Welcome to today's issue of Secret CISO, your daily dose of cybersecurity updates. Today, we're diving into a series of data breaches that have impacted various sectors, from healthcare to insurance.

First up, Equifax customers affected by the 2017 data breach may be eligible for additional compensation, so check your junk mail. Meanwhile, in Germany, a court has provided guidance on non-material damage for loss of data. In the healthcare sector, Atrium Health discovered the historic use of tracking technologies on its patient portal, but assured that no Social Security numbers or financial information were involved. However, a data breach at the same institution has affected over 585,000 patients.

Marshall & Melhorn LLC has agreed to an $800,000 class action lawsuit settlement over a data breach, and HDFC Life Insurance is dealing with a massive data breach that has exposed the personal details of up to 1.6 crore customers. In other news, a Florida healthcare provider is facing a $1.19 million HIPAA penalty following a data breach, and the Security Summit is urging businesses to update their digital security to protect against identity theft. We also cover a series of cyberattacks on gastroenterology, cardiology, and nursing care providers, and a data breach at Chemonics International that has impacted over 260,000 individuals.

Stay tuned for more updates and remember, knowledge is the key to cybersecurity. Stay informed, stay secure.

Data Breaches

1. Equifax Data Breach Compensation: Customers affected by the Equifax credit monitoring agency's 2017 data breach may be eligible for additional compensation. The company is urging customers to check their junk mail for notifications regarding this matter. Source: NBC4
2. German Court on Data Breach Actions: The Bundesgerichtshof, the highest German court for civil law, has provided guidance on non-material damage for loss of control over personal data. This ruling could set a precedent for future data breach cases. Source: Lexology
3. Atrium Health Data Breach: Atrium Health's patient portal data breach may have exposed 585,959 patients' information to Big Tech companies. However, the company has stated that no Social Security numbers or financial information were involved. Source: Becker's Hospital Review
4. HDFC Life Insurance Data Breach: A massive data breach has exposed the personal details of up to 1.6 crore customers of HDFC Life Insurance. The information is reportedly being sold on the Dark Web. Source: News18
5. Florida Healthcare Provider HIPAA Penalty: A Florida healthcare provider is facing a $1.19 million penalty from Health and Human Services (HHS) following a data breach caused by an independent contractor. This case highlights the importance of data security in the healthcare sector. Source: National Law Review

Security Research

1. NSRI's National Security R&D Portfolio Reaches $293M, Spans 65 Active Projects: The National Strategic Research Institute (NSRI) at the University of Nebraska (NU) System is leading the way in innovative national security research with a portfolio that has reached $293 million and spans 65 active projects. Source: unomaha.edu
2. Mitel MiCollab VoIP Software: Zero-Day Vulnerability Alert: Security researchers have discovered a zero-day vulnerability in the widely used VoIP telephony software, Mitel MiCollab. The vulnerability is a cause for concern as it exposes systems to unauthorized file and admin access. Source: govinfosecurity.com and thehackernews.com
3. USB-C cable CT scan reveals sinister active electronics: Security researcher Mike Grover has created a pen testing cable that reveals sinister active electronics within USB-C cables. This discovery highlights potential vulnerabilities in commonly used tech hardware. Source: tomshardware.com
4. Google DeepMind boffins build a 'better' weather model: Researchers at Google's DeepMind have developed a new weather model that is making a strong argument for LLMs in security research. This advancement in AI technology could have significant implications for security systems. Source: theregister.com
5. Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers: Security researchers have uncovered a four-month-long cyberattack on a U.S. firm, believed to be conducted by Chinese hackers. This discovery highlights the ongoing threat of state-sponsored cyberattacks. Source: thehackernews.com

Top CVEs

1. CVE-2018-9439: A potential use-after-free vulnerability in __unregister_prot_hook and packet_release of af_packet.c could lead to local privilege escalation. No user interaction is required. Source: CVE-2018-9439
2. CVE-2018-9416: A possible memory corruption in sg_remove_scat of scsi/sg.c could lead to local privilege escalation. No user interaction is required. Source: CVE-2018-9416
3. CVE-2018-9463: A potential out of bounds write in sw49408_irq_runtime_engine_debug of touch_sw49408.c could lead to local privilege escalation. No user interaction is required. Source: CVE-2018-9463
4. CVE-2018-9402: A buffer overwrite vulnerability in multiple functions of gl_proc.c could lead to privilege escalation. Source: CVE-2018-9402
5. CVE-2024-53130: A null pointer dereference in nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint could lead to a general protection fault when KASAN is enabled. Source: CVE-2024-53130

API Security

1. Directus API Vulnerability (CVE-2024-54128): Directus, a real-time API and App dashboard, has a vulnerability in its Comment feature. The filter designed to prevent users from adding restricted characters operates on the client-side, which can be bypassed, making the application vulnerable to HTML injection attacks. Source: vulners.com
2. Apache Hive Metastore Vulnerability (CVE-2022-41137): Apache Hive Metastore (HMS) uses an unsafe method when filtering and fetching partitions, which can lead to Remote Code Execution (RCE). This vulnerability can only be exploited by authenticated users/clients that have successfully established a connection to the Metastore. Source: vulners.com
3. Exploit for Android System Vulnerability (CVE-2024-31317): A vulnerability in the Android system allows for user privilege escalation. The exploit requires initial user permissions and is therefore somewhat limited in its scope. However, when combined with other vulnerabilities or techniques, it can be quite effective. Source: vulners.com
4. Dependency-Track Vulnerability (CVE-2024-54002): Dependency-Track, a Component Analysis platform, has a vulnerability in its login request endpoint. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. This issue has been fixed in the latest version of Dependency-Track. Source: vulners.com
5. Improper Restriction of XML External Entity Reference in Adobe Commerce (CVE-2024-34102): A utility for Magento 2 encryption key rotation and management has been released to help victims of CVE-2024-34102, also known as Cosmic Sting. After applying security patches, users need to perform a key rotation to completely deny the attacker's Admin level WebAPI access. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates insightful and useful in your ongoing efforts to keep your systems secure. Remember, the digital world is constantly evolving, and so are the threats that come with it. Stay vigilant, stay informed, and most importantly, stay secure.

Don't forget to check your junk mail, you never know what important information might be lurking there. And remember, security is a team sport. Share this newsletter with your colleagues and friends, and help them stay one step ahead of the cyber threats. Stay safe and see you tomorrow for more exclusive updates.