Welcome to today's issue of Secret CISO. Today, we're diving into a series of cybersecurity breaches that have hit various sectors, from healthcare to financial institutions, and even state systems.

First, we'll explore the recent breach that hit Rhode Island's RIBridges System, a significant security threat that has compromised the system managing various state services. Deloitte, the state's vendor, informed officials about the breach, raising concerns about the potential theft of personal information.

Next, we'll take a look at a massive data theft in the healthcare sector where hackers stole 17 million patient records from three hospitals. This incident underscores the growing threat of disruptive cyber assaults in healthcare and other sectors. We'll also discuss the data breach at SRP Federal Credit Union, which exposed personal information of its members, leading to legal investigations on behalf of those affected.

Lastly, we'll delve into the world of cybersecurity research, discussing various studies and discoveries made by security researchers. These include a critical flaw in Microsoft's MFA system, a yearlong supply-chain attack that stole 390K credentials, and the cost of device security failures. Stay tuned for these stories and more in today's Secret CISO newsletter.

Data Breaches

1. Cybersecurity Breach Hits Rhode Island's RIBridges System: The state's vendor, Deloitte, reported a significant security threat that compromised the RIBridges system, which manages various state services. The extent of the breach and the data affected are still under investigation. Source: What's Up Newp
2. Hackers Steal 17M Patient Records in Attack on 3 Hospitals: In a major cyber assault, hackers managed to steal 17 million patient records from three hospitals. The breach highlights the increasing vulnerability of healthcare institutions to disruptive cyber attacks. Source: BankInfoSecurity
3. SRP Federal Credit Union Data Breach Exposes Personal Information: A data breach at SRP Federal Credit Union has exposed the personal information of its members. Legal claims are being investigated on behalf of all individuals whose information was exposed in the breach. Source: GlobeNewswire
4. Radiological Medical Services P.C. Data Breach: A data breach at Radiological Medical Services P.C. compromised the sensitive personal and protected health data of thousands of individuals, leading to concerns about potential misuse of the data. Source: Accesswire
5. Duke Energy Customers Affected by Data Breach: Duke Energy is alerting some customers about a data breach that may have compromised their personal information. The company is offering free credit monitoring and identity theft protection services to affected customers. Source: YouTube

Security Research

1. UTM Represents Malaysia at Erlangen Conference 2024 on Export Control and Academia: Dr. Mark Bromley, a senior researcher, represented UTM at the Erlangen Conference 2024, emphasizing UTM's commitment to responsible research and global security. Source: UTM News
2. Hackers steal 390,000 WordPress credentials from other hackers: Researchers at Datadog Security Labs discovered a case of hackers stealing SSH private keys and AWS access keys from other hackers, along with 390,000 WordPress credentials. Source: Bleeping Computer
3. Microsoft Warning As No-User-Interaction 2FA Bypass Attack Confirmed: Security researchers revealed a Microsoft 2FA bypass attack that required no user interaction, took only an hour, and did not trigger alerts. Source: Forbes
4. Yearlong supply-chain attack targeting security pros steals 390K credentials: Unknown threat actors have launched a yearlong supply-chain attack, employing spear phishing to target thousands of researchers who publish papers on the arXiv. Source: Ars Technica
5. HP Study Reveals $8.6bn Cost of Device Security Failures: Research from HP Inc shows that businesses face security risks across device lifecycles, with 81% of IT leaders stating that hardware security needs to be prioritized. Source: Cyber Magazine

Top CVEs

1. CVE-2024-31891 - IBM Storage Scale GUI Local Privilege Escalation Vulnerability: IBM Storage Scale GUI versions 5.1.9.0 to 5.1.9.6 and 5.2.0.0 to 5.2.1.1 contain a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host. Source: Vulners
2. CVE-2024-12632 - Duplicate CVE: This CVE has been rejected as it is a duplicate of CVE-2024-55956. All references and descriptions have been removed to prevent accidental usage. Source: Vulners
3. CVE-2024-31892 - IBM Storage Scale GUI Unauthorized Actions Vulnerability: IBM Storage Scale GUI versions 5.1.9.0 to 5.1.9.6 and 5.2.0.0 to 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula. Source: Vulners
4. CVE-2024-12553 - GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability: This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Source: Vulners
5. CVE-2024-12552 - Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability: This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Source: Vulners

API Security

1. CVE-2024-46982 - Next.js Cache Poisoning Vulnerability: A cache poisoning vulnerability has been discovered in Next.js versions 13.5.1 to 13.5.7 and 14.0.0 through 14.2.10. The vulnerability lies in the _next/image?url= API with the ?url= parameter, which allows attackers to load images hosted on their servers. These images can become permanently stored on the victim's website, even if the attacker stops their service. Source: Vulners.
2. CVE-2024-12501 - Simple Locator Plugin for WordPress Stored XSS: The Simple Locator plugin for WordPress, up to and including version 2.0.3, is vulnerable to Stored Cross-Site Scripting (XSS) via the plugin's shortcodes. This is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers to inject arbitrary web scripts. Source: Vulners.
3. CVE-2024-11095 - Visualmodo Elements Plugin for WordPress Stored XSS: The Visualmodo Elements plugin for WordPress, up to and including version 1.0.2, is vulnerable to Stored Cross-Site Scripting (XSS) via REST API SVG File uploads. Insufficient input sanitization and output escaping allow authenticated attackers to inject arbitrary web scripts. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded that the realm of cybersecurity is a constantly shifting landscape. From the significant security breach in Rhode Island's RIBridges System to the theft of 17 million patient records from three hospitals, it's clear that the need for robust cybersecurity measures is more critical than ever. We've also seen how data breaches can expose personal information, leading to potential identity theft and financial fraud. The recent data breach at SRP Federal Credit Union is a stark reminder of the potential risks involved. On the research front, we've seen how hackers are not only targeting security professionals but also other cybercriminals. The theft of 390,000 WordPress credentials from other hackers is a clear indication of the escalating cyber warfare.

In the face of these challenges, we must remain vigilant and proactive. It's crucial to stay informed about the latest threats and security measures.

That's why we encourage you to share Secret CISO with your friends and colleagues.

Together, we can build a safer digital world. Remember, knowledge is power, and in the world of cybersecurity, it's our strongest defense. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.