Secret CISO 11/1: Texas Insurance and Git Config Breaches, Bluefin-Datacap Partnership, 23andMe PR Nightmare

Secret CISO 11/1: Texas Insurance and Git Config Breaches, Bluefin-Datacap Partnership, 23andMe PR Nightmare

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into a massive data breach at a Texas-based insurance servicer, impacting nearly 68,000 Texans and over 800,000 people nationwide. We'll also discuss a significant Git Config breach that exposed 15,000 credentials and cloned 10,000 private repositories. In the hospitality sector, Bluefin and Datacap are partnering to enhance payment security, while the 23andMe data breach continues to unravel, turning into a PR nightmare. We also have updates on the UnitedHealth data breach, which exposed the personal and medical data of more than a third of the population.

In international news, Brazilian hackers are threatening a data leak at Sassa after students uncovered a security breach. Meanwhile, a data leak has forced Interbank, one of Peru's largest banking institutions, to confirm a data breach. We'll also touch on the latest cybersecurity research, including vulnerabilities in ABB's building automation and energy management software, and the persistent risk of API security breaches.

Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe and secure!

Data Breaches

  1. Massive Data Breach at Texas-based Insurance Servicer: A significant data breach at a Texas-based insurance servicer has impacted nearly 68,000 Texans and more than 800,000 individuals nationally, according to filings. Source: wfaa.com
  2. Massive Git Config Breach Exposes 15,000 Credentials: A massive Git Config breach has exposed 15,000 credentials, with 10,000 private repositories cloned. The breach has raised concerns about vulnerabilities and cyber attacks. Source: thehackernews.com
  3. Brazilian Hackers Threaten Sassa Data Leak: The hacking group, N4aughtysecGroup, has threatened to release Sassa data after two Stellenbosch students uncovered a security breach. The potential data leak has raised concerns about the security of sensitive information. Source: iol.co.za
  4. Data Leak Forces Interbank to Confirm a Data Breach: Interbank, one of Peru's largest banking institutions, confirmed a data breach after a threat actor allegedly leaked its data. The incident has raised questions about the bank's data security measures. Source: izoologic.com
  5. New Report Reveals Persistent API Security Breaches Risk: A new report by Traceable AI reveals that 57% of organizations have suffered API breaches, highlighting significant flaws in current security measures. The findings underscore the need for improved API security. Source: securitybrief.asia

Security Research

  1. Zero-Click Flaw Exposes Potentially Millions of Storage Devices to Attack: Security researcher Rick de Jager discovered a vulnerability in Synology storage devices that could be exploited without any user interaction. This flaw potentially exposes millions of devices to cyber attacks. Source: WIRED
  2. VulnCheck Finds Critical Security Flaws in ABB Building Automation and Energy Management Software: VulnCheck's Initial Access Research has uncovered two significant vulnerabilities in ABB's building automation and energy management software. These flaws could potentially allow unauthorized access and control over the systems. Source: Industrial Cyber
  3. Emeraldwhale Gobbles 15K Credentials from Clouds: Security researchers have discovered a massive data theft operation by unknown cybercriminals. The operation, dubbed "Emeraldwhale," has stolen around 15,000 credentials from cloud-based systems. Source: The Register
  4. Microsoft: Chinese Hackers Use Quad7 Botnet to Steal Credentials: Security researcher Gi7w0rm discovered that Chinese hackers are using the Quad7 botnet to steal credentials. The botnet, also known as CovertNetwork-1658 or xlogin, consists of compromised SOHO routers. Source: Bleeping Computer
  5. New NSF-backed Research Addressing Threat of Security Breaches in Semiconductor Design: New research backed by the National Science Foundation (NSF) is addressing the threat of security breaches in semiconductor design. The research involves the use of AI tools to automate the detection of security vulnerabilities and simulate how security researchers identify attack vectors and root causes. Source: University of Maine

Top CVEs

  1. CVE-2024-8185: Vault Community and Vault Enterprise clusters are vulnerable to a denial-of-service (DoS) attack through memory exhaustion via a Raft cluster join API endpoint. An attacker may send a large volume of requests to the endpoint, causing Vault to consume excessive system memory resources, potentially leading to a system crash. This vulnerability is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8. Source: CVE-2024-8185
  2. CVE-2024-50347: Laravel Reverb, a real-time WebSocket communication backend for Laravel applications, has an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This issue only affects the Pusher-compatible API endpoints and not the WebSocket connections themselves. This vulnerability is fixed in version 1.4.0. Source: CVE-2024-50347
  3. CVE-2024-7883: When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value. This allows an attacker to read a limited quantity of Secure stack contents, impacting confidentiality. Source: CVE-2024-7883
  4. CVE-2024-10615: A critical vulnerability was found in Tongda OA 2017 up to 11.10. The issue affects an unknown functionality of the file /general/approve_center/query/list/input_form/delete_data_attach.php. The manipulation of the argument RUN_ID leads to SQL injection. The exploit has been disclosed to the public. Source: CVE-2024-10615
  5. CVE-2024-10573: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer, potentially causing heap corruption and arbitrary code execution. The complexity required to exploit this flaw is considered high. Source: CVE-2024-10573

API Security

  1. SQL Injection Vulnerability in Lunary-AI: A SQL injection vulnerability was found in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The vulnerability allows an attacker to execute arbitrary SQL commands due to lack of server-side validation or sanitization. Successful exploitation can lead to complete data loss or modification. Source: CVE-2024-7456
  2. Stored Cross-Site Scripting in Otter Blocks Plugin for WordPress: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages. Source: CVE-2024-10367
  3. Improper Authentication in Knightliao Disconf: A critical vulnerability was found in knightliao Disconf 2.6.36 affecting the file /api/config/list of the component Configuration Center. The vulnerability leads to improper authentication and can be initiated remotely. Source: CVE-2024-10620
  4. Path Traversal in Ollama: An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push. Source: CVE-2024-39722
  5. File Existence Disclosure in Ollama: An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. Source: CVE-2024-39719

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the realm of cybersecurity. From the massive data breach at a Texas-based insurance servicer to the vulnerabilities exposed in various software, it's clear that the threat landscape is ever-evolving. In the face of these challenges, partnerships like the one between Bluefin and Datacap, aimed at securing payments in the hospitality sector, offer a glimmer of hope.

But as the saying goes, "Hope is not a strategy." It's crucial for organizations to stay informed, invest in robust security measures, and foster a culture of cybersecurity awareness. Remember, cybersecurity is not just the responsibility of your IT department—it's a collective effort.

So, share this newsletter with your colleagues and friends, and let's work together to create safer digital spaces.

Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research. We start with a critique of a clinic's response to a data breach that exposed patients' personal and financial data. In India, ride-hailing platform Rapido has

By Secret CISO