Secret CISO 11/28: GEICO, Travelers Pay $11.3M for Breaches, OnePoint Patient Care Breach Affects 1.7M, Snowflake Hacked, T-Mobile Thwarts Intrusion, Research on Mobile Users' Security Behavior

Secret CISO 11/28: GEICO, Travelers Pay $11.3M for Breaches, OnePoint Patient Care Breach Affects 1.7M, Snowflake Hacked, T-Mobile Thwarts Intrusion, Research on Mobile Users' Security Behavior

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and insights. Today, we're diving into the world of data breaches and their costly consequences. Starting off, we have auto insurance giants GEICO and The Travelers Indemnity Co. who have agreed to pay a hefty $11.3 million in state penalties for data-security breaches. Meanwhile, OnePoint Patient Care suffered a data breach affecting 1.7 million individuals, with Social Security numbers also compromised for a subset of the affected customers.

In another incident, a Kitchener, Ont., man was arrested in connection with a massive data breach affecting U.S.-based cloud storage company, Snowflake. In response to the growing threat of data breaches, Western Australia is set to hire a chief data officer as its new privacy law passes, setting up mandatory data breach reporting and information handling principles. On the mobile front, an empirical assessment reveals that mobile device users perceive threat susceptibility as a necessary factor that leads them to perform security measures.

In the telecom sector, T-Mobile detected network intrusion attempts from a wireline provider, ensuring no data breach or service disruption. In a twist of events, the XMLRPC npm Library turned malicious, stealing data and deploying a crypto miner. The UK's police service, PSNI, was fined £750,000 following a significant spreadsheet data breach. In the realm of data security research, we explore the mathematical certainty in data security and the top 10 endpoint security solutions for 2025.

Lastly, we delve into the world of cyberattacks, with T-Mobile confirming hacking during a period of telecom security breaches and North Korean hackers stealing billions in crypto by posing as VCs, recruiters, and IT workers. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed with Secret CISO.

Data Breaches

  1. GEICO and Travelers Pay $11.3M for Cybersecurity Breaches: Auto insurance companies GEICO and The Travelers Indemnity Co. have agreed to pay a combined $11.3 million in state penalties for data-security breaches. The exact details of the breaches were not disclosed. Source: PropertyCasualty360
  2. OnePoint Patient Care Data Breach Affects 1.7 Million Individuals: OnePoint Patient Care confirmed a data breach affecting 1.7 million individuals. The breach also compromised Social Security numbers for a subset of the affected customers. Source: HIPAA Journal
  3. Snowflake Data Breach: A data breach affecting U.S.-based cloud storage company Snowflake has led to the arrest of a man in Kitchener, Ontario. The extent of the data compromised in the breach has not been disclosed. Source: CBC
  4. XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner: Datadog Security Labs uncovered a malicious campaign targeting Windows users that uses counterfeit packages uploaded to the XMLRPC npm library to steal data and deploy a crypto miner. Source: The Hacker News
  5. Nearly 35.9 Million Affected by Xfinity Data Breach: Xfinity confirmed a data breach affecting nearly 35.9 million customers. The compromised information included usernames and hashed passwords, and for some customers, the last four digits of Social Security numbers. Source: MSN

Security Research

  1. North Korean hackers steal billions in crypto: Security researchers have revealed that North Korean hackers have successfully stolen billions in cryptocurrency by posing as venture capitalists, recruiters, and IT workers. The hackers have infiltrated hundreds of organizations with the aim of stealing money and data. Source: Yahoo Finance, TechCrunch
  2. Building Trust in Digital Healthcare: Sokratis Vavilis' research aims to improve trust in digital healthcare by enhancing data reliability, security, and cybersecurity management. The research focuses on the intersection of healthcare and technology, aiming to make digital healthcare safer and smarter. Source: Tue.nl
  3. Webcam Vulnerability in Lenovo Laptops: A security engineer has discovered a vulnerability in the webcam firmware of Lenovo ThinkPad X230 laptops. The flaw allows hackers to reflash the webcam firmware and control its LED without the user's knowledge, potentially leading to privacy breaches. Source: CyberNews
  4. Data Security in Scientific Research: A report highlights the importance of data security in scientific research, discussing emerging concerns, regulatory compliance, protection of intellectual property, and ethical issues. The report emphasizes the role of cloud computing in ensuring compliance and protection. Source: Nasscom Community
  5. XMLRPC npm Library Turns Malicious: Security researcher Yehuda Gelb has reported that the XMLRPC npm library has turned malicious, stealing data and deploying a crypto miner. The library's malicious behavior involves a GitHub project repository. Source: The Hacker News

