Welcome to today's issue of Secret CISO. We're diving deep into the dark web, where stolen files from the recent RI Bridges data breach have surfaced. Governor Dan McKee has confirmed that at least some of the exposed information has been released on the dark web, raising concerns for Rhode Islanders.

In other news, Forward Bank has agreed to pay $1.185 million as part of a class action lawsuit settlement over a 2023 data breach. Meanwhile, Four-Faith routers have been exploited using a new flaw, highlighting the importance of robust security measures. We'll also be discussing how to protect your data from scammers and identity thieves, with practical advice from SooLeader.com. Plus, we'll look at the fallout from the DAP Health data breach and the steps being taken to protect highly sensitive health data for research. In legal news, Brightline has agreed to a $7 million settlement to resolve a class action data breach lawsuit, and the HHS has released a notice of a HIPAA Security Rule update.

Finally, we'll explore the latest research from security experts, including a deep dive into the risks of using free file conversion tools online and a look at the latest vulnerabilities discovered in various systems. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. RI Data Breach Nightmare: Stolen Files Hit the Dark Web: A significant data breach in Rhode Island has led to stolen files being posted on the dark web. State officials, including Governor Dan McKee, have addressed the public about the breach, which has exposed sensitive information. Source: Newport Buzz
2. $1.185M Forward Bank Data Breach Class Action Settlement: Forward Bank has agreed to pay $1.185 million as part of a class action lawsuit settlement following a 2023 data breach. The case underscores the financial implications of failing to prevent data breaches. Source: Top Class Actions
3. Four-Faith Routers Exploited Using New Flaw: A new flaw has been discovered in Four-Faith routers, leading to potential data breaches. The incident highlights the importance of regular security updates and vulnerability assessments. Source: GovInfoSecurity
4. DAP Health Sends Data Breach Letters Following Compromised Email System: DAP Health, Inc., along with its subsidiary Borrego Health, has filed a notice of data breach following a compromised email system. The breach underscores the importance of robust email security measures. Source: JD Supra
5. Brightline Agrees to $7 Million Settlement to Resolve Class Action Data Breach Lawsuit: Brightline has agreed to a $7 million settlement to resolve a class action lawsuit following a data breach that affected around 1 million individuals. The case highlights the potential financial repercussions of data breaches. Source: HIPAA Journal

Security Research

1. 38C3: BitLocker encryption of Windows 11 bypassed without opening the PC: Security researcher Thomas Lambertz demonstrated a method to bypass BitLocker encryption on Windows 11 without physically opening the PC. This discovery underscores the importance of continuous security testing and updates to protect against potential vulnerabilities. Source: heise online
2. Exposed Cloud Server Tracks 800,000 Volkswagen, Audi and Skoda EVs: Security researchers discovered that a cloud server tracking 800,000 Volkswagen, Audi, and Skoda electric vehicles was exposed. The incident highlights the importance of secure cloud storage and data protection measures. Source: Hackread
3. Protecting Highly Sensitive Health Data for Research: Security experts are working to provide strong security guidance and protections for highly sensitive health data used in cancer research. The initiative aims to make data protection seamless for researchers. Source: BankInfoSecurity
4. SquareX Researchers Uncover OAuth Vulnerability in Chrome Extensions Days Before Major Breach: Researchers at SquareX uncovered an OAuth vulnerability in Chrome extensions just days before a major breach. The discovery underscores the importance of proactive security research in preventing cyber attacks. Source: Cybersecurity News
5. Crypto thieves target victims by spreading malware via recruiting messages: Security expert Taylor Monahan warned that crypto thieves are targeting victims by spreading malware through recruiting messages. The warning highlights the importance of vigilance and security awareness in the crypto community. Source: Cybernews

Top CVEs

1. CVE-2024-13038 - Critical vulnerability in CodeAstro Simple Loan Management System 1.0: A critical vulnerability was found in CodeAstro Simple Loan Management System 1.0. The flaw lies in an unknown functionality of the file /index.php of the Login component. The manipulation of the 'email' argument leads to SQL injection. The attack can be launched remotely. Source: CVE-2024-13038
2. CVE-2024-13029 - Problematic vulnerability in Antabot White-Jotter up to 0.2.2: A vulnerability, classified as problematic, was found in Antabot White-Jotter up to 0.2.2. The flaw affects an unknown function of the file /admin/content/book of the Edit Book Handler component. The manipulation leads to server-side request forgery. The attack can be launched remotely. Source: CVE-2024-13029
3. CVE-2024-13030 - Critical vulnerability in D-Link DIR-823G 1.0.2B05_20181207: A critical vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. The issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the Web Management Interface component. The manipulation leads to improper access controls. The attack may be initiated remotely. Source: CVE-2024-13030
4. CVE-2024-10044 - SSRF vulnerability in lm-sys/fastchat: A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources. Source: CVE-2024-10044
5. CVE-2024-13028 - Problematic vulnerability in Antabot White-Jotter up to 0.2.2: A vulnerability, classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the 'username' argument leads to observable response discrepancy. The attack may be initiated remotely. Source: CVE-2024-13028

API Security

1. Simofa API Security Vulnerability: Simofa, a tool for automating static website building and deployment, had a design flaw in the RouteLoader class that made some API routes publicly accessible when they should require authentication. This vulnerability, identified as CVE-2024-56799, has been patched in version 0.2.7. Source: CVE-2024-56799
2. Firecrawl SSRF Vulnerability: Firecrawl, a web scraper, had a server-side request forgery (SSRF) vulnerability in versions prior to 1.1.1. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address, allowing exfiltration of local network resources through the API. This vulnerability, identified as CVE-2024-56800, has been patched. Source: CVE-2024-56800
3. Better Auth Open Redirect Vulnerability: Better Auth, an authentication library for TypeScript, had an open redirect vulnerability in the verify email endpoint of all versions prior to v1.1.6. This vulnerability, identified as CVE-2024-56734, could potentially allow attackers to redirect users to malicious websites. It has been patched in version 1.1.6. Source: CVE-2024-56734
4. free-one-api MD5 Hashing Vulnerability: free-one-api, a tool for accessing large language model reverse engineering libraries, used MD5 to hash passwords in versions up to and including 1.0.1. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. This vulnerability, identified as CVE-2024-56516, has not yet been patched. Source: CVE-2024-56516
5. Khoj IDOR Vulnerability: Khoj, a self-hostable artificial intelligence app, had an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint prior to version 1.29.10. This vulnerability, identified as CVE-2024-52294, allowed any authenticated user to manipulate other users' Stripe subscriptions by modifying the email parameter in the request. It has been fixed in version 1.29.10. Source: CVE-2024-52294

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the face of ever-evolving cyber threats. From the RI Data Breach Nightmare to the exploitation of Four-Faith routers, it's clear that no sector is immune to the risk of data breaches and cyberattacks.

We hope that the insights and updates we've shared today will help you stay one step ahead of potential threats. Remember, knowledge is power, and in the world of cybersecurity, it's your first line of defense. If you found today's newsletter helpful, please consider sharing it with your colleagues and friends.

Let's work together to create a safer digital world for everyone. Until next time, stay safe and stay informed.