Secret CISO #13: France's Mega Breach, Ransomware's Billion-Dollar Toll, and Global Privacy Alarms
Welcome back to the Secret CISO weekly newsletter! After a 9-month hiatus, we're thrilled to reconnect with our dedicated readers and the cybersecurity community. It's been a time of reflection and rejuvenation, and we're eager to dive back into the dynamic world of cybersecurity with you.
This week, we've curated an exciting lineup of content, featuring the most interesting and impactful developments in the cybersecurity landscape. From the largest data breach in France's history affecting 33 million individuals, to innovative evasion techniques by the new HijackLoader variant, and the serious implications of unethical hacking leading to a $2.5 million fraud case against Apple, we've got you covered.
Additionally, we spotlight the latest CISO job opportunities from prestigious organizations like Hilton, Microsoft, and Entertainment Partners, highlighting the demand for visionary leaders in the fight against cyber threats.
It's great to be back, and we're committed to bringing you the insights, trends, and opportunities that matter most. Here's to continuing our journey together, staying informed, and leading the charge in securing our digital world. Welcome aboard, once again!
1. Data Breaches
Data of 33 Million People in France Stolen in Its Largest Ever Cyberattack
France experienced its most significant cybersecurity breach, affecting two health insurers and compromising the data of nearly half the French population. This historic breach includes sensitive information such as social security numbers, impacting around 33 million individuals. It underscores the urgent need for enhanced cybersecurity measures in the healthcare sector and highlights the growing scale of cyber threats.
Ransomware Payments Surpassed $1 Billion in 2023
Ransomware attacks continue to escalate, with payments exceeding $1 billion in 2023. This surge underscores the lucrative nature of ransomware for cybercriminals and the critical challenges organizations face in protecting their data. The financial implications for businesses are significant, emphasizing the importance of robust cybersecurity defenses and incident response plans.
Read more: https://www.securityweek.com/ransomware-payments-surpassed-1-billion-in-2023-analysis/
Ulez Fines Scandal: Italian Police 'Illegally Accessed' Thousands of EU Drivers' Data
The unauthorized access of EU drivers' data by Italian police raises alarming privacy and security concerns. If the data collection was unlawful, it represents a severe breach of trust and could have substantial reputational impacts. This incident highlights the importance of lawful data handling and the potential for misuse within public sector entities.
EMSI Class Action Alleges Data Breach Affected 54,000 Customers:
Electrostim Medical Services Inc. (EMSI) faces a class action lawsuit after a data breach compromised the personal information of 54,000 customers. This breach underscores the vulnerabilities in the healthcare and service industries and the devastating impact of data breaches on consumer trust and company reputation.
Connecticut College Says Data Breach Revealed Personal Info
Connecticut College's announcement of a data breach affecting personal information prompts a thorough forensic investigation with leading cybersecurity experts. This incident highlights the ongoing risks educational institutions face and the critical need for robust cybersecurity measures to protect sensitive personal data.
2. Top CVE
CVE-2024-0031
Out of Bounds Write in Bluetooth Stack (2024-02-01): This critical vulnerability in the Bluetooth stack's att_protocol.cc allows for a potential out of bounds write due to improper input validation, leading to remote code execution without requiring additional privileges or user interaction. This flaw poses a significant risk to devices relying on the affected Bluetooth stack, emphasizing the need for immediate patching to prevent unauthorized access and control.
Read more: https://vulners.com/cve/CVE-2024-0031
CVE-2023-46359
OS Command Injection in Hardy Barth cPH2 eCharge Ladestation (2024-02-05): An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation versions up to 1.87.0 enables unauthenticated remote attackers to execute arbitrary commands on the system. This severe security gap highlights the importance of securing IoT devices against remote exploitation, urging manufacturers to release patches and users to update their devices promptly.
CVE-2024-22012
Out of Bounds Write in Pixel/Android Bootloader (2024-02-06): A critical vulnerability in Pixel/Android's bootloader due to a missing bounds check allows for an out of bounds write, potentially leading to local privilege escalation without user interaction. Given the high severity and the bootloader's foundational role in device security, addressing this vulnerability is crucial to prevent unauthorized system access.
Read more: https://source.android.com/docs/security/bulletin/pixel/2024-02-01
CVE-2023-46159
Denial of Service in IBM Storage Ceph (2024-02-02): IBM Storage Ceph versions 5.3z1, 5.3z5, and 6.1z1 contain a vulnerability that could allow an authenticated user on the network to cause a denial of service in RGW. This vulnerability underscores the importance of secure network protocols and authentication mechanisms in preventing service disruptions within enterprise storage solutions.
Read more: https://www.ibm.com/support/pages/node/7112263
CVE-2024-23109
OS Command Injection in Fortinet FortiSIEM (2024-02-05): A critical OS command injection vulnerability in Fortinet FortiSIEM versions 6.4.0 through 7.1.1 allows attackers to execute unauthorized commands. This flaw highlights the ongoing risk of command injection attacks and the necessity for rigorous input validation and sanitation in security appliances to maintain the integrity and security of monitored networks and devices.
