Secret CISO 10/4: Colorado Clerk's Voting Machine Breach, Change Healthcare Data Leak, MC2's Massive Data Exposure, Rising Data Breach Costs, Signal's Post-Quantum Messaging Research
Good Morning! In today's issue of Secret CISO, we delve into a series of data breaches and security incidents that have made headlines recently. Starting off in Colorado, former county clerk Tina Peters has been sentenced to nine years for a voting machine breach. Convicted on seven counts of engaging in a security breach, Peters opened Mesa County's election computers to unauthorized access. In healthcare news, Change Healthcare has been hit by a data breach, with viewers receiving letters about the incident. Meanwhile, a data leak at background check services firm MC2 has impacted over 100 million Americans, exposing information about victims' family members, relatives, neighbors, and employment history. In legal news, data breach costs are on the rise, with fines potentially being just the tip of the iceberg for enterprises as lawsuits are expected to surge in 2025. We also cover a data breach at Find Great People that has affected the personal information of 12,205 individuals, and a case where data protection authorities were not obliged to exercise corrective powers in all cases of infringement.
In tech news, we discuss the lessons Hong Kong can learn from Australia's Optus Cyber Breach, and a data breach alert from Edelson Lechtzin LLP investigating claims on behalf of affected individuals. Finally, we explore the latest research in security, including a lecture on secure messaging in the post-quantum era, findings that security operation centers increasingly distrust threat detection tools, and vulnerabilities discovered in DrayTek routers. Stay tuned for more updates and insights in the world of cybersecurity. Stay safe and secure!
Data Breaches
- Former Colorado County Clerk Sentenced for Voting Machine Breach: Tina Peters, a former county clerk in Colorado, has been sentenced to nine years in prison for a security breach involving the county's election computers. The breach was part of a scheme to manipulate voting data. Source: Reuters
- Background Check Services Firm MC2 Data Leak: MC2, a background check services firm, has suffered a data leak affecting over 100 million Americans. The leak exposed information about the victims' family members, relatives, neighbors, and employment history. Source: CPO Magazine
- Data Breach Lawsuits Expected to Surge: A report suggests that data breach costs are rising and financial exposure in litigation is "enormous". This could mean that fines are just the tip of the iceberg for enterprises, with lawsuit costs expected to surge in 2025. Source: IT Pro
- Find Great People Data Breach: A data breach at Find Great People has affected the personal information of 12,205 individuals. The breach could potentially lead to fraud or identity theft. Source: JD Supra
- Hackers Access Contact Details of Most Dutch Police Officers in Data Breach: Hackers have accessed the contact details of most Dutch police officers in a data breach. The Minister of Justice and Security, David Van Weel, informed the House of Representatives of the issue. Source: European Conservative
Security Research
- Signal Messenger Engineer to Give Lecture on Secure Messaging in Post-Quantum Era: A Signal engineer will discuss the future of secure messaging in the post-quantum era, highlighting the importance of ongoing security research in the field. Source: news.uark.edu
- Research Finds SOC's Increasingly Distrust Threat Detection Tools: A study by AI extended detection and response company Vectra has revealed a growing distrust in threat detection tools among security operation centers, indicating a need for improved reliability and effectiveness. Source: australiancybersecuritymagazine.com.au
- Thousands of DrayTek Routers at Risk From 14 Vulnerabilities: Researchers at Forescout's Vedere Labs discovered 14 vulnerabilities in DrayTek routers, highlighting the need for increased security measures in commonly used devices. Source: darkreading.com
- Research shows workplace AI use outpaces security measures: A report by Ivanti reveals a concerning disconnect as 81% of employees using Gen AI lack training, raising security concerns. Only 13% of security professionals feel their organizations are fully prepared for the security implications. Source: channellife.co.nz
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking: Aqua security researchers have identified a new malware, Perfctl, that targets Linux servers for cryptocurrency mining and proxyjacking, demonstrating the evolving threats in the digital landscape. Source: thehackernews.com
Top CVEs
- CVE-2024-44207: This vulnerability was addressed with improved checks in iOS 18.0.1 and iPadOS 18.0.1. It was found that audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated. Source: CVE-2024-44207
- CVE-2024-5803: The AVGUI.exe of AVG/Avast Antivirus before versions 24.1 can allow a local attacker to escalate privileges via a COM hijack in a time-of-check to time-of-use (TOCTOU) when self-protection is not properly implemented. Source: CVE-2024-5803
- CVE-2024-44204: A logic issue was addressed with improved validation in iOS 18.0.1 and iPadOS 18.0.1. It was found that a user's saved passwords may be read aloud by the system. Source: CVE-2024-44204
- CVE-2024-43699: Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted database. Source: CVE-2024-43699
- CVE-2024-45367: The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without proper credentials. Source: CVE-2024-45367
API Security
- CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure: A vulnerability in Netadmin Software NetAdmin IAM up to 3.5 allows remote attackers to expose information through discrepancy by manipulating the 'username' argument in the HTTP POST Request Handler. The complexity of the attack is high and the exploitation is known to be difficult. Source: CVE-2024-9513
- CVE-2024-47657 Improper Access Control Vulnerability: Shilpi Net Back Office has a vulnerability due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter dfclientid through API request URLs, leading to unauthorized access to sensitive information. Source: CVE-2024-47657
- CVE-2024-47656 User Enumeration vulnerability: Shilpi Client Dashboard has a vulnerability due to missing restrictions for incorrect login attempts on its API-based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on the password, leading to unauthorized access. Source: CVE-2024-47656
- CVE-2024-47654 No Rate Limiting vulnerability: Shilpi Client Dashboard has a vulnerability due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP requests through vulnerable API endpoints, leading to OTP bombing on the targeted user. Source: CVE-2024-47654
- CVE-2024-47653 Missing Authorization Vulnerability: Shilpi Client Dashboard has a vulnerability due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body, leading to unauthorized modification of requests. Source: CVE-2024-47653
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. From the conviction of a former Colorado county clerk for a voting machine breach to the massive data leak impacting over 100 million Americans, it's clear that the need for robust cybersecurity measures is more critical than ever. Remember, staying informed is the first step in protecting yourself and your organization from potential threats.
So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of the cybercriminals. Stay safe, stay informed, and see you in the next edition of Secret CISO.