Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news.

Today, we're discussing a series of data breaches impacting millions of clients, from retail firm Hot Topic to healthcare provider Hawaii Radiologic Associates. We'll also delve into the lessons we can learn from these incidents and how to better protect sensitive data. In other news, the new Interlock Ransomware Group is targeting US healthcare organizations, exploiting vulnerabilities and delivering a harsh wake-up call to those who cut corners on security. We'll explore what this means for the healthcare sector and how to combat such threats. We also touch on the potential implications of 23andMe's business troubles for millions of users' genetic data, following a massive security breach in 2023.

Plus, we'll look into the Mobile County Health Department's potential data breach and what it means for patients. In the world of legal action, we'll discuss the proposed $2.1M settlement in a class action against Dell over data breaches and scam calls, and the $15M settlement ordered for Cash App users who faced a security breach.

Finally, we'll examine the state of cloud ransomware in 2024, the latest research in cybersecurity, and the rise of new malware targeting macOS. Stay tuned for these stories and more in today's Secret CISO newsletter.

Data Breaches

1. Data Breach on Hot Topic Retail Firm: An alleged data breach on the American retail company Hot Topic has reportedly compromised the personal information of nearly 57 million clients. The extent of the breach and the exact data compromised is still under investigation. Source: izoologic.com
2. Hawaii Radiologic Associates Data Breach: Hawaii Radiologic Associates, Ltd. ("HRA") is under investigation by Levi & Korsinsky, LLP for a data breach that has raised concerns over the security of sensitive personal and protected health information entrusted to HRA. The details of the breach are yet to be disclosed. Source: klfy.com
3. Interlock Ransomware Targets US Healthcare Organizations: A new ransomware group known as Interlock has been exploiting vulnerabilities in US healthcare organizations, delivering a harsh wake-up call to those who cut corners on security. The number of organizations affected and the extent of the damage is still unknown. Source: hipaajournal.com
4. 23andMe Security Breach: Genetic testing company 23andMe experienced a massive security breach in 2023 that exposed the data of nearly 7 million users. The company's current business troubles have raised concerns about the security of millions of users' genetic data. Source: abcnews.go.com
5. Mobile County Health Department Data Breach: The Mobile County Health Department has revealed a potential data breach. Officials have declined to answer questions about the incident, including why patients are just now learning of the breach or even how many people are affected. Source: fox10tv.com

Security Research

1. "The State of Cloud Ransomware in 2024 - SentinelOne": SentinelOne's research reveals the increasing popularity of ransom attacks in the cloud. The inherent vulnerabilities of cloud services make them a prime target for cybercriminals. Source: SentinelOne
2. "New RustyAttr Malware Targets macOS Through Extended Attribute Abuse": Group-IB security researchers have discovered a new malware, RustyAttr, that targets macOS through extended attribute abuse. The malware attempts to render a HTML webpage using a WebView upon execution. Source: The Hacker News
3. "Security flaws in OvrC cloud platform expose IoT devices to remote code execution, prompt updates": Researchers have identified ten distinct vulnerabilities in the OvrC cloud platform, used globally in the communications sector. These vulnerabilities, when combined, allow attackers to execute code remotely. Source: Industrial Cyber
4. "Apple's iOS 18.1 update adds advanced security feature that reboots iPhone automatically if inactive for long": Security researcher Jiska Classen has discovered a new feature in Apple's iOS 18.1 update that automatically reboots the iPhone if it remains inactive for a long period. Source: The Hindu
5. "Research reveals critical gaps in global cyber security governance - Accounting Times": A new report from HLB Mann Judd reveals that the increasing use of AI without proper controls is leaving Australian businesses vulnerable to cybersecurity threats, highlighting critical gaps in global cybersecurity governance. Source: Accounting Times

Top CVEs

1. CVE-2022-31666: Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. This could lead to unauthorized changes to Webhook policies. Source: CVE-2022-31666.
2. CVE-2022-31670: Harbor fails to validate user permissions when updating tag retention policies. This could allow an attacker to modify tag retention policies configured in other projects. Source: CVE-2022-31670.
3. CVE-2022-31671: Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. This could allow malicious authenticated users to read all the job logs stored in the Harbor. Source: CVE-2022-31671.
4. CVE-2022-31669: Harbor fails to validate user permissions when updating tag immutability policies. This could allow an attacker to modify tag immutability policies configured in other projects. Source: CVE-2022-31669.
5. CVE-2022-31667: Harbor fails to validate user permissions when updating a robot account. This could allow an attacker to revoke the robot account of a different project that the user doesn’t have access to. Source: CVE-2022-31667.

API Security

1. CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab: An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2. This vulnerability could have allowed an attacker to gain full API access as the victim via the Device OAuth. Source: vulners.com
2. CVE-2024-40404 Cybele Software Thinfinity Workspace: This software was found to contain an access control issue in the API endpoint where Web Sockets connections are established. This was discovered in versions before v7.0.2.113. Source: vulners.com
3. CVE-2024-42834 Stored XSS in Incognito Service Activation Center (SAC) UI: A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName field. Source: vulners.com
4. CVE-2024-52295 DataEase JWT Forgery: DataEase, an open source data visualization analysis tool, allowed attackers to forge jwt and take over services prior to version 2.10.2. The JWT secret, UID, and OID were hardcoded in the code. This vulnerability has been fixed in the latest version. Source: vulners.com
5. Craft CMS Arbitrary System File Read: By abusing the mail notification template in Craft CMS, it is possible to read arbitrary operating system files. This can lead to the exposure of sensitive data such as configuration files, which may contain credentials, API keys, or database passwords. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, data breaches continue to impact businesses across various sectors, from retail to healthcare. It's a stark reminder of the importance of robust cybersecurity measures. Remember, it's not just about protecting your business; it's about safeguarding your customers' trust.

If you found today's newsletter helpful, why not share it with your colleagues?

Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of potential threats. Stay safe, stay informed, and see you in the next edition of Secret CISO.