Read more: https://www.fortiguard.com/psirt/FG-IR-23-130
3. Security Research
New HijackLoader Variant Evades Detection, Enhances Persistence (SC Media)
A novel variant of HijackLoader has emerged, notable for its ability to evade detection while enhancing its persistence mechanisms. This development signals a sophisticated evolution in malware tactics, as highlighted by Keeper Security's experts and the Qualys Threat Research Unit. The innovation in evasion techniques underscores the arms race between cybersecurity professionals and cybercriminals, stressing the importance of adaptive and proactive security measures.
Read more: https://www.scmagazine.com/news/new-hijackloader-variant-evades-detection-enhances-persistence
Millions of Hacked Toothbrushes Could be Used in Cyber Attack, Researchers Warn
Security researchers have issued a warning about the potential for millions of internet-connected toothbrushes to be exploited in a large-scale cyber attack. This unconventional threat vector highlights the expanding attack surface provided by IoT devices and the creative methods attackers might employ, emphasizing the need for comprehensive security strategies that encompass all connected devices.
Read more: https://www.independent.co.uk/tech/toothbrush-hack-cyber-attack-botnet-b2492018.html
Cybersecurity Researcher Accused of Defrauding Apple: The Blurred Lines of Ethical Hacking
A cybersecurity researcher is charged with defrauding Apple of $2.5 million in gift cards and products, casting a spotlight on the ethical dilemmas and legal complexities surrounding security research. This case serves as a cautionary tale about the fine line between ethical hacking aimed at strengthening security and actions that cross into criminal territory, raising questions about the oversight and ethical frameworks guiding cybersecurity research.
Fintech Engineer Grounded by Crypto Fraud Caper
A fintech engineer and security researchers are implicated in a sophisticated four-month virtual gift card heist targeting a major tech company, revealing the vulnerabilities within digital payment systems and the ingenuity of cybercriminals in exploiting these gaps. This incident underscores the critical need for robust security measures and continuous monitoring to protect against increasingly sophisticated fraud schemes in the fintech sector.
Read more: https://www.theregister.com/2024/02/08/hydrogen_technology_engineer_convicted/
Akira, LockBit Actively Searching for Vulnerable Cisco ASA Devices
The Akira and LockBit ransomware groups are aggressively targeting vulnerable Cisco ASA SSL VPN devices by exploiting several older vulnerabilities. This concerted effort by well-known ransomware groups to exploit known vulnerabilities emphasizes the necessity for organizations to promptly apply security patches and conduct regular vulnerability assessments to fend off ransomware attacks, safeguarding their networks against intrusion and data theft.
Read more: https://www.helpnetsecurity.com/2024/02/08/ransomware-cisco-asa-vulnerabilities/
4. CISO Jobs
Chief Information Security Officer at Hilton
Join the prestigious Hilton team as the Chief Information Security Officer. Located in McLean, VA, this role calls for a visionary leader to oversee Hilton's global information security strategy and operations. Be part of a renowned hospitality brand, ensuring the security and integrity of data across its worldwide presence.
Apply: https://www.linkedin.com/jobs/view/3817898894
Director, Cybersecurity and Emerging Tech Policy at Microsoft
Microsoft offers an exciting opportunity for a Director in Cybersecurity and Emerging Tech Policy. This hybrid role based in Redmond, WA, involves shaping policies around cutting-edge technologies and cybersecurity. Benefit from a competitive salary range ($124.8K - $264K/yr) and contribute to the tech giant's leadership in innovation and security.
Apply: https://www.linkedin.com/jobs/view/3816814446
CISO, Cyber Security & IT Governance at Portland General Electric
Portland General Electric is searching for a CISO to lead Cyber Security & IT Governance in Tualatin, OR. Offering a salary between $175.9K and $326.7K/yr, plus medical benefits, this role is ideal for those looking to impact the energy sector's security posture significantly.
Apply: https://www.linkedin.com/jobs/view/3823897405
Entertainment Partners - CISO
Entertainment Partners seeks a Chief Information Security Officer in Burbank, CA. With a lucrative salary range ($300K - $375K/yr) and 401(k) benefits, this position is perfect for a security leader passionate about the entertainment industry and protecting its digital assets.
Apply: https://www.linkedin.com/jobs/view/3822592453
MSP/MSSP Channel Director Cyber Security SaaS Startup at Forte'-Talent Acquisition, LLC.
Embrace the startup spirit with Forte'-Talent Acquisition, LLC., offering a unique role for an MSP/MSSP Channel Director. This hybrid position in the New York City Metropolitan Area comes with an attractive salary ($280K - $400K/yr), targeting dynamic leaders ready to pioneer security solutions in the SaaS domain.
Apply: https://www.linkedin.com/jobs/view/3801470626
Final Words
Thank you for reading Secret CISO #13!
Your engagement and dedication to staying informed on the latest in cybersecurity are what drive us to curate and share these insights. If you found the content valuable, we encourage you to share this newsletter with friends and colleagues who share your passion for cybersecurity. As a token of our appreciation and to add a bit of fun to your digital security endeavors, we're sharing a digital gift with you – a cyber wombat! This quirky character symbolizes the agility and resilience needed in our digital defense efforts. Once again, thank you for your continued support, and don't forget to spread the word and the cyber wombat cheer!
Thank you again for your time and interest in our weekly newsletter!
Always with you in all the cyber challenges, Secret CISO Team.