Secret CISO 10/31: UnitedHealth and IBM hit by massive data breaches continues, Star Health and Meta Ireland under scrutiny, Water Infrastructure security research
Good morning, Secret CISO readers!
Today's newsletter is packed with the latest cybersecurity news. We're starting with a massive health data breach that affected a third of Americans, with hackers stealing approximately 6TB of data from UnitedHealth (update).
In other news, the notorious Threat Actor '888' has claimed to have breached IBM systems, revealing thousands of employees' data. The saga of data breaches continues with the case of Telegram vs. Star Health, where sensitive customer data was revealed. Meanwhile, the Irish Data Protection Commission has slapped a hefty €91 million fine on 'Meta Ireland' for failing to implement appropriate security measures. In education, Saint Kentigern College in Auckland has warned parents of a potential data breach following a cyber attack.
On the other hand, the ICO is urging local governments to improve data protection and reminding them that a breach is not just an administrative issue. In infrastructure, we look at ways to strengthen water infrastructure security amidst a cascade of cyberattacks. We also cover the case of WPP Scangroup, which has been ordered to pay damages over a data breach.
Finally, we touch on the latest research in cybersecurity, including the detection of OT Cybersecurity Threats using the Known-Unknown Matrix and the challenge Apple has thrown to hackers to break into the company's servers. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe!
Data Breaches
- Health data breach affects a third of Americans: Hackers stole approximately 6TB of data from UnitedHealth earlier this year. The breach, which has been under investigation for several months, is said to have affected a third of Americans. Source: Panda Security
- IBM Hacked? Threat Actor '888' Reveals Thousands of Employees' Data Leak: A notorious threat actor, known as 888, has reportedly breached IBM systems and stolen personal data belonging to thousands of employees. Source: RedHotCyber
- Telegram vs. Star Health: Is the insurance data breach case misdirected?: The data breach saga involving Star Health began in September 2023 when cybersecurity expert Jason Parker revealed that sensitive customer data, including mobile numbers, had been compromised. Source: ET Edge Insights
- Irish Data Protection Commission slaps €91 million fine on 'Meta Ireland': The Irish Data Protection Commission has fined Meta Ireland €91 million for failing to implement appropriate security measures for processing personal data. Source: Lexology
- Saint Kentigern College cyber attack: Auckland private school warns of phishing emails, data breach: Parents of students and alumni of Saint Kentigern College, a top Auckland private school, are being warned that their data may have been breached following a cyber attack. Source: NZ Herald
Security Research
- Lottie Player compromised in supply chain attack: A supply chain attack has compromised Lottie Player, a popular open-source animation library. The attack was discovered by Sonatype, a software automation and security company. The attackers injected malicious code into the library, potentially affecting numerous websites and applications that use it. Source: Sonatype
- Detecting OT Cybersecurity Threats Using the Known-Unknown Matrix: Industrial Cyber has published an article by network security expert Sandeep Lota on using the Known-Unknown Matrix to detect cybersecurity threats in operational technology (OT). The matrix helps identify known and unknown threats, aiding in the development of robust security strategies. Source: Industrial Cyber
- TeamTNT compromises Docker daemons to deploy cryptominers: A new attack campaign by hacking group TeamTNT has been detailed by researchers. The group compromises Docker daemons to deploy cryptominers, exploiting the increased use of Docker for cloud services. Source: Mondaq
- Windows Themes 0-day opens door to NTLM credential theft: A zero-day vulnerability in Windows Themes has been discovered by Akamai researcher Tomer Peled. The vulnerability could allow attackers to steal NTLM credentials, providing unauthorized access to systems. Source: The Register
- Apple challenges hackers to break into its servers: Apple has launched a "security research challenge" coinciding with the rollout of its new AI-powered Apple Intelligence offering. The challenge invites hackers to attempt to breach the company's servers, with successful attempts likely to be rewarded. Source: Fortune
Top CVEs
- Command Injection in CyberPanel: CyberPanel versions prior to 2.3.5 were found to have a command injection vulnerability. This could allow an attacker to execute arbitrary commands via the completePath in the ProcessUtilities.outputExecutioner() sink, leading to unauthenticated remote code execution. Users are advised to update to the latest version. Source: CVE-2024-10086
- Open-Redirect vulnerability in PingAM: PingAM had a vulnerability where well-crafted requests could cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control. The issue has been addressed in the latest updates. Source: CVE-2024-10005
- Out of bounds write in Dawn in Google Chrome: A remote attacker could perform out of bounds memory access via a crafted HTML page in Google Chrome versions prior to 130.0.6723.92. This vulnerability has been fixed in the latest version. Source: CVE-2024-51427
- Organization admins can delete pending invites: Admins were found to be able to delete pending invites created in an organization they are not part of, potentially leading to unauthorized access. The issue has been addressed in the latest updates. Source: CVE-2024-48346
- Vagrant VMWare Utility Windows installer vulnerability: A vulnerability was found in the Vagrant VMWare Utility Windows installer that could allow an attacker to execute arbitrary code. Users are advised to update to the latest version. Source: CVE-2024-43382
API Security
- Out of bounds write in Dawn in Google Chrome: A remote attacker could exploit an out of bounds memory access vulnerability in Google Chrome versions prior to 130.0.6723.92 via a crafted HTML page. Users are advised to update to the latest version to mitigate this risk. Source: CVE-2024-48346
- Organization admins can delete pending invites: Admins were found to be able to delete pending invites created in an organization they are not part of, potentially leading to unauthorized access. The issue has been addressed in the latest updates. Source: CVE-2024-48346
- Command Injection in CyberPanel: CyberPanel versions before 2.3.5 were found to have a Command Injection vulnerability via completePath in the ProcessUtilities.outputExecutioner() sink, leading to unauthenticated remote code execution. This vulnerability has been patched in the latest version. Source: CVE-2024-48346
- Open-Redirect vulnerability in PingAM: Improper validation of redirect URLs in PingAM could allow an attacker to redirect end-users to malicious sites under their control. The issue has been addressed in the latest updates. Source: CVE-2024-48346
- Server-Side Request Forgery (SSRF) vulnerability in xtreme1 <= v0.9.1: The /api/data/upload path in xtreme1 <= v0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability, triggered through the fileUrl parameter. This allows an attacker to make arbitrary requests to internal or external sources. Source: CVE-2024-48346
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. As we've seen, the digital landscape is a battlefield, with data breaches and security threats lurking around every corner. From health data breaches affecting a third of Americans to the notorious Threat Actor '888' breaching IBM systems, it's clear that no sector is immune.
Remember, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, don't keep it to yourself.
Share it with your friends, colleagues, and anyone else who could benefit from a daily dose of cybersecurity insights. Until tomorrow, keep your data safe and your systems secure.