Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we delve into a series of data breaches and ransomware attacks that have left organizations scrambling to secure their systems.

Deloitte, a global professional services network, is in the spotlight after a ransomware group claimed to have stolen their data. Meanwhile, Massachusetts' Anna Jaques Hospital is notifying over 316,000 patients of a data breach that occurred a year ago, exposing personal information and potentially putting their security at risk. In another shocking revelation, a data leak has exposed prison blueprints, prompting security alerts over potential jailbreaks and smuggling. This incident underscores the urgent need for robust cybersecurity measures in all sectors, including government institutions.

In response to these threats, DarkOwl and 3B Data Security are partnering to strengthen their cybersecurity offerings. However, even as these companies ramp up their defenses, the North Tyneside Council in the UK is apologizing for a data breach that disclosed the details of 143 disabled children. As we look to the future, experts predict a new era of efficiency and security in frontline workforce tech by 2025.

However, the rise in attacks targeting mobile data, as evidenced by a recent Chinese hacking campaign, highlights the need for enhanced security measures. In the realm of AI, the EU Cyber Resilience Act aims to enhance digital security by setting baseline requirements for the security of connected products. Meanwhile, financial institutions are doubling down on checks for tech partners following a massive data breach at regulatory technology firm Signzy.

Lastly, we explore the world of cybersecurity research, where researchers have uncovered prompt injection vulnerabilities in DeepSeek and Claude AI. In addition, a botnet named Socks5Systemz is powering an illegal proxy service with over 85,000 hacked devices. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity.

Data Breaches

1. Deloitte Responds After Ransomware Group Claims Data Theft: Deloitte, one of the world's largest accounting organizations, has responded to claims by a ransomware group that it has stolen sensitive data. The full extent of the breach is not yet known. Source: SecurityWeek
2. Anna Jaques Hospital Data Breach Impacts 316,000 People: Anna Jaques Hospital has disclosed a data breach that has affected over 316,000 individuals. The breach, which occurred a year ago, compromised personal information of the victims. Source: SecurityWeek
3. Data Leak Exposes Prison Blueprints: A significant data leak has exposed the blueprints of prisons, prompting security alerts over potential jailbreaks and smuggling. The leak could also expose vulnerabilities in security systems installed on internal fences. Source: CPO Magazine
4. North Tyneside Council Apologises for Sensitive Data Breach: North Tyneside Council in the UK has issued an apology following a data breach that disclosed the details of 143 disabled children. The council is taking steps to prevent such incidents in the future. Source: SC Magazine UK
5. Signzy Data Breach Leaks Customer Data of Financial Institutions: Regulatory technology firm Signzy has suffered a massive data breach, resulting in the leak of customer data from various financial institutions. The extent of the breach is still under investigation. Source: The Economic Times

Security Research

1. Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI: Researchers have discovered a significant security flaw in the DeepSeek AI chatbot. If exploited, this vulnerability could have serious implications for user data security. The flaw has since been patched. Source: The Hacker News
2. Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices: A security research team has revealed that the Socks5Systemz botnet is powering an illegal proxy service with over 85,000 hacked devices. This discovery highlights the increasing sophistication of cyber threats. Source: The Hacker News
3. The AI Act National Security Exception: The EU-funded security research includes civil security, such as terrorism and cybersecurity. The AI Act's national security exception is a significant part of this research, highlighting the importance of AI in maintaining national security. Source: Verfassungsblog
4. Why women last just 4 years in cyber security: A new report from RMIT University's Centre for Cyber Security Research and Innovation (CCSRI) reveals that women typically leave the cyber security workforce after just four years. This finding underscores the need for greater gender diversity in the field. Source: Information Age | ACS
5. Capt Waredi Enisuoh Bags PhD Degree, As Tantita Sets to Harness $320m Carbon Credits: Capt Waredi, a maritime and security expert, has announced that Tantita Security Services is set to harness $320m in carbon credits. This initiative represents a significant advancement in the intersection of security and environmental sustainability. Source: Daily Trend

Top CVEs

1. Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress (CVE-2023-41953): This issue affects ProfilePress versions from n/a through... and allows unauthorized access due to incorrectly configured access control security levels. Source: vulners.com
2. Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 (CVE-2023-47838): This issue affects Conditional Fields for Contact Form 7 versions from n/a through... and allows unauthorized access due to incorrectly configured access control security levels. Source: vulners.com
3. Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API (CVE-2023-47871): This issue affects Contact Form to Any API versions from n/a through... and allows unauthorized access due to incorrectly configured access control security levels. Source: vulners.com
4. Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps (CVE-2023-48277): This issue affects Super Progressive Web Apps versions from n/a through... and allows unauthorized access due to incorrectly configured access control security levels. Source: vulners.com
5. Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar (CVE-2023-47822): This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar versions from n/a through... and allows unauthorized access due to incorrectly configured access control security levels. Source: vulners.com

API Security

1. Improper Authorization Vulnerability in Apache Superset (CVE-2024-53949): A security flaw has been detected in Apache Superset versions 2.0.0 to 4.0.0, where lower privilege users can exploit the API when FAB_ADD_SECURITY_API is enabled. Users are advised to upgrade to version 4.1.0 to fix the issue. Source: vulners.com
2. Missing Authorization Vulnerability in Conversios.io (CVE-2023-51357): Conversios.io has a security vulnerability due to incorrectly configured access control security levels. The specifics of the affected versions are not provided. Source: vulners.com
3. Missing Authorization Vulnerability in IT Path Solutions Contact Form to Any API (CVE-2023-47871): IT Path Solutions' Contact Form to Any API has a security flaw due to incorrectly configured access control security levels. The specifics of the affected versions are not provided. Source: vulners.com
4. OS Command Injection Vulnerability in WeiYe-Jing datax-web 2.1.1 (CVE-2024-12358): A critical vulnerability has been found in WeiYe-Jing datax-web 2.1.1, affecting an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to OS command injection, and the exploit has been publicly disclosed. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From Deloitte's response to ransomware claims to the data breach impacting over 316,000 individuals at Anna Jaques Hospital, we've covered a lot of ground. We also delved into the potential security risks posed by a data leak exposing prison blueprints and the partnership between DarkOwl and 3B Data Security to bolster cybersecurity offerings. Remember, in this digital age, staying informed is your first line of defense.

Share this newsletter with your friends and colleagues to keep them in the loop too.

Let's continue to collaborate and learn from each other to create a safer cyber world. Until next time, stay safe and secure!