Hello Secret CISO readers, In today's issue, we're diving into the world of data breaches and cybersecurity. We're starting off with a conversation with a self-proclaimed data breach watchdog and activist, who shares insights into the current state of data breaches and leaks. Next, we're looking at the best cybersecurity practices in a post-NPD breach world, as shared by Damon Fleury, the Chief Product Officer of SpyCloud. We'll also discuss the recent phishing attack on the Illinois Department of Human Services that impacted 1.1 million customers.

We'll also touch on the most-read stories of 2024, including the data breach at Change Healthcare's network by the BlackCat/ALPHV ransomware group. In addition, we'll discuss the potential data breach that put McDonald's delivery customers at risk. We'll also delve into the role of phishing and social engineering in data breaches, as shared by cybersecurity specialist Isaiah G. Ogun. Plus, we'll discuss the recent fine imposed on OpenAI by Italy's Privacy Watchdog for violations in collecting users' personal data. Lastly, we'll look at the state of security in 2024, major cyber-attacks that shook India this year, and the impact of data security in tax and advisory services.

Stay tuned for these stories and more in today's issue of Secret CISO.

Data Breaches

1. Illinois Department of Human Services Phishing Attack: A phishing attack on the Illinois Department of Human Services has impacted 1.1 million customers, exposing sensitive data. The incident was determined to be a reportable data breach on May 3, 2024. Source: HIPAA Journal
2. Change Healthcare Data Breach: On Feb. 11, 2024, an affiliate of the BlackCat/ALPHV ransomware group breached Change Healthcare's network, spending nine days within the system. The breach was one of the most-read stories of 2024. Source: Fierce Healthcare
3. McDonalds Delivery Customers Data Breach: McDonalds delivery customers were put at risk by a potential data breach discovered in June 2024. The vulnerabilities were fixed by September, and no threat actors are believed to have exploited the flaw. Source: TechRadar
4. BU Framingham Heart Study Participants Data Breach: Hackers obtained the data of Boston University's Framingham Heart Study participants. Other data breaches were also announced by Rumpke Consolidated Companies, OrthopedicsNY, and IU Health. Source: The HIPAA Journal
5. Irish DPC Fines Meta €251m Over 2018 Data Breach: The Irish Data Protection Commission has fined Meta €251m over a 2018 data breach that affected 3 million EU users. The company had notified the authority about the data security incident and promptly took corrective measures. Source: TEISS

Security Research

1. FG Commits N180bn to Agric Varsities, Research Institutes in 2025: The Federal Ministry of Agriculture and Food Security in Nigeria has proposed a budget of N180bn for the development of Federal Universities of Agriculture and research institutes in 2025. This move is aimed at enhancing food security and agricultural research in the country. Source: Punch Newspapers
2. Phishing Campaign Targets YouTube Creators with Fake Deals: CloudSEK's Threat Intelligence Research Team has discovered a phishing campaign that targets YouTube creators with fake sponsorship deals. The attackers exploit the creators' desire for brand partnerships to steal sensitive information. Source: SecurityBrief Asia
3. U.S. and Australia Seek Countermeasures Against China's Critical Material Ban: A report citing a researcher from Taiwan's Institute of National Defense and Security Research reveals that the U.S. and Australia are seeking countermeasures against China's ban on critical materials. China is the world's largest supplier of these materials, and the ban could have significant global impacts. Source: TrendForce
4. Bluesky Clouded by Scammers as Social Platform's Popularity Grows: Cybersecurity firm Sophos has reported an increase in scam activities on the social platform Bluesky as its popularity grows. The company is encouraging security researchers to help identify and mitigate these threats. Source: PYMNTS.com
5. Teens Using VPN to Cheat in Gorilla Tag are Unknowingly Selling Their Internet Connections: Security researchers have found that teenagers using VPNs to cheat in the game Gorilla Tag are unknowingly selling their internet connections. These proxy IP addresses have been linked to various cybercrimes, including DDoS attacks, phishing scams, and malicious botnets. Source: TechSpot

Top CVEs

1. CVE-2024-47864 - Home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C Buffer Overflow Vulnerability: These devices contain a buffer overflow vulnerability in the hidden debug function, allowing a remote unauthenticated attacker to gain access to the web console of the product. Source: vulners.com
2. CVE-2024-56378 - Poppler Out-of-Bounds Read Vulnerability: Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function, potentially leading to unauthorized information disclosure or system instability. Source: vulners.com
3. CVE-2024-12901 - FoxCMS up to 1.2 Critical Vulnerability: A critical vulnerability was found in FoxCMS up to 1.2, affecting an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization, allowing remote attacks. Source: vulners.com
4. CVE-2024-52321 - Multiple SHARP Routers Improper Authentication Vulnerability: These routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. Source: vulners.com
5. CVE-2024-12897 - Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 Critical Vulnerability: A critical vulnerability was found in these devices up to 20241222, affecting an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal, allowing remote attacks. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the conversation with the "Nam3L3ss" Watchdog to the latest data breaches and cybersecurity best practices, we hope you found this information valuable. Remember, in this digital age, staying informed is the first line of defense. If you found this newsletter helpful, please consider sharing it with your friends and colleagues.

Let's work together to create a safer digital world. Until next time, stay vigilant and keep your data secure. Remember, the world of cybersecurity is ever-evolving, and so are the threats. Stay tuned for tomorrow's edition of Secret CISO for more exclusive insights and updates. Stay safe out there!