Welcome to today's edition of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we delve into the recent data breach at Atrium Health, which impacted patients who used the "MyAtriumHealth" and "MyCarolinas" portals between January 2015 and July 2019. Atrium has since apologized for the incident, but the breach serves as a stark reminder of the importance of robust data security measures. In other news, BigID has announced the launch of Data Activity Monitoring to extend DDR, detect malicious actors, and strengthen data security posture.

This development is a significant step forward in data security and privacy, especially in the face of increasing third-party access risks. We also take a look at the recent data breaches affecting Colonial Behavioral Health and Veterans Health Administration patients, highlighting the urgent need for improved security measures. In the world of cybersecurity, Upwind has raised $100 million to enhance its runtime and AI-powered cloud security platform, while new rules proposed by the Consumer Financial Protection Bureau could ban data brokers from selling your social security number.

Finally, we explore the emerging cybersecurity threats that may come from unexpected sources, such as AI-savvy employees and even teenagers. Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the ever-evolving world of cybersecurity.

Data Breaches

1. Atrium Health Data Breach: Atrium Health has issued an apology to its patients following a data breach that impacted users of the "MyAtriumHealth" and "MyCarolinas" portals between January 2015 and July 2019. The breach exposed sensitive patient information. Source: WCNC
2. Colonial Behavioral Health & Veterans Health Administration Data Breach: A ransomware attack on Colonial Behavioral Health and Veterans Health Administration led to the exposure of sensitive patient data, including social security numbers, driver's license numbers, and clinical information. Source: HIPAA Journal
3. Experian Global Data Breach: Experian Global's Data Breach Resolution service has highlighted the increasing threat of cybersecurity attacks from unexpected sources, such as teenagers and AI-savvy employees. The service offers international resources for companies impacted by a security incident. Source: Business Wire
4. Data Brokers and Social Security Numbers: A new rule proposed by the Consumer Financial Protection Bureau could ban data brokers from selling social security numbers. This move is aimed at ensuring data brokers comply with the Fair Credit Reporting Act. Source: The Verge
5. Yahoo! and Rogers Data Breach: Customers of Yahoo! and Rogers have until December 27 to claim up to $375 cash from data breaches. Eligible class members can claim up to $125 for each data breach. Source: Yahoo Finance

Security Research

1. Anticipating Change: Key Cybersecurity Trends To Watch In 2025: Principal security researcher at Huntress, John Hammond, predicts that infostealer malware will replace ransomware as the primary cybersecurity threat by 2025. Source: Information Security Buzz
2. Horns & Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads: Security researcher Artem Ushkov reveals a new campaign that uses fake emails and JavaScript payloads to deliver Remote Access Trojans (RATs). The malicious script files are disguised as requests and bids from potential customers. Source: The Hacker News
3. Ivanti Research Finds Phishing Tops List of Growing Cyber Threats, Fueled by GenAI: Ivanti's latest report highlights the rise of phishing as a major cyber threat, driven by the rapid advancement of AI technology. Source: Business Wire
4. South Sudan: Research Terms of Reference - Qualitative Food Security Assessment: A new research project aims to conduct a qualitative food security assessment in South Sudan, focusing on areas experiencing catastrophic hunger. Source: ReliefWeb
5. Stopovers signal Taiwan-US efforts to counter China: A security expert suggests that recent stopovers in Taiwan by US officials signal a joint effort to counter China's influence. The analysis is based on research from the government-funded Institute for National Defense and Security Research. Source: Taipei Times

Top CVEs

1. CVE-2024-10905: IdentityIQ versions prior to 8.4p2, 8.3p5, and 8.2p8 allow HTTP access to static content in the application directory that should be restricted. This could potentially lead to unauthorized access or information disclosure. Source: CVE-2024-10905.
2. CVE-2018-9414: In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, a missing bounds check could lead to an out of bounds stack write, potentially resulting in local privilege escalation. User interaction is not required for exploitation. Source: CVE-2018-9414.
3. CVE-2018-9380: In l2c_lcc_proc_pdu of l2c_fcr.cc, improper input validation could lead to an out of bounds write, potentially resulting in remote privilege escalation. User interaction is required for exploitation. Source: CVE-2018-9380.
4. CVE-2018-9449: In process_service_search_attr_rsp of sdp_discovery.cc, a missing bounds check could lead to an out of bound read, potentially resulting in local information disclosure. User interaction is not required for exploitation. Source: CVE-2018-9449.
5. CVE-2018-9429: In buildImageItemsIfPossible of ItemTable.cpp, uninitialized data could lead to an out of bound read, potentially resulting in information disclosure. User interaction is required for exploitation. Source: CVE-2018-9429.

API Security

1. Argo Workflows Access with Fake Token: Argo Workflows, when used in `client` mode, allows archived workflows to be retrieved with a fake or spoofed token via the GET Workflow endpoint. In `sso` mode, all archived workflows can be retrieved with a valid token. This issue arises due to the lack of authentication performed by the server on client tokens. The issue has been fixed in versions 3.5.7 and 3.5.8. Source: vulners.com.
2. AsyncHttpClient CookieStore Issue: The AsyncHttpClient (AHC) library's `CookieStore` silently replaces explicitly defined Cookies with any that have the same name from the cookie jar. This can result in one user's Cookie being used for another user's requests, leading to potential security issues. Source: vulners.com.
3. Ever Traduora Privilege Escalation: Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing. This vulnerability allows attackers to gain higher privileges and perform unauthorized actions. Source: vulners.com.
4. Ibexa Post-Install Breach with Varnish VCL: The Ibexa post-install platform is potentially vulnerable to the BREACH vulnerability due to the enabled compression of API and JSON messages in its Varnish VCL templates. This could allow secrets to be extracted through carefully crafted requests. The fix involves disabling compression in these templates. Source: vulners.com.
5. Python Package "zhmcclient" Clear Text Password Storage: The Python package "zhmcclient" stores password-like properties in clear text in its HMC and API logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named "zhmcclient.api" or "zhmcclient.hmc". The issue has been fixed in zhmcclient version 1.18.1. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we'd like to remind you that data security is a shared responsibility. The recent data breach at Atrium Health is a stark reminder of the importance of robust security measures. On a positive note, BigID's new Data Activity Monitoring tool is a step in the right direction, helping to detect malicious actors and strengthen data security posture.

However, the overlooked risk of third-party access to your data protection plan is still a significant concern. We also note the impact of the Colonial Behavioral Health & Veterans Health Administration data breach, affecting sensitive patient information. In the face of emerging cybersecurity threats, companies like Upwind are stepping up their game, raising significant funding to enhance their security platforms. But remember, even as technology advances, human vigilance remains crucial. We hope you found today's insights valuable.

Please share this newsletter with your colleagues and friends to help them stay informed and prepared. Remember, in the world of cybersecurity, knowledge is your best defense. Stay safe and see you in the next edition of Secret CISO.