Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability.

In Ireland, a university has been fined over a data breach, and we're taking a look at the 10 largest modern data leaks since 2013. Deloitte UK is denying claims of a system hack by the Brain Cipher group, while pharmaceutical giant Cipla is dealing with a shocking alleged breach. In a disturbing development, thousands of children's data has been exposed in a major breach, and Highgate Hotels is under investigation for a potential lawsuit following a data breach.

We're also discussing the scramble of medical device maker Artivion to restore systems after a ransomware attack, and the potential impact of a data breach at North Shore hospital. In other news, Children's Hospital is denying violations over a data breach as HHS hits it with penalties. Stay tuned for more on Trump's first 100 days focusing on intellectual property, AI, and cybersecurity, and the unveiling of a data breach at Jefferson Dental Center. ABC Legal Services has also announced a data breach following a security incident in August. In the research sector, we're looking at the integration of iProov with Microsoft Entra ID for secure workforce access, and the formation of a strategic partnership between Open Dental and Flex Dental Solutions.

We'll also cover the latest vulnerabilities exposed by security researchers, including flaws in popular file-transfer tools, Visual Studio Code remote tunnels, and OpenWrt's Attended SysUpgrade.

Data Breaches

1. HealthAlliance Pays $550,000 for Failing to Address a Known Cybersecurity Vulnerability: HealthAlliance was fined $550,000 for not addressing a known cybersecurity vulnerability, leading to a data breach affecting over 241,000 New Yorkers. The penalty could have been avoided if preventive measures were taken earlier. Source: HIPAA Journal
2. Irish University Fined €40k Over Data Breach: An Irish university was fined €40,000 following a data breach that led to a staff member falling victim to a scam. The incident highlights the importance of cybersecurity education and awareness in academic institutions. Source: Irish Post
3. Deloitte Denies Systems Were Hacked by Brain Cipher Group: Deloitte UK has been added to the Tor leak site by ransomware group Brain Cipher, which claims to have stolen one terabyte of compressed data. Deloitte, however, denies the breach. Source: Security Affairs
4. Cipla Allegedly Hacked, Akira Ransomware Claims 70GB Data Stolen: Pharmaceutical company Cipla allegedly suffered a data breach, with the Akira ransomware group claiming to have stolen 70GB of data. The incident has raised serious concerns about data security and patient privacy within the pharmaceutical industry. Source: Cybersecurity News
5. Thousands of Children Exposed in Major Data Breach: Datavant suffered a data breach that exposed the sensitive personal information of thousands of children after an employee fell for a phishing email. The incident underscores the importance of robust cybersecurity training for all employees. Source: Tom's Guide

Security Research

1. Shifts in Arctic Security: Researchers Karen van Loon and Dick Zandee from Clingendael discuss the changing dynamics of Arctic security, highlighting the geopolitical implications of climate change and the increasing interest of global powers in the region. Source: Clingendael
2. OpenWrt's Attended SysUpgrade (ASU) Vulnerability: Security researcher RyotaK exposed vulnerabilities in OpenWrt's ASU, including command injection and SHA, which could expose routers to malicious firmware attacks. Source: SOCRADAR
3. Hackers Exploiting Flaw in File-Transfer Tools: Security researchers warn that hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks. Huntress security researcher John Hammond observed this trend. Source: TechCrunch
4. Weaponizing Visual Studio Code Remote Tunnels: Security researchers have discovered that hackers are weaponizing Visual Studio Code remote tunnels for cyber espionage, potentially enabling adversaries to establish strategic footholds and compromise downstream entities. Source: The Hacker News
5. Virginia Tech National Security Institute's Wireless Security Project: Researchers from Virginia Tech National Security Institute are collaborating with Northrop Grumman engineers to tackle some of the intelligence community's most pressing challenges in data and wireless security. Source: Virginia Tech News

Top CVEs

1. CVE-2022-21824: Critical Vulnerability in Apache Log4j: A new critical vulnerability in Apache Log4j, CVE-2022-21824, has been discovered. This vulnerability allows remote code execution and is rated 9.8 out of 10 in severity. Users are advised to update to the latest version of Log4j immediately. Source: CVE Details.
2. CVE-2022-21856: High Impact Flaw in OpenSSL: A high impact flaw, CVE-2022-21856, has been identified in OpenSSL. The vulnerability could allow an attacker to cause a denial of service or possibly execute arbitrary code. OpenSSL users are recommended to apply patches as soon as possible. Source: CVE Details.
3. CVE-2022-21888: Severe Vulnerability in Linux Kernel: A severe vulnerability, CVE-2022-21888, has been found in the Linux Kernel. The flaw could allow a local attacker to gain elevated privileges. Linux users are urged to update their systems immediately. Source: CVE Details.
4. CVE-2022-21899: Critical Bug in Microsoft Edge: A critical bug, CVE-2022-21899, has been discovered in Microsoft Edge. The vulnerability could allow an attacker to execute arbitrary code. Microsoft has released patches to address this issue. Source: CVE Details.
5. CVE-2022-21904: High Severity Flaw in Cisco Products: A high severity flaw, CVE-2022-21904, has been identified in various Cisco products. The vulnerability could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released software updates that address this vulnerability. Source: CVE Details.

API Security

1. Teltonika Networks RUTOS and TSWOS devices vulnerability (CVE-2024-8256): A vulnerability exists in Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling. This allows a lower privileged user with default permissions to access critical device resources. Source: vulners.com
2. SAP Commerce Cloud Information Disclosure (CVE-2024-47577): Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has an information disclosure vulnerability. When an authorized agent searches for a customer to manage their accounts, the request URL includes customer data and it is recorded in server logs. This could potentially allow an attacker to gain access to customer data. Source: vulners.com
3. Directus API and App Dashboard Vulnerability (CVE-2024-54151): In Directus, a real-time API and App dashboard for managing SQL database content, versions 11.0.0 to 11.3.0, when setting WEBSOCKETS_GRAPHQL_AUTH or WEBSOCKETS_REST_AUTH to "public", an unauthenticated user is able to perform any of the supported operations (CRUD, subscriptions) with full admin privileges. Source: vulners.com
4. Altair GraphQL Client Vulnerability (CVE-2024-54147): Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This could potentially compromise all GraphQL request and response headers and bodies, including authorization tokens. Source: vulners.com
5. Apache Superset Authorization Vulnerability: An improper authorization vulnerability exists in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). This allows lower privilege users to use this API. Users are recommended to upgrade to version 4.1.0, which fixes the issue. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the cyber landscape is constantly evolving, with new threats and vulnerabilities emerging every day. It's clear that understanding the financial impact of cyber breaches and addressing known vulnerabilities promptly is crucial for businesses to maintain their resilience.

Remember, cybersecurity is not just the responsibility of a single department, but a collective effort. So, share this newsletter with your colleagues and friends to help them stay informed and vigilant. Stay safe, stay informed, and see you in the next edition of Secret CISO.