Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have shaken up the financial and healthcare sectors. MoneyGram, the financial services firm, has disclosed a breach of customer data from a late-September cyber attack. In a shocking turn of events, a hacker claims that a senior executive at Star Health Insurance sold the data of 31 million customers.

Meanwhile, the New York Data Breach Requirements are setting the tone for national reporting, and Muskogee City County Enhanced 911 Trust Authority in Oklahoma has suffered a major data breach involving protected health information. In other news, a hacker has built a website to leak insurer Star Health's data, and CreditRiskMonitor has disclosed a data breach impacting employee information. ADT, the home and small business security provider, has disclosed its second cyber attack in as many months, and former Uber Security Chief is appealing his conviction in a 'Bug-Bounty' case related to a 2016 data breach. In the world of cybersecurity solutions, Kiteworks has unveiled a tool to assess and prioritize data breaches, and Cloudflare has acquired Kivera to add simple, preventive cloud security to Cloudflare One.

Finally, we'll look at some recent security research, including Pillar Security's report on attacks on GenAI, and new findings that suggest security awareness training is not alleviating breach risk. Stay tuned for more details on these stories and more in today's issue of Secret CISO. Stay safe and informed!

Data Breaches

1. MoneyGram Customer Data Breached in Attack: MoneyGram, a financial services firm, has disclosed a data breach resulting from a cyber attack in late September. The breach has exposed customer data, the extent of which is still under investigation. Source: Computer Weekly
2. Data Breach at Star Health Insurance: A hacker, known as xenZen, claims that a senior executive at Star Health Insurance sold data of 31 million customers and later attempted to cover up the breach. The company is yet to confirm or deny these allegations. Source: Economic Times
3. Muskogee City County Enhanced 911 Trust Authority & PRC-Saltillo Data Breaches: The Muskogee City County Enhanced 911 Trust Authority (MCC911) in Oklahoma has suffered a significant data breach involving protected health information. The breach was also reported at PRC-Saltillo, a company that provides communication devices and apps. Source: HIPAA Journal
4. CreditRiskMonitor Data Breach Impacts Employee Information: CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, has disclosed a data breach impacting employee information. The extent of the breach and the number of affected individuals are currently unknown. Source: Security Week
5. Chinese Hackers Breach US Wiretapping Data: A cybersecurity breach has exposed vulnerabilities in U.S. broadband infrastructure, with Chinese hackers gaining access to sensitive telecom networks. The breach has raised concerns about the security of wiretapping data and the potential misuse of this information. Source: eSecurity Planet

Security Research

1. Pillar Security's State of Attacks on GenAI: Pillar Security's research reveals that 90% of successful attacks on GenAI resulted in leaked sensitive data. The study is based on the analysis of over 2,000 AI applications, emphasizing the need for robust AI cybersecurity. Source: GlobeNewswire
2. GoldenJackal, LiteSpped Cache bug, Ukraine's milCERT: ESET researchers have detailed a cyberespionage group known as GoldenJackal. The group is known for its sophisticated attacks on embassies and air-gapped systems. Additionally, security researcher TaiYou discovered three flaws in LiteSpped Cache. Source: CISO Series
3. Chrome 129 Warning As Google Drops Yet Another Security Update: Google has released another security update for Chrome 129 after a researcher discovered two vulnerabilities, earning the researcher a $55,000 bounty. The update is crucial for the security of Chrome users. Source: Forbes
4. Security Awareness Training is not Alleviating Breach Risk, New Survey Finds: A new research by CultureAI reveals that despite companies investing heavily in security awareness training, it is not reducing the risk of breaches. This highlights the need for a more effective approach to human risk management. Source: GlobeNewswire
5. New MisterioLNK Loader Largely Undetected by Security Tools: Cyble: Cyble researchers have discovered a new loader builder and obfuscation tool, known as MisterioLNK, that has largely gone undetected by security tools. This discovery underscores the need for more advanced detection methods. Source: The Cyber Express

Top CVEs

1. CVE-2023-45361 - MediaWiki Vector Skin Component Issue: A flaw was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. The vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web behavior. Source: CVE-2023-45361
2. CVE-2023-45359 - MediaWiki Vector Skin Component Issue: Another issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. The vector-toc-toggle-button-label is not escaped, but should be, because the line param can have unexpected values. Source: CVE-2023-45359
3. CVE-2024-45230 - Django Template Filters Issue: An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence. Source: CVE-2024-45230
4. CVE-2024-43603 - Visual Studio Collector Service Denial of Service: A vulnerability in the Visual Studio Collector Service can lead to a denial of service attack. Further details are not provided. Source: CVE-2024-43603
5. CVE-2024-43585 - Code Integrity Guard Security Feature Bypass: A security feature bypass vulnerability exists in the Code Integrity Guard. Further details are not provided. Source: CVE-2024-43585

API Security

1. Directus Access Tokens Exposure (CVE-2024-47822): Directus, a real-time API and App dashboard for managing SQL database content, has a vulnerability where access tokens from query strings are not redacted and could potentially be exposed in system logs. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This vulnerability has been patched in release version 10.13.2 and subsequent releases. Source: vulners.com
2. Expression Language Injection in Apache Log4J: A Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228) has been developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP. The PoC features a React SPA frontend that simulates a generic e-commerce website and a Spring Boot REST API backend that uses a vulnerable version of Log4j 2.14. Source: vulners.com
3. Password Exposure in JetBrains TeamCity (CVE-2024-47161): In JetBrains TeamCity before 2024.07.3, a password could be exposed via Sonar runner REST. This vulnerability could potentially allow an attacker to gain unauthorized access to sensitive information. Users are advised to update to the latest version to mitigate this vulnerability. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from MoneyGram's data breach to the latest cybersecurity tools. Remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense.

If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, stay vigilant and keep your data secure.