Welcome to today's edition of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we're focusing on the critical role of data security in healthcare, the rising cost of data breaches, and the urgent need for the healthcare industry to become quantum-safe.

We'll also discuss the recent data breaches affecting Presbyterian Healthcare Services and ORM Fertility, and how Italy's data watchdog has criticized Intesa for underestimating the severity of a data breach. In other news, CashApp users have a new deadline to claim $2575 for a user data breach, and Brightline has reached a $7.5M settlement over a 2023 data breach. Facebook is also in the spotlight as it brings a bid to dismiss a securities fraud suit to the Supreme Court, while South Korea fines Meta $15 million over a data breach.

We'll also touch on the Oklahoma Spine Hospital data breach lawsuit investigation, the role of data security in global sales enablement, and the top 10 cloud native security platforms for 2025. Finally, we'll delve into the latest research developments in cybersecurity, including the detection of illegal flying drones, the strengthening of AI accountability, and the evolution in Arctic collective defense. Stay tuned for all this and more in today's Secret CISO newsletter.

Data Breaches

1. Presbyterian Healthcare Services & ORM Fertility Data Breaches: Presbyterian Healthcare Services and ORM Fertility have both announced security breaches that impacted their computer systems. The number of affected individuals and the extent of the data compromised is still under investigation. Source: HIPAA Journal
2. Intesa Sanpaolo Data Breach: Italy's data protection authority has criticized Intesa Sanpaolo for underestimating the severity of a data breach that affected thousands of customers. The exact details of the breach are still being investigated. Source: Digital Watch Observatory
3. CashApp Data Breach: CashApp users had their confidential data compromised due to a data leak. The company has set a new deadline for affected users to claim $2575 in compensation. Source: Union Rayo
4. Brightline Data Breach: Brightline has reached a $7M settlement over a 2023 data breach. The settlement includes cash payments, credit monitoring, and compensation for affected individuals. Source: Lawyer Monthly
5. Oklahoma Spine Hospital Data Breach: A data breach at Oklahoma Spine Hospital has potentially affected numerous patients. A class action lawsuit investigation is currently underway. Source: ClassAction.org

Security Research

1. An Evolution in Arctic Collective Defense: Researchers at the Ted Stevens Center for Arctic Security Studies are exploring the changing security environment in the Arctic due to unprecedented warming. This research is crucial for understanding the geopolitical implications of climate change in the region. Source: The Arctic Institute
2. Northwestern Security and AI Lab Explores Cybersecurity and AI Relationship: Professor V.S. Subrahmanian is leading research on the intersection of artificial intelligence and counterterrorism at Northwestern University. The research aims to understand the potential threats and benefits of AI in the field of cybersecurity. Source: Daily Northwestern
3. Researchers Develop New Technology to Detect and Track Illegal Drones: A new technology has been developed to detect and track illegal drones, strengthening national security and public safety. The technology is expected to mitigate the threat of illegal drones. Source: Tech Xplore
4. German Law Could Protect Researchers Reporting Vulnerabilities: A new German law is being drafted to protect security researchers, companies, and hackers from punishment when reporting vulnerabilities. The law aims to encourage responsible disclosure of security flaws. Source: Dark Reading
5. Strengthening AI Accountability Through Better Third Party Evaluations: Researchers at Stanford HAI are working on improving third-party evaluations of AI systems to strengthen accountability. The research emphasizes the need for updated security measures to accommodate AI security research. Source: Stanford HAI

Top CVEs

1. CVE-2023-1973: A flaw in the Undertow package allows a malicious user to trigger a Denial of Service by sending crafted requests, leading to an OutofMemory error on the server. Source: CVE-2023-1973
2. CVE-2024-43440: A local file inclusion vulnerability was found in Moodle. When restoring block backups, risks may occur. Source: CVE-2024-43440
3. CVE-2023-1932: A flaw in hibernate-validator's 'isValid' method can be bypassed by omitting the tag ending in a less-than character. This allows HTML injection or Cross-Site-Scripting (XSS). Source: CVE-2023-1932
4. CVE-2024-10318: A session fixation issue was discovered in the NGINX OpenID Connect reference implementation. An attacker can fix a victim's session to an attacker-controlled account, leading to potential misuse. Source: CVE-2024-10318
5. CVE-2024-6861: A disclosure of sensitive information flaw was found in Foreman via the GraphQL API. If the introspection feature is enabled, attackers can retrieve sensitive admin authentication keys, potentially compromising the entire product. Source: CVE-2024-6861

API Security

1. Portabilis i-Educar 2.8.0 SQL Injection Vulnerability: Portabilis i-Educar 2.8.0 is susceptible to SQL Injection due to improper sanitization of the "instituicao_id" parameter in the "getDocuments" function. This allows an unauthenticated remote attacker to inject malicious SQL. Source: CVE-2024-48325
2. RabbitMQ Queue Deletion Vulnerability: RabbitMQ's HTTP API's queue deletion endpoint does not verify user permissions, allowing users with valid credentials and HTTP API access to delete queues without the necessary permissions. Users are advised to upgrade or disable the management plugin. Source: CVE-2024-51988
3. Cisco Nexus Dashboard Fabric Controller Vulnerability: A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. Source: CVE-2024-20536
4. Cisco ISE API Vulnerability: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. Source: CVE-2024-20531
5. CodeChecker Authentication Bypass Vulnerability: CodeChecker is vulnerable to authentication bypass when using specifically crafted URLs. This bypass allows superuser access to all API endpoints other than Authentication, including the ability to add, edit, and remove products. Source: CVE-2024-10081

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates insightful and valuable for your daily operations. Remember, in the digital world, staying informed is the first step towards ensuring security.

Don't forget to share this newsletter with your friends and colleagues to help them stay secure too.

We all have a role to play in cyber security, and sharing knowledge is a significant part of that. Stay safe, stay secure, and see you in the next edition of Secret CISO.