Secret CISO 10/3: Police Service Northen Irelands's £750k Data Breach Fine, Red Barrels' Major Data Leak, Colorado's Voting Data Scheme, Baptist Health Medical Center's Data Breach, Research on Cybersecurity and Biometrics
Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have hit organizations across the globe. First up, the Police Service of Northern Ireland (PSNI) has been fined £750,000 for a data breach last August that exposed information about almost 9500 officers and civilian staff. Despite appeals to lower the amount due to perilous finances, the PSNI must pay the fine for the data leak.
Meanwhile, Red Barrels, the developers behind Outlast and Outlast 2, have been hit with a major data breach that impacts development and more. The extent of the breach is still under investigation. In the US, former Colorado county clerk Tina Peters is set to be sentenced for a security breach amid unfounded conspiracies that widespread fraud denied President Donald. She was the first election official to be charged with a security breach. In healthcare, a data breach at Baptist Health Medical Center-Drew County has led to unauthorized access to addresses, dates of birth, diagnoses, and more. The hospital has released a statement following the breach. In tech news, a Harvard student has used facial recognition with $379 Meta Ray-Ban 2 smart glasses to extract personal info in real time, raising serious data breach concerns.
Finally, we have a series of expert tips for building a stronger cyber defense, as well as updates on the latest research in cybersecurity. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.
Data Breaches
- PSNI Fined for Data Breach: The Police Service of Northern Ireland (PSNI) has been fined £750,000 by Britain's Information Commissioner's Office (ICO) for a data breach that exposed information about almost 9,500 officers and civilian staff. The breach occurred last August and could have been prevented with simple-to-implement procedures. Source: Belfast Telegraph
- Red Barrels Suffers Major Data Breach: Red Barrels, the developers behind Outlast and Outlast 2, have experienced a significant data breach impacting development and more. The extent of the breach and the specific data compromised have not been disclosed. Source: Insider Gaming
- Former Colorado County Clerk Charged for Security Breach: Tina Peters, a former county clerk in Colorado, is facing sentencing for a security breach related to a voting data scheme. Peters is the first election official to be charged with a security breach amid unfounded conspiracies of widespread fraud. Source: Star Tribune
- Baptist Health Medical Center-Drew County Data Breach: A data breach at Baptist Health Medical Center-Drew County has led to unauthorized access to patient data, including addresses, dates of birth, and diagnoses. The hospital has not disclosed the number of patients affected. Source: Deltaplex News
- New Zealand Hearing Clinic Bloom Warns of Massive Data Theft: Bloom, a hearing clinic in New Zealand, has warned of a massive data theft following a ransomware attack. The extent of the stolen data could be "astounding," and Bloom might have breached the law around retaining personal data. Source: NZ Herald
Security Research
- Small Steps, Big Impact: Expert Tips for Building a Stronger Cyber Defense: This article emphasizes the importance of individual actions in enhancing cybersecurity. It encourages everyone to take one new step towards protecting their privacy and improving their security. Source: Information Security Buzz
- Contactless hand biometrics trail 3D fingerprints in development for forensics use: Researchers from the Biometrics and Security Research Group at Hochschule Darmstadt and the Technical University of Denmark are developing a contactless hand biometric system. This new technology could revolutionize forensics by providing 3D fingerprints. Source: Biometric Update
- NTT DATA's Research Accepted at SecTor 2024, International Conference on Cyber Security: A research paper by NTT DATA, in collaboration with Yamato Security, has been accepted at the SecTor 2024 conference. The paper's acceptance signifies its contribution to the cybersecurity community. Source: NTT DATA
- NSF Awards Funding for Center for Infrastructure Security in the Era of AI: The National Science Foundation has awarded $20,000 to the University of Arkansas to join the Research Center for Infrastructure Security in the Era of AI. This partnership will help advance research in AI and infrastructure security. Source: UARK News
- UniSA Researchers Collaborate on New Lunar Distress System: The University of South Australia is leading a project to develop an emergency system for safety alerts on the moon. This research could significantly enhance safety measures for future lunar missions. Source: SPACE & DEFENSE
Top CVEs
- Incorrect Permission Assignment in OpenText™ Vertica (CVE-2024-6360): A vulnerability in OpenText™ Vertica could allow unauthorized access or privileges to Vertica agent apikey due to incorrect permission assignment for critical resources. This issue affects versions from 10.0 through 24.0. Source: CVE-2024-6360.
- Unauthenticated Users Can Execute in Zimbra Collaboration (CVE-2024-45519): The postjournal service in Zimbra Collaboration sometimes allows unauthenticated users to execute before certain patches. This affects versions 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1. Source: CVE-2024-45519.
- Logic Issue in iTunes for Windows (CVE-2024-44193): A logic issue was addressed with improved restrictions in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. Source: CVE-2024-44193.
- Improper Access to Pomerium Databroker API (CVE-2024-47616): Incomplete validation of JWT in Pomerium's databroker service could allow improper access to the databroker API, potentially leading to user info exfiltration, session spoofing, or tampering with Pomerium routes and policies. Source: CVE-2024-47616.
- Use-After-Free Vulnerability in Foxit Reader (CVE-2024-28888): A use-after-free vulnerability in Foxit Reader 2024.1.0.23997 can lead to memory corruption and result in arbitrary code execution when a user opens a malicious PDF document or visits a malicious site if the browser plugin extension is enabled. Source: CVE-2024-28888.
API Security
- Pomerium Databroker Service API Vulnerability (CVE-2024-47616): Pomerium, an identity and context-aware access proxy, has a vulnerability in its databroker service API. Incomplete validation of JWTs could allow some service account access tokens to be incorrectly treated as valid for databroker API authorization, leading to potential data exfiltration, user session spoofing, or tampering with Pomerium settings. This issue affects only certain Pomerium Zero and Pomerium Enterprise deployments. Source: CVE-2024-47616
- Jenkins Credentials Plugin Vulnerability (CVE-2024-47805): Jenkins Credentials Plugin does not redact encrypted values of credentials using the SecretBytes type when accessed via REST API or CLI. This allows attackers with Item/Extended Read permission to view encrypted SecretBytes values in credentials. Source: CVE-2024-47805
- Cisco NDFC REST API Vulnerability (CVE-2024-20477): A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability is due to missing authorization controls on the affected REST API endpoint. Source: CVE-2024-20477
- Cisco Nexus Dashboard REST API Vulnerability (CVE-2024-20442): A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. Source: CVE-2024-20442
- Cisco Nexus Dashboard Fabric Controller Vulnerability (CVE-2024-20444): A vulnerability in Cisco Nexus Dashboard Fabric Controller could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of command arguments. Source: CVE-2024-20444
Sponsored by Wallarm API Security Solution
Final Words
That's a wrap for today's edition of Secret CISO. As we've seen, data breaches continue to be a significant concern for organizations worldwide. From the PSNI's hefty fine to the major breach at Red Barrels, it's clear that no entity is immune.
Remember, security isn't just about having the right tools in place; it's also about fostering a culture of vigilance and awareness. Share this newsletter with your colleagues to keep them in the loop. Stay safe, stay informed, and see you in the next issue of Secret CISO.