Secret CISO 10/30: Landmark Admin and UnitedHealth Data Breaches Impact Millions, ExtraHop Report Reveals High Costs, UK and Italian Citizens at Risk, Research Highlights Escalating Security Debt
Welcome to today's issue of Secret CISO, your daily digest of the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have exposed millions of users' personal information.
First up, we have the Landmark Admin data breach, which has left 800,000 users exposed. The breach was discovered in May, and despite securing their systems with the help of an external security firm, the attackers managed to regain access.
In another massive data breach, 800,000 insurance customers' personal information was exposed. The breach was a result of a cyberattack on the insurance administrative services company, Landmark Admin.
UnitedHealth Group has confirmed that the February 2024 Change Healthcare data breach leaked the sensitive personal information of 100 million Americans. In the UK, Information Commissioner John Edwards has called on firms to beef up their data breach support, as nearly 30 million people in the UK have experienced a data breach.
In other news, a report by ExtraHop reveals that data breach costs exceed industry estimates, highlighting the financial impacts high-profile data breaches have on publicly traded companies. We also have updates on investigations into data breaches at the Center for Urban Community Services, ATSG Inc., and CUSO Financial Services, affecting thousands of individuals.
On the cybersecurity front, we look at the importance of maintaining cybersecurity by promoting cyber resiliency, as proper security measures and resiliency proficiency impact how well governments can continue operations with little to no downtime or disruption. Lastly, we bring you the latest research in cybersecurity, highlighting the escalating security debt in the financial sector, the riskiest connected medical devices, and the need for greater cybersecurity team involvement in AI solutions. Stay tuned for more updates and remember, knowledge is the first line of defense.
Data Breaches
- 800000 users exposed in Landmark Admin data breach: A data breach at Landmark Admin, an insurance administrative services company, has exposed the personal information of 800,000 users. The breach was discovered in May and the company's systems were secured with the help of an external security firm. Source: ITPro, CyberGuy
- UnitedHealth Confirms Change Healthcare Data Breach Impacted 100 Million Americans: UnitedHealth Group has confirmed that the February 2024 Change Healthcare data breach leaked the sensitive personal information of 100 million Americans. Source: CPO Magazine
- The Center for Urban Community Services Notifies 38000 People of Recent Data Breach: The Center for Urban Community Services has filed a notice of data breach with the U.S. Department of Health and Human Services, notifying 38,000 people of a recent data breach. Source: JD Supra
- Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800000 Citizens: Italian politicians have expressed alarm at a data breach allegedly affecting 800,000 citizens. Prosecutors say the data was compromised in breaches dating from 2022 by a private investigative agency. Source: Security Week
- Data compromise confirmed by French telco Free: French telecommunications company Free has confirmed a data compromise. Further details about the breach have not been released. Source: SC Media
Security Research
- WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders: Qualys Threat Research Unit has revealed the potential of WhiteRabbitNeo, an AI-based pentesting tool, to be a game-changer in cybersecurity. The tool could be used by both attackers and defenders, marking a significant progression in AI's role in cybersecurity. Source: Security Week
- UAH Researcher Awarded $300,000 NSF Grant To Bolster Security In Intelligent Cyber Physical Systems: Dr. Avimanyu Sahoo from The University of Alabama in Huntsville has been awarded a $300,000 NSF grant to enhance security in intelligent cyber-physical systems. This research could lead to significant advancements in the field of cybersecurity. Source: Huntsville Business Journal
- Forescout Vedere Labs unveils riskiest connected medical devices: Forescout research has identified the top three riskiest devices in healthcare organizations. The findings highlight the critical need for robust cybersecurity measures in the healthcare sector. Source: Security Info Watch
- Veracode research highlights financial sector's escalating security debt: Veracode's State of Software Security Report has found that half of financial organizations have high-severity security flaws in their apps. This research underscores the urgent need for improved cybersecurity in the financial sector. Source: Security Info Watch
- BeaverTail Malware Spreads via Malicious npm Packages: Security researchers have found that BeaverTail malware is spreading through malicious npm packages. This tactic is becoming increasingly common among threat actors in the ecosystem. Source: MSSP Alert
Top CVEs
- Out of bounds write in Dawn in Google Chrome: A remote attacker could perform out of bounds memory access via a crafted HTML page in Google Chrome prior to 130.0.6723.92. This vulnerability has been fixed in the latest version. Source: CVE-2024-10487
- Organization admins can delete pending invites: Admins could delete pending invites created in an organization they are not part of, potentially leading to unauthorized access. The issue has been addressed in the latest updates. Source: CVE-2024-10452
- Command Injection in CyberPanel: CyberPanel before 2.3.5 allowed Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink, leading to unauthenticated remote code execution. This vulnerability has been patched in the latest version. Source: CVE-2024-51568
- Open-Redirect vulnerability in PingAM: Well-crafted requests may cause improper validation of redirect URLs in PingAM, allowing an attacker to redirect end-users to malicious sites under their control. The issue has been addressed in the latest updates. Source: CVE-2024-25566
- Vagrant VMWare Utility Windows installer vulnerability: The installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility. Source: CVE-2024-10228
API Security
- Semicolon Path Injection in Scoold: A vulnerability was found in Scoold's /api;/config endpoint, allowing attackers to bypass authentication and gain unauthorized access to sensitive configuration data. Attackers can also read files via HOCON file inclusion, retrieving sensitive information such as configuration files from the server. The vulnerability has been fixed in Scoold 1.64.0. Source: CVE-2024-50334.
- Improper Storage of Sensitive Information in mintplex-labs/anything-llm: The latest version of mintplex-labs/anything-llm improperly stores sensitive information, specifically passwords, within a JWT used as a bearer token in single user mode. An attacker who gains access to the JWT can decode it and retrieve the password. Source: CVE-2024-7783.
- Email Injection in lunary-ai/lunary: An email injection vulnerability was found in the Send email verification API and Sign up API of lunary-ai/lunary v1.2.26. An unauthenticated attacker can inject data into outgoing emails, which can be exploited to conduct phishing attacks and cause financial impact. Source: CVE-2024-7472.
- CORS Misconfiguration in parisneo/lollms-webui: A CORS misconfiguration in parisneo/lollms-webui allows attackers to steal sensitive information and perform actions on behalf of a user. This vulnerability impacts the confidentiality and integrity of the system. Source: CVE-2024-6674.
- Denial of Service in Firefox & Thunderbird: Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This vulnerability affects Firefox & Thunderbird and was addressed by introducing rate-limiting to this API. Source: CVE-2024-10464.
Sponsored by Wallarm API Security Solution
Final Words
As we wrap up today's edition of Secret CISO, we are reminded of the ever-evolving landscape of cybersecurity. From the massive data breach at Landmark Admin affecting 800,000 users, to the alarming report by ExtraHop revealing that data breach costs exceed industry estimates, it's clear that the need for robust security measures is more critical than ever.
We've also seen how the Information Commissioner John Edwards is calling on firms to beef up their data protection efforts, following the revelation that nearly 30 million people in the UK have experienced a data breach.
Meanwhile, the UnitedHealth data breach has impacted a staggering 100 million Americans, highlighting the scale of these security threats. In the face of these challenges, it's crucial to stay informed and vigilant. That's why we bring you the latest news and insights in cybersecurity, every day.
If you found today's newsletter helpful, please consider sharing it with your friends and colleagues.
Together, we can build a safer digital world. Stay safe and see you tomorrow for more updates from the world of cybersecurity.