Top CVEs

  1. CVE-2018-9349: A potential out of bounds read due to missing bounds check in mv_err_cost of mcomp.c could lead to denial of service. No additional execution privileges are needed but user interaction is required. Source: CVE-2018-9349
  2. CVE-2018-9354: In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, a possible remote denial of service due to divide by 0 could occur. No additional execution privileges are needed but user interaction is required. Source: CVE-2018-9354
  3. CVE-2018-9352: A possible resource exhaustion due to integer overflow in ihevcd_allocate_dynamic_bufs of ihevcd_api.c could lead to remote denial of service. No additional execution privileges are needed but user interaction is required. Source: CVE-2018-9352
  4. CVE-2017-13320: A possible OOB read due to a missing bounds check in impeg2d_bit_stream_flush() of libmpeg2dec could lead to Remote DoS. No additional execution privileges are needed but user interaction is required. Source: CVE-2017-13320
  5. CVE-2017-13321: In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, a possible out of bounds read due to a missing bounds check could lead to local information disclosure. No additional execution privileges are needed and user interaction is not required. Source: CVE-2017-13321

API Security

  1. CVE-2024-53859: A security vulnerability in go-gh, a Go module for interacting with the GitHub API, could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. This issue has been addressed in version 2.11.1 and all users are advised to upgrade and regenerate authentication tokens. Source: vulners.com
  2. Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts: A security vulnerability in the GitHub CLI could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Users are advised to upgrade to version 2.63.0 and revoke authentication tokens used with the GitHub CLI. Source: vulners.com
  3. `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace: A security vulnerability in go-gh could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Users are advised to upgrade to version 2.11.1 and regenerate authentication tokens. Source: vulners.com
  4. CVE-2024-53855: Centurion ERP, an open-source IT management application, has a vulnerability that allows users with view permissions for a ticket to view the tickets of another organization they are not part of. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Source: vulners.com
  5. Querydsl vulnerable to HQL injection trough orderBy: The order by method in Querydsl enables injecting HQL queries, which may cause blind HQL injection, leading to leakage of sensitive information and potentially Denial Of Service. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

Happy Thankgiving, dear CISOs!

As we wrap up today's edition of Secret CISO, we're reminded that the world of cybersecurity is a constantly evolving landscape. From GEICO and Travelers paying hefty penalties for data breaches, to the OnePoint Patient Care data breach affecting 1.7 million individuals, it's clear that no organization is immune to cyber threats. In other news, a man in Kitchener, Ontario, faces possible extradition for a massive Snowflake hacking scheme, and Washington is set to hire a chief data officer as a new privacy law passes.

Meanwhile, T-Mobile has detected network intrusion attempts but assures that sensitive customer data was not impacted. In the realm of research, we're seeing an empirical assessment of mobile device users' information security behavior towards data breaches, and a mathematical certainty in data security is being explored.

Remember, staying informed is the first step towards ensuring your organization's cybersecurity. Share this newsletter with your friends and colleagues to keep them in the loop. Stay safe, stay secure. See you in the next edition of Secret CISO.

Read more

Secret CISO 12/26: RBFCU, Loandepot, American Addiction Centers, Marriott, Deloitte, ABC Legal Services, and Japan Airlines hit by data breaches; IoT and ransomware pose major security risks; BellaCiao malware variant launched by Charming Kitten

Secret CISO 12/26: RBFCU, Loandepot, American Addiction Centers, Marriott, Deloitte, ABC Legal Services, and Japan Airlines hit by data breaches; IoT and ransomware pose major security risks; BellaCiao malware variant launched by Charming Kitten

Good day, Secret CISO subscribers! Today's issue is packed with crucial updates on the latest data breaches and security risks. We start with the unfortunate news of a data breach at Randolph-Brooks Federal Credit Union, affecting 4,600 customers and potentially exposing personal banking information. In response to

By Secret CISO