Secret CISO 3/11: Equilend Attack, Roku Breaches, FCC Rules & AI Security Plan Unveiled
Welcome to today's edition of Secret CISO, your daily dose of cybersecurity updates. Today, we're diving into a series of data breaches and security lapses that have left companies scrambling and regulators on high alert.
First up, we have New York-based securities lending platform EquiLend confirming a ransomware attack that resulted in stolen employee data. Meanwhile, Roku has taken action by canceling unauthorized subscriptions and providing refunds for 15k breached accounts. In regulatory news, the FCC is implementing new data breach reporting rules that will require companies to sharpen their compliance efforts. On the other side of the pond, the Italian data protection authority has slapped UniCredit with a hefty $3M fine over data breach GDPR lapses. We also have major data breaches reported by Eastern Radiologists and labor union UNITE HERE, affecting a staggering 1,680,000 individuals. In the realm of ransomware attacks, a recent TeamCity vulnerability has been exploited, leading to data breaches and fraud. We'll also be discussing the release of new cloud security guides by CISA and NSA, and the lessons learned from three API security breaches. Finally, we'll touch on the topic of identity theft protection for faculty, staff, and retirees introduced by UC, and a data breach victim's claim that Washington National's disclosure was too vague.
Stay tuned for more updates on these stories and more in today's Secret CISO newsletter. Stay safe, stay informed.
Data Breaches
Equilend Employee Data Breach
Equilend, a New York-based securities lending platform, confirmed that employee data was stolen in a ransomware attack. The company has sent data breach notification letters to its employees. Source: Bleeping Computer
Roku Account Breach
Roku has identified and cancelled unauthorized subscriptions for 15,000 breached accounts. The security team has forced password resets and is investigating the account activity. Source: The Record Media
Apria Healthcare Data Breach
Indiana's Attorney General has sued Apria Healthcare for a data breach that violated HIPAA regulations. The details of the breach and its impact are yet to be disclosed. Source: JDSupra
Eastern Radiologists and UNITE HERE Data Breaches
Major data breaches have been reported by Eastern Radiologists, Inc. in North Carolina and the New York-based labor union, UNITE HERE, affecting 1,680,000 individuals. The nature and extent of the breaches are currently under investigation. Source: HIPAA Journal
UniCredit Data Breach
The Italian data protection authority has fined UniCredit $3 million for alleged violations of the General Data Protection Regulation (GDPR) in relation to a data breach. The specifics of the breach and the GDPR violations are yet to be revealed. Source: Compliance Week
Security Research
Park City School District Cybersecurity Breach
In December 2023, security researcher Jeremiah Fowler discovered that Raptor had exposed 827 GB of sensitive data through an unsecured database. This breach has led to a significant impact on the security of the school district's data. Source: ParkRecord.com
VR Headsets Hacking
Researchers at the University of Chicago have found a security loophole in VR headsets that can be exploited for an Inception-style attack. This discovery has raised concerns about the security of these increasingly popular devices. Source: MIT Technology Review
Magnet Goblin Exploits Ivanti Vulnerabilities
Security researchers have identified a trend where 1-day vulnerabilities are being exploited, including two in Ivanti Connect Secure VPN. This discovery has highlighted the need for more robust security measures in VPN services. Source: Infosecurity Magazine
Gladstone.AI's AI Action Plan for US National Security
Gladstone.AI has announced the first-ever AI action plan for US national security, which includes interim measures, early warnings, contingency planning, and investments in AI safety and security research. This plan has been commissioned by the US State Department and is expected to significantly impact national security. Source: PR Newswire
Exploitation of JetBrains' TeamCity Security Flaws
Researchers from cybersecurity vendor GuidePoint Security have found that the operators behind the BianLian ransomware are exploiting security flaws in JetBrains' TeamCity CI/CD. This discovery has raised concerns about the security of JetBrains' software. Source: Security Boulevard
Top CVEs
CVE-2024-0039
A missing bounds check in att_protocol.cc could lead to a possible out of bounds write and remote code execution. No additional execution privileges or user interaction needed. Source: CVE-2024-0039
CVE-2024-0044
