vulnerability: JetBrains YouTrack, prior to version 2024.3.47707, was found to be susceptible to reflected XSS attacks in its Widget feature. Users are advised to update to the latest version to mitigate this security risk. Source: CVE-2024-50575
2. pyLoad Remote Code Execution Vulnerability: The pyLoad download manager has been found to be vulnerable to remote code execution attacks. This can be achieved by downloading an executable file to a specific folder using the /flashgot API and performing certain actions. Users are advised to update their pyLoad software to the latest version. Source: pyLoad Vulnerability
3. CVE-2024-50486 - Acnoo Flutter API Authentication Bypass: Acnoo's Flutter API has been found to contain a vulnerability that allows for authentication bypass. The issue affects all versions of Acnoo Flutter API up to the latest release. Users are advised to update to the latest version to mitigate this security risk. Source: CVE-2024-50486
4. CVE-2024-50487 - MaanTheme MaanStore API Authentication Bypass: MaanTheme's MaanStore API has been found to contain a vulnerability that allows for authentication bypass. The issue affects all versions of MaanStore API up to the latest release. Users are advised to update to the latest version to mitigate this security risk. Source: CVE-2024-50487

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the challenges facing healthcare compliance teams to the best cybersecurity practices for patient data sharing. We've also touched on the latest threat intelligence reports, the importance of secure design, and the real-world impact of data breaches.

Remember, staying informed is the first step in protecting your organization from cyber threats.

Share this newsletter with your colleagues and friends, and help them stay in the loop too.

Tomorrow, we'll dive into more cybersecurity news, insights, and trends. Until then, stay safe and secure! P.S. If you have any feedback or topics you'd like us to cover, feel free to let us know. We're all about providing you with valuable and relevant information.