Good Morning! Welcome to today's issue of Secret CISO. We have a lot to cover today, so let's dive right in.

First up, the OCR has rescinded its 2022 guidance on gender-affirming care, sparking a discussion on HIPAA training and data breaches. Speaking of breaches, Senators Hassan, Banks, and Lankford are demanding accountability from PowerSchool following a major student data breach. In the corporate world, KemperSports is seeking to dismiss a group of lawsuits over an April data breach, while Federman & Sherwood are investigating Charleston Area Medical Center and Great Plains Bank Corporation for separate data breaches. In the tech sector, Apple has pulled its iPhone security feature in the UK, and a security incident response plan is being touted as a money-saver in case of a cyberattack.

Meanwhile, the Black Basta ransomware gang's internal chat logs have leaked online, providing valuable insights for security researchers. In the world of finance, Bybit Exchange lost $1.4 billion in a major security breach, causing Ethereum prices to fall. Lastly, in the healthcare sector, Change Healthcare's mega attack a year ago has taught valuable lessons on health data security, while a class action suit has been filed against Humboldt Independent Practice Association over alleged data security negligence.

Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe and secure!

Data Breaches

1. PowerSchool Data Breach: Senators Hassan, Banks, and Lankford are demanding accountability from PowerSchool following a major student data breach. The breach has put students and staff at risk, with sensitive data being stolen by malicious actors. Source: here.
2. KemperSports Data Breach: KemperSports, a golf course operator, is facing lawsuits from current and former employees over a data breach that occurred in April. The company is asking an Illinois federal judge to dismiss the suits. Source: here.
3. Charleston Area Medical Center Data Breach: On October 2, 2024, Charleston Area Medical Center discovered a data breach due to a phishing attack. A small number of email users were targeted in the attack. Source: here.
4. Great Plains Bank Corporation Data Breach: Great Plains Bank Corporation became the victim of a ransomware attack on November 21, 2024. The attack affected its network and some of its IT infrastructure. Source: here.
5. Bybit Exchange Security Breach: Bybit Exchange suffered a major security breach, resulting in a loss of $1.4 billion. The breach caused a significant drop in the Ethereum price. Source: here.

Security Research

1. Misconfigured DM Clinical Research Database Leaks Over 1.6M Records: A database belonging to DM Clinical Research was found to be misconfigured, leading to the leak of over 1.6 million records. The applications, designed to streamline tasks and enhance productivity, often operate without security controls, exposing organizations to risks. Source: SC Media
2. Downdate Tool Silently Downgrades Windows Security Patches: At Black Hat 2024, SafeBreach researcher Anon Leviev demonstrated a tool that could silently undo security patches installed on computers running Windows. The tool, now available to all, poses a significant security risk. Source: MSN
3. North Korea Likely Behind the $1.5bn Bybit Hack: Security researchers suggest that hackers affiliated with North Korea likely carried out the record $1.5 billion hack of crypto exchange Bybit. This marks one of the largest security breaches in the crypto industry. Source: DL News
4. Leaked Chat Logs Expose Inner Workings of Secretive Ransomware Group: Security firm Hudson Rock has fed chat transcripts into ChatGPT to create BlackBastaGPT, a resource to help researchers analyze the inner workings of a secretive ransomware group. This provides valuable insights into the tactics and strategies of cybercriminals. Source: Ars Technica
5. Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection: Recent developments have unveiled a previously unknown threat activity cluster that has leveraged a vulnerability in Check Point's security framework. The research provides insights into Shadow Pad and NailaoLocker, and how to protect against them. Source: Check Point

Top CVEs

1. CVE-2025-25770 - Wangmarket v4.10 to v5.0 CSRF Vulnerability: Wangmarket versions 4.10 to 5.0 have a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to make unauthorized changes. Source: CVE-2025-25770
2. CVE-2025-25505 - Tenda AC6 Buffer Overflow Vulnerability: Tenda AC6 15.03.05.16_multi is vulnerable to a Buffer Overflow attack, which could allow an attacker to execute arbitrary code. Source: CVE-2025-25505
3. CVE-2025-25767 - MRCMS v3.1.2 Privilege Escalation Vulnerability: MRCMS v3.1.2 has a privilege escalation vulnerability that could allow an attacker to delete users arbitrarily. Source: CVE-2025-25767
4. CVE-2025-25604 - Totolink X5000R Command Injection Vulnerability: Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection, which could allow an attacker to execute arbitrary commands. Source: CVE-2025-25604
5. CVE-2025-25875 - ITSourcecode Simple ChatBox SQL Injection Vulnerability: A vulnerability in ITSourcecode Simple ChatBox up to version 1.0 could allow an attacker to use SQL injection to obtain sensitive information. Source: CVE-2025-25875

API Security

1. Leantime Stored Cross-Site Scripting (XSS) Vulnerability: Leantime's API key generation process has a stored cross-site scripting (XSS) vulnerability. A low-privileged user can create an API key with an XSS payload, which triggers when an admin visits the Company page, leading to unauthorized actions performed from the admin account. Source: Vulners
2. CVE-2025-1538 - D-Link DAP-1320 Vulnerability: A critical vulnerability has been found in D-Link DAP-1320 1.00. The function set_ws_action of the file /dws/api/ is affected, leading to a heap-based buffer overflow. The attack can be launched remotely and the exploit has been publicly disclosed. This vulnerability only affects products that are no longer supported by the manufacturer. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the OCR's recent decision on gender affirming care to the latest data breaches affecting PowerSchool, KemperSports, and more. We've also delved into the importance of regular HIPAA training and the ongoing investigations into data breaches at Charleston Area Medical Center and Great Plains Bank Corporation. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure.

If you found today's newsletter helpful, don't keep it to yourself. Share it with your colleagues, friends, and anyone else who could benefit from this information.

Join us again tomorrow as we continue to navigate the ever-evolving landscape of technical security. Until then, stay safe and secure.