Secret CISO 10/9: MoneyGram and Star Health Data Breaches, New York Sets National Reporting Tone, Chinese Hackers Expose US Vulnerabilities

Secret CISO 10/9: MoneyGram and Star Health Data Breaches, New York Sets National Reporting Tone, Chinese Hackers Expose US Vulnerabilities

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have shaken up the financial and healthcare sectors. MoneyGram, the financial services firm, has disclosed a breach of customer data from a late-September cyber attack. In a shocking turn of events, a hacker claims that a senior executive at Star Health Insurance sold the data of 31 million customers.

Meanwhile, the New York Data Breach Requirements are setting the tone for national reporting, and Muskogee City County Enhanced 911 Trust Authority in Oklahoma has suffered a major data breach involving protected health information. In other news, a hacker has built a website to leak insurer Star Health's data, and CreditRiskMonitor has disclosed a data breach impacting employee information. ADT, the home and small business security provider, has disclosed its second cyber attack in as many months, and former Uber Security Chief is appealing his conviction in a 'Bug-Bounty' case related to a 2016 data breach. In the world of cybersecurity solutions, Kiteworks has unveiled a tool to assess and prioritize data breaches, and Cloudflare has acquired Kivera to add simple, preventive cloud security to Cloudflare One.

Finally, we'll look at some recent security research, including Pillar Security's report on attacks on GenAI, and new findings that suggest security awareness training is not alleviating breach risk. Stay tuned for more details on these stories and more in today's issue of Secret CISO. Stay safe and informed!

Data Breaches

  1. MoneyGram Customer Data Breached in Attack: MoneyGram, a financial services firm, has disclosed a data breach resulting from a cyber attack in late September. The breach has exposed customer data, the extent of which is still under investigation. Source: Computer Weekly
  2. Data Breach at Star Health Insurance: A hacker, known as xenZen, claims that a senior executive at Star Health Insurance sold data of 31 million customers and later attempted to cover up the breach. The company is yet to confirm or deny these allegations. Source: Economic Times
  3. Muskogee City County Enhanced 911 Trust Authority & PRC-Saltillo Data Breaches: The Muskogee City County Enhanced 911 Trust Authority (MCC911) in Oklahoma has suffered a significant data breach involving protected health information. The breach was also reported at PRC-Saltillo, a company that provides communication devices and apps. Source: HIPAA Journal
  4. CreditRiskMonitor Data Breach Impacts Employee Information: CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, has disclosed a data breach impacting employee information. The extent of the breach and the number of affected individuals are currently unknown. Source: Security Week
  5. Chinese Hackers Breach US Wiretapping Data: A cybersecurity breach has exposed vulnerabilities in U.S. broadband infrastructure, with Chinese hackers gaining access to sensitive telecom networks. The breach has raised concerns about the security of wiretapping data and the potential misuse of this information. Source: eSecurity Planet

Security Research

  1. Pillar Security's State of Attacks on GenAI: Pillar Security's research reveals that 90% of successful attacks on GenAI resulted in leaked sensitive data. The study is based on the analysis of over 2,000 AI applications, emphasizing the need for robust AI cybersecurity. Source: GlobeNewswire
  2. GoldenJackal, LiteSpped Cache bug, Ukraine's milCERT: ESET researchers have detailed a cyberespionage group known as GoldenJackal. The group is known for its sophisticated attacks on embassies and air-gapped systems. Additionally, security researcher TaiYou discovered three flaws in LiteSpped Cache. Source: CISO Series
  3. Chrome 129 Warning As Google Drops Yet Another Security Update: Google has released another security update for Chrome 129 after a researcher discovered two vulnerabilities, earning the researcher a $55,000 bounty. The update is crucial for the security of Chrome users. Source: Forbes
  4. Security Awareness Training is not Alleviating Breach Risk, New Survey Finds: A new research by CultureAI reveals that despite companies investing heavily in security awareness training, it is not reducing the risk of breaches. This highlights the need for a more effective approach to human risk management. Source: GlobeNewswire
  5. New MisterioLNK Loader Largely Undetected by Security Tools: Cyble: Cyble researchers have discovered a new loader builder and obfuscation tool, known as MisterioLNK, that has largely gone undetected by security tools. This discovery underscores the need for more advanced detection methods. Source: The Cyber Express

Top CVEs

  1. CVE-2023-45361 - MediaWiki Vector Skin Component Issue: A flaw was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. The vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web behavior. Source: CVE-2023-45361
  2. CVE-2023-45359 - MediaWiki Vector Skin Component Issue: Another issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. The vector-toc-toggle-button-label is not escaped, but should be, because the line param can have unexpected values. Source: CVE-2023-45359
  3. CVE-2024-45230 - Django Template Filters Issue: An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence. Source: CVE-2024-45230
  4. CVE-2024-43603 - Visual Studio Collector Service Denial of Service: A vulnerability in the Visual Studio Collector Service can lead to a denial of service attack. Further details are not provided. Source: CVE-2024-43603
  5. CVE-2024-43585 - Code Integrity Guard Security Feature Bypass: A security feature bypass vulnerability exists in the Code Integrity Guard. Further details are not provided. Source: CVE-2024-43585

API Security

  1. Directus Access Tokens Exposure (CVE-2024-47822): Directus, a real-time API and App dashboard for managing SQL database content, has a vulnerability where access tokens from query strings are not redacted and could potentially be exposed in system logs. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This vulnerability has been patched in release version 10.13.2 and subsequent releases. Source: vulners.com
  2. Expression Language Injection in Apache Log4J: A Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228) has been developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP. The PoC features a React SPA frontend that simulates a generic e-commerce website and a Spring Boot REST API backend that uses a vulnerable version of Log4j 2.14. Source: vulners.com
  3. Password Exposure in JetBrains TeamCity (CVE-2024-47161): In JetBrains TeamCity before 2024.07.3, a password could be exposed via Sonar runner REST. This vulnerability could potentially allow an attacker to gain unauthorized access to sensitive information. Users are advised to update to the latest version to mitigate this vulnerability. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from MoneyGram's data breach to the latest cybersecurity tools. Remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense.

If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, stay vigilant and keep your data secure.

Read more

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Welcome to today's edition of Secret CISO, where we delve into the latest happenings in the world of cybersecurity. Today, we're unpacking a series of data breaches that have sent shockwaves across various sectors. First up, we're looking at a data breach involving a

By Secret CISO
Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO