Secret CISO 11/6: Healthcare Data Breach in US, Snowflake Hacker Arrested in Canada, Schneider Electric Security Breach, Open Source Software Security Risks, Germany Protects Security Researchers
Good morning, Secret CISO readers! Today's newsletter is packed with crucial updates on data breaches and security risks. First up, we delve into the recent healthcare data breach affecting a quarter of the American population. We'll discuss what data was compromised and what steps you should take in response.
Next, we'll cover the data breach reported by Northeast Professional Caregivers in Canton. Despite the company's assurance that no sensitive medical, financial, or Social Security information was compromised, we'll explore the potential implications. In other news, a Canadian man has been arrested in connection with the Snowflake data breach, which affected hundreds of millions of customers. We'll look at the details of the breach and the arrest, and what this means for data security moving forward. We also have updates on a law firm's data breach that exposed the information of tens of thousands, and data breaches reported by Axis Health System and Gandara Mental Health Center.
In addition, we'll discuss recent email-related data breaches reported by Kaiser Permanente, Soliant Health, and Potomac Medical Aesthetics. Lastly, we'll touch on the arrest of a suspected hacker over the breach of 160+ Snowflake users' data, and a security breach at Schneider Electric, a major player in energy management and automation. Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the world of cybersecurity.
Data Breaches
- Snowflake Data Breach: A Canadian man has been arrested in connection with a data breach at Snowflake. The breach affected hundreds of millions of customers and is believed to be a result of credential stuffing. Source: Yahoo
- Law Firm Data Breach: A lawsuit claims that a data breach at a law firm exposed the information of tens of thousands of individuals. The details of the breach and the lawsuit are still being explored. Source: BusinessDen
- Axis Health System & Gandara Mental Health Center Data Breaches: Data breaches have recently been announced by Axis Health System in Colorado and Gandara Mental Health Center in Massachusetts. The breaches have affected numerous individuals, though the exact number is not yet known. Source: HIPAA Journal
- Schneider Electric Data Breach: Schneider Electric, a major player in energy management and automation, has confirmed a security breach affecting one of its internal projects. The extent of the breach is still under investigation. Source: Computing UK
- Landmark Admin Ransomware Data Breach: Insurance administrator Landmark Admin has confirmed that a data breach stemming from a ransomware attack leaked the personal information of over 800,000 people. The leaked information includes social security numbers, bank account information, and medical histories. Source: CPO Magazine
Security Research
- Germany Drafts Law to Protect Security Researchers: The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly disclose security flaws. This move is expected to encourage more ethical hacking and responsible disclosure of vulnerabilities, thereby strengthening cybersecurity. Source: Bleeping Computer
- Ransomware Gang Demands Payment in French Bread and Crypto: A ransomware gang has demanded a ransom payment in the form of Monero cryptocurrency and French bread, according to a security researcher at Picus Security. This unusual demand highlights the evolving tactics of cybercriminals. Source: Forbes
- Windows Gamers Targeted by Winos4.0 Hackers: Security researchers have warned of a new wave of cyber-attacks specifically targeting Microsoft gamers. The malicious campaign, dubbed Winos4.0, could potentially compromise the security of millions of Windows users worldwide. Source: Forbes
- Research Reveals Exploitation of ChatGPT for Vishing Scams: A new study has revealed how cybercriminals can exploit the AI model ChatGPT for vishing scams. The research underscores the importance of staying informed about the latest AI advancements and regularly updating software and security systems. Source: ET Edge Insights
- Google AI Agent Finds Zero-Day in Popular Database Engine: Google's Project Zero team has reported that an AI agent has discovered a zero-day vulnerability in a popular database engine. This finding demonstrates the potential of AI in replicating and even outperforming the systematic methods of human security researchers. Source: GovInfoSecurity
Top CVEs
- CVE-2024-7995: A maliciously crafted binary file could lead to escalation of privileges in the VRED Design application due to an untrusted search path. Exploitation could lead to unauthorized code execution. Source: CVE-2024-7995
- CVE-2024-51358: Linux Server Heimdall v.2.6.1 has an issue that allows a remote attacker to execute arbitrary code via a crafted script. Source: CVE-2024-51358
- CVE-2024-51753: The AuthKit library for Remix has a vulnerability where refresh tokens are logged to the console when the debug flag is enabled. This issue has been patched in version 0.4.1. Source: CVE-2024-51753
- CVE-2024-51740: Combodo iTop, a web-based IT Service Management tool, has a vulnerability that allows a low privileged user to create HTTP requests on behalf of the server. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Source: CVE-2024-51740
- CVE-2024-10028: The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This allows unauthenticated attackers to obtain an archive file name and download the site's data. Source: CVE-2024-10028
API Security
- Foreman GraphQL API Sensitive Information Disclosure: A flaw in Foreman's GraphQL API allows for sensitive admin authentication keys to be retrieved if the introspection feature is enabled, potentially leading to a complete product compromise. Source: CVE-2024-6861
- Authentication Bypass in CodeChecker: CodeChecker, an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy, has an authentication bypass vulnerability when the API URL ends with Authentication. This allows superuser access to all API endpoints, excluding Authentication. Source: CVE-2024-10081
- Verification Issue in Gitsign: Gitsign, a keyless Sigstore to signing tool for Git commits, may select the wrong Rekor entry during online verification when multiple entries are returned by the log. This could potentially allow the wrong entry to pass verification. Source: CVE-2024-51746
- Privilege Escalation in OpenWRT Luci LTS: An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API. Source: CVE-2024-51240
- API Key Vulnerability in OctoPrint: OctoPrint, a web interface for controlling consumer 3D printers, contains a vulnerability that allows an attacker to retrieve/recreate/delete the user's or global API key without reauthentication. An attacker could use a stolen API key to access OctoPrint through its API. Source: CVE-2024-51493
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from healthcare data breaches to the arrest of a Snowflake hacker. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure.
If you found this newsletter helpful, why not share it with your colleagues and friends?
Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of the hackers. Until next time, keep your data safe and your systems secure.