Hello Secret CISO Subscribers, As we approach the end of the year, the cybersecurity landscape continues to evolve with new data breaches, class-action settlements, and security vulnerabilities. In today's issue, we delve into the Elekta and Northwestern Memorial Healthcare data breach that has led to a nearly $9 million settlement. If you qualify, you could net thousands of dollars. But hurry, the window to join is closing soon.

We also cover the dismissal of a lawsuit against Verisk Analytics over a data breach, and the impact of the American Addiction Centers data breach affecting over 422,000 people. In a major breach, Ascension's data breach has affected 5.6 million individuals, exposing sensitive data including social security numbers. On the ransomware front, Clop continues to make headlines, threatening 66 Cleo attack victims with a data leak. We also highlight the security bulletin released by Adobe addressing a vulnerability in ColdFusion, a web application server.

In the legal realm, the SAG-AFTRA health plan faces lawsuits over a data breach, and an electronic data security breach at a Milton long-term care home has been revealed. We also discuss the data security risk due to file-transfer software vulnerabilities and the data breach reported by SRP Federal Credit Union affecting more than 240,000 people.

Lastly, we bring you the latest research from security experts on various topics, including the rise of the hybrid botnet Androxgh0st, the vulnerability of the ChatGPT search tool, and the exposure of over 1TB of data on three million users by AI development service Builder.ai.

Data Breaches

1. Elekta and Northwestern Memorial Healthcare Data Breach Settlement: Elekta and Northwestern Memorial Healthcare have reached a nearly $9 million settlement over a data breach. Affected individuals could potentially receive thousands of dollars from the settlement. Source: CNET
2. American Addiction Centers Data Breach: The personal information of over 422,000 people was stolen in a data breach at American Addiction Centers. The extent of the impact is still being determined. Source: SecurityWeek
3. Ascension Data Breach: A data breach at Ascension has affected 5.6 million individuals. Cybercriminals accessed sensitive data about patients and employees, including social security numbers and birth dates. Source: Seehafer News
4. Clop Ransomware Data Leak: Clop ransomware has threatened 66 Cleo attack victims with a data leak. The data theft attack represents another major success for Clop, who leveraged a zero-day vulnerability. Source: Bleeping Computer
5. SRP Federal Credit Union Data Breach: A data breach at SRP Federal Credit Union has affected more than 240,000 people. The breach has left these individuals exposed to possible identity theft. Source: The Augusta Chronicle

Security Research

1. Hyperliquid Faces Record Outflows Amid North Korea Hack Allegations: Security researcher Taylor Monahan from MetaMask identified several blockchain addresses linked to North Korea, causing record outflows from Hyperliquid. The allegations have raised concerns about the security of blockchain technology. Source: Yahoo Finance
2. How Androxgh0st, the hybrid botnet, rose from Mozi's ashes: Security researchers have traced the rise of the hybrid botnet Androxgh0st from the remnants of the Mozi botnet. The new botnet presents a double-edged sword, highlighting the evolving nature of cyber threats. Source: The Register
3. Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts: Security researchers have discovered PyPI packages that are capable of stealing keystrokes and hijacking social accounts. The malware, named Zebo, is designed for surveillance, data exfiltration, and unauthorized control. Source: The Hacker News
4. AI development service Builder.ai exposed over 1TB of data on three million users: Security researcher Jeremiah Fowler discovered that Builder.ai, an AI development service, exposed over 1TB of data on three million users. The incident underscores the importance of password-protecting databases containing sensitive information. Source: TechRadar
5. ChatGPT search tool vulnerable to manipulation and deception, tests show: A security researcher has found that the ChatGPT search tool can return malicious code from websites it searches, making it vulnerable to manipulation and deception. The findings highlight the need for improved security measures in AI tools. Source: The Guardian

Top CVEs

1. CVE-2024-53961: ColdFusion versions 2023.11, 2021.17 and earlier are affected by a Path Traversal vulnerability that could lead to arbitrary file system read. This could lead to the disclosure of sensitive information or the manipulation of system files. Source: CVE-2024-53961
2. CVE-2024-9427: A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections. Source: CVE-2024-9427
3. CVE-2024-53240: In the Linux kernel, a vulnerability has been resolved: xen/netfront: fix crash when removing device. When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Source: CVE-2024-53240
4. CVE-2024-11896: The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Source: CVE-2024-11896
5. CVE-2024-41887: Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw. Source: CVE-2024-41887

API Security

1. Navidrome Stores JWT Secret in Plaintext in navidrome.db: Navidrome has been found to store its JWT secret in plaintext in the navidrome.db database file. This poses a significant security risk as anyone with access to the database file can retrieve the secret, potentially allowing them to forge valid tokens and impersonate users, including administrative accounts. Source: vulners.com
2. Unsound usages of `u8` type casting in spl-token-swap: The spl-token-swap library has been found to use unsafe public API unpack to cast u8 array to arbitrary types, potentially leading to undefined behaviors. Misaligned raw pointer dereference could occur, causing a panic. The further exploits of this bug are still unclear. Source: vulners.com
3. libafl has unsound usages of `core::slice::from_raw_parts_mut`: The libafl library has been found to break safety assumptions when using the unsafe API slice::from_raw_parts_mut. The pointer passed to from_raw_parts_mut is misaligned, which is unsound. This bug has been patched in version 0.11.2. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the ever-present threat of data breaches and the importance of staying vigilant. From the class-action settlement against Elekta and Northwestern Memorial Healthcare to the impacts of the American Addiction Centers data breach, it's clear that no sector is immune.

We also saw how Verisk Analytics managed to beat a negligence class action over a data breach, and how Clop ransomware continues to threaten victims with data leaks. On the brighter side, Adobe has addressed a security vulnerability in ColdFusion, showing that proactive measures are being taken to combat these threats. Remember, data security isn't just about protecting your own information, but also about safeguarding the data of those who trust you with theirs.

So, share this newsletter with your friends and colleagues to keep them in the loop. Stay safe, stay informed, and keep an eye out for tomorrow's edition of Secret CISO.