Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the world of cybersecurity. First up, we delve into a massive data breach at an undisclosed hospital in France, where a staggering 750,000 patient records have been exposed. The hacker behind this breach claims to have access to 1.5 million records, highlighting the urgent need for robust security measures in the healthcare sector. In the financial world, Finastra, a leading fintech firm, is investigating a data breach that occurred earlier this month. The company is prioritizing customer communication as it works to understand the extent of the breach.

Meanwhile, the Justice Department is seeking to limit Google's business practices to enhance data security and privacy. The proposed final judgment aims to ensure that data is shared in a manner that safeguards personal privacy and security. In the aviation industry, the FAA is proposing new rules to tighten cybersecurity on airplanes. These rules aim to protect the aviation industry from potential cyber threats. We also discuss how data breaches can lead to years of legal battles, but can be prevented with the right security measures. This is particularly relevant in light of a recent data breach at a French hospital, which exposed over 750,000 patients' medical records.

Finally, we touch on the recent data breach at Delta Airlines, the importance of focusing on uptime to minimize hacks, and the settlement of a data breach lawsuit by Mercer University. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed.

Data Breaches

1. Massive Data Breach Exposes 750,000 Patient Records at Hospital: An undisclosed hospital in France suffered a significant data breach, compromising the sensitive medical records of approximately 750,000 patients. The breach highlights the risks of stolen healthcare data. Source: The420.in and Tripwire
2. Finastra Investigates Data Breach: Fintech firm Finastra is investigating a data breach that occurred earlier this month. The breach was first revealed by cybersecurity journalist Brian Krebs. Source: Finextra and Cybernews
3. Delta Airlines Reportedly Experiences Data Breach: Delta Airlines reportedly confirmed a dataset leaked by threat actors earlier this month contained certain employee data. The extent of the breach is still under investigation. Source: Top Class Actions
4. Mercer University Settles Lawsuit Over Data Breach: Georgia-based Mercer University has reached a settlement in a lawsuit stemming from a February 2023 data breach that compromised personal data. The details of the settlement have not been disclosed. Source: Teiss
5. China's Surveillance State Faces Black Market Challenges: Insider Leaks Create Data Breach Ecosystem: Insiders at China's surveillance agencies leak citizen data to black markets, fueling a thriving trade of sensitive info for as little as a few dollars. This has created a data breach ecosystem that poses significant security challenges. Source: TechTimes

Security Research

1. Checkmarx Extends DevSecOps Reach to Repository Security and Secrets Discovery: Checkmarx has extended its DevSecOps capabilities to include repository security and secrets discovery. The security researchers at Checkmarx review findings to verify the nature of the threat, enhancing the security of the software supply chain. Source: devops.com
2. Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities: Google's OSS-Fuzz has utilized AI to uncover 26 hidden security vulnerabilities. Researchers at Project Zero, another Google research team, have also built a framework using LLMs for vulnerability discovery. Source: infosecurity-magazine.com
3. Black Friday sale: Fake websites of Rolex, Louis Vitton, Longchamp and other...: Security researchers have detected an alarming 89% increase in potentially fraudulent themed websites during the Black Friday sale. Shoppers are advised to be vigilant to avoid falling victim to these scams. Source: timesofindia.indiatimes.com
4. North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs: North Korean front companies have been found impersonating U.S. IT firms to fund missile programs. This revelation highlights the unique challenges of cloud security. Source: thehackernews.com
5. Palo Alto Networks warns hackers are breaking into its customers' firewalls — again: Security researchers at Palo Alto Networks have observed a "limited set of exploitation activity" related to their customers' firewalls. This is not the first time the company's firewalls have been targeted by hackers. Source: techcrunch.com

Top CVEs

1. CVE-2022-43937 Brocade SANnav Information Disclosure Vulnerability: A potential information exposure through log file vulnerability has been identified in Brocade SANnav versions before 2.3.0. This vulnerability could lead to sensitive data being recorded in debug-enabled logs when debugging is turned on. Source: CVE-2022-43937
2. CVE-2018-9470: A possible out-of-bounds write due to an incorrect bounds check has been identified in bff_Scanner_addOutPos of Scanner.c. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. Source: CVE-2018-9470
3. CVE-2022-43935 Switch passwords and authorization IDs are printed in the embedded MLS DB file: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB. Source: CVE-2022-43935
4. CVE-2018-9475: A possible out of bounds stack write due to a missing bounds check has been identified in HeadsetInterface::ClccResponse of btif_hf.cc. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation. Source: CVE-2018-9475
5. CVE-2022-43933 configuration secrets are logged in support-save: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret. Source: CVE-2022-43933

API Security

1. CVE-2024-52287 authentik performs insufficient validation of OAuth scopes: Authentik, an open-source identity provider, had a vulnerability that allowed an attacker to get a token with scopes that haven't been configured in authentik when using the client_credentials or device_code OAuth grants. This issue has been fixed in authentik 2024.8.5 and 2024.10.3. Source: vulners.com
2. CVE-2024-21855 GoCast 1.1.3 HTTP API vulnerability: A lack of authentication vulnerability was found in the HTTP API functionality of GoCast 1.1.3. This vulnerability could lead to arbitrary command execution through a specially crafted HTTP request. Source: vulners.com
3. CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass: The Lock User Account plugin for WordPress, in all versions up to and including 1.0.5, was vulnerable to user lock bypass. This was due to the plugin allowing application password logins when user accounts were locked, enabling authenticated attackers to interact with the vulnerable site via an API. Source: vulners.com
4. CVE-2024-52797 Searching Opencast may cause a denial of service: Opencast, a software for automated video capture and distribution, had a vulnerability in its Elasticsearch integration that could generate invalid queries and cause a denial of service due to disk exhaustion. This issue has been patched in Opencast 13.10, 14.3, and 16.7. Source: vulners.com
5. github.com/rancher/steve's users can issue watch commands for arbitrary resources: A vulnerability was discovered in Steve API (Kubernetes API Translator) that allowed users to watch resources they were not allowed to access, given they had some generic permissions on the type. This issue has been addressed in the latest patches. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our insights and updates valuable. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay secure. If you found this newsletter helpful, why not share it with your colleagues and friends?

Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of the hackers.

Until next time, stay safe and secure.