Welcome to today's issue of Secret CISO, your daily dose of exclusive cybersecurity insights. Today, we're diving into a wave of data breaches and security incidents that have swept across various sectors. In Kerala, journalists are protesting against the seizure of a reporter's phone following a data breach report, highlighting the ongoing struggle between privacy and security.

Meanwhile, American Addiction Centers have suffered a significant data breach impacting 422,000 people, with the Rhysida ransomware gang claiming responsibility. In the healthcare sector, Ascension Health's ransomware attack has exposed the data of 5.6 million patients, underscoring the urgent need for enhanced security measures in the industry.

On a similar note, a data leak from Postman's publicly accessible workspaces could potentially lead to a massive hack, demonstrating the risks associated with cloud-based API development and testing. In the legal realm, a Russian-Israeli national faces a 41-count indictment for LockBit development, highlighting the global nature of cybercrime. Meanwhile, Marriott and Starwood have been ordered to implement a wide-ranging security program following data breaches, indicating the growing regulatory scrutiny on data security. In tech news, the 2025 NDAA has provided $3 billion funding for FCC's Rip-and-Replace Program, aiming to promote secure AI adoption and development. However, new data privacy trends are driving the growth of large cyber claims, suggesting that the road to secure data handling is still fraught with challenges.

Lastly, in a festive twist, we're sharing tips on how to avoid data leaks during the holiday season. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe and informed with Secret CISO.

Data Breaches

1. American Addiction Centers Data Breach: The American Addiction Centers suffered a data breach in November, impacting approximately 422,000 people. The Rhysida ransomware gang has claimed responsibility for the breach. Source: OODAloop
2. Ascension Health Ransomware Attack: Ascension Health was hit by a ransomware attack, exposing the data of 5.6 million patients. The recovery process has involved implementing enhanced security measures, including improved authentication protocols and network monitoring systems. Source: Mobile ID World
3. Postman Data Leak: Researchers uncovered a widespread and alarming trend involving data leaks from Postman, a widely used cloud-based API development and testing platform. Around 30,000 publicly accessible workspaces could potentially lead to a massive hack. Source: Cybersecurity News
4. Marriott and Starwood Security Program: Marriott and Starwood Hotels & Resorts are ordered to implement a comprehensive information security program to settle charges following data breaches. Source: iTnews
5. Colonial Surety Company Data Breach: Colonial Surety Company filed a notice of data breach with the Attorney General of Massachusetts after discovering a cybersecurity incident that occurred in May. Source: JD Supra

Security Research

1. Google And Microsoft Users Warned As New 2FA Bypass Attacks Reported: Security researchers have warned that the demise of the Rockstar 2FA exploit service isn't all good news, as new bypass attacks have been reported. This highlights the importance of continuous vigilance and adaptation in the cybersecurity landscape. Source: Forbes
2. Urgent New Gmail Security Warning For Billions As Attacks Continue: Research from the Palo Alto Networks Unit 42 security group has highlighted the use of innovative large language model adversarial AI tactics to protect against ongoing attacks. This underscores the role of AI in enhancing cybersecurity measures. Source: Forbes
3. AI development service Builder.ai exposed over 1TB of data on three million users: A significant data breach at Builder.ai has exposed over 1TB of data, including cost proposals, NDA agreements, invoices, and tax documents, affecting three million users. This incident emphasizes the critical need for robust data protection measures in AI development services. Source: Yahoo
4. AI Safety Fund issue RFP for cybersecurity research: The AI Safety Fund has issued an RFP for cybersecurity research, aiming to promote responsible development of frontier AI models and establish robust evaluation frameworks for security-related issues. This initiative highlights the growing focus on AI safety in the cybersecurity field. Source: Philanthropy News Digest
5. Hyperliquid bank loses $250 million due to North Korean hackers: Security researcher Metmask, Tay Monahan, reported that hackers linked to the Democratic People's Republic of Korea (DPRK) have caused a loss of $250 million to Hyperliquid bank. This incident underscores the increasing sophistication and impact of state-sponsored cyberattacks. Source: Binance Square

Top CVEs

1. CVE-2022-21505 - Linux Kernel IMA Appraisal Bypass: A vulnerability in the Linux kernel allows for bypassing of the IMA appraisal if used with the "ima_appraise=log" boot param. This can defeat lockdown with kexec on any machine when Secure Boot is disabled or unavailable, leading to potential confidentiality, integrity, and availability impacts. Source: CVE-2022-21505
2. CVE-2024-12746 - Amazon Redshift ODBC Driver SQL Injection: A SQL injection vulnerability in the Amazon Redshift ODBC Driver v2.1.5.0 allows users to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to a previous driver version. Source: CVE-2024-12746
3. CVE-2019-2483 - Oracle iStore Shopping Cart Vulnerability: A vulnerability in the Oracle iStore product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise Oracle iStore. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data. Source: CVE-2019-2483
4. CVE-2024-12745 - Amazon Redshift Python Connector SQL Injection: A SQL injection vulnerability in the Amazon Redshift Python Connector v2.1.4 allows users to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to a previous driver version. Source: CVE-2024-12745
5. CVE-2024-12744 - Amazon Redshift JDBC Driver SQL Injection: A SQL injection vulnerability in the Amazon Redshift JDBC Driver in v2.1.0.31 allows users to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to a previous driver version. Source: CVE-2024-12744

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the protest of journalists against the seizure of a reporter's phone over a data breach report, to the impact of a data breach on American Addiction Centers affecting 422,000 people. We've also touched on the alarming trend of data leaks from Postman, and the indictment of a Russian-Israeli national for LockBit development. In the world of AI, we've seen the establishment of an AI Security Center to promote secure AI adoption and the growth of large cyber claims due to new data privacy trends.

We've also highlighted the need for wide-ranging security programs in the hospitality industry, with Marriott and Starwood being ordered to implement comprehensive information security programs. Remember, staying informed is the first step in protecting your data and maintaining your privacy. Share this newsletter with your friends and colleagues to keep them in the loop. Stay safe, stay secure, and see you in the next edition of Secret CISO.