In PackageInstallerService.java, improper input validation could lead to local escalation of privilege. No additional execution privileges or user interaction needed. Source: CVE-2024-0044
CVE-2024-23717
A possible keystroke injection due to improper input validation in btm_sec.cc could lead to remote escalation of privilege. No additional execution privileges or user interaction needed. Source: CVE-2024-23717
CVE-2024-0050
A missing validation check in SoftVideoDecoderOMXComponent.cpp could lead to a possible out of bounds write and a local non-security issue. No additional execution privileges or user interaction needed. Source: CVE-2024-0050
CVE-2024-0048
Incorrect handling of null responses in AccountManagerService.java could lead to local escalation of privilege. No additional execution privileges or user interaction needed. Source: CVE-2024-0048
CISO's jobs
Field Chief Information Security Officer (CISO), World Wide Technology, New Home, MO (On-site)
This position at World Wide Technology offers a dynamic opportunity for security leaders to impact IT strategies across various industries. As a Field CISO, the role demands comprehensive security knowledge and the ability to adapt strategies to client needs. The on-site nature in New Home, MO, emphasizes the importance of direct engagement with teams and stakeholders, ensuring tailored security solutions that align with specific organizational goals. The inclusion of a 401(k) highlights the company's commitment to long-term employee well-being.
Read more: https://www.linkedin.com/jobs/view/3846523067
Chief Information Security Officer (CISO), Bally Sports, Fairfield County, CT (On-site)
This role presents a unique opportunity to lead cybersecurity in the sports broadcasting industry, protecting sensitive data and ensuring the integrity of broadcasting services. The CISO at Bally Sports will face unique challenges related to media, intellectual property, and live event security, making it a distinct and exciting role. Being on-site in Fairfield County, CT, allows for close collaboration with the broadcasting and IT teams to develop comprehensive security strategies.
Read more: https://www.linkedin.com/jobs/view/3832458006
Program Chief Information Security Officer (CISO) IV, ManTech, Glen Burnie, MD (On-site)
This position stands out due to its focus on government and defense contracting, requiring top-level security clearance and a deep understanding of federal security regulations. The Program CISO at ManTech will oversee the security of critical national defense programs, making it a highly impactful and responsible role. The on-site requirement underscores the importance of direct involvement in secure environments and classified projects.
Read more: https://www.linkedin.com/jobs/view/3781146309
Chief Information Security Officer (CISO), Ensunet Technology Group, Alpharetta, GA (On-site)
This role is pivotal within the tech consulting sphere, offering the chance to shape cybersecurity postures for a diverse range of clients. The CISO at Ensunet Technology Group will not only lead internal security efforts but also guide client organizations in developing robust security frameworks. The on-site work environment fosters a collaborative setting for strategy development and client engagement, crucial for the consultancy’s success.
Read more: https://www.linkedin.com/jobs/view/3802267794
CISO - Executive Advisory / Remote - Must reside in Phoenix, AZ, EVOTEK, Phoenix, AZ
This remote role is designed for seasoned security leaders offering strategic advisory services, making it ideal for those seeking flexibility without sacrificing impact. The CISO at EVOTEK will provide high-level security consulting across various sectors, influencing cybersecurity practices at a strategic level. While the position is remote, residing in Phoenix, AZ, allows for direct engagement with local clients and the community, bridging the gap between remote advisement and on-the-ground needs.
Read more: https://www.linkedin.com/jobs/view/3844321055
Final Words
As we wrap up today's edition of the Secret CISO newsletter, we're reminded of the ever-evolving landscape of cybersecurity. From Equilend's ransomware attack to Roku's proactive response to breached accounts, it's clear that no organization is immune to the threat of cyberattacks. In the face of new FCC data breach rules and major breaches affecting millions of individuals, it's more important than ever to stay informed and vigilant. We hope that our daily updates help you navigate this complex world and protect your organization's valuable data. Remember, cybersecurity isn't just a concern for IT departments - it's a shared responsibility. So, don't keep this information to yourself. Share this newsletter with your colleagues and friends, and let's work together to create a safer digital world
. Stay safe and see you tomorrow with more updates from the cybersecurity frontlines.