Secret CISO 3/26: Unraveling the Web of Breaches - HHS, Dis-Chem, TransUnion, and More; Research Highlights on Malware and 2FA Bypass Attacks
Welcome to today's edition of the Secret CISO newsletter, where we bring you the latest updates in the world of cybersecurity. In today's headlines, the U.S. Department of Health and Human Services (HHS) is under investigation following a reported breach that led to the theft of $7.5M. Meanwhile, South Africa's Information Regulator has given Dis-Chem a pass, satisfied with the corrective actions taken following a data breach that could have led to a potential R10-million fine. In other news, TransUnion has been hit with an enforcement notice over multiple failings uncovered in a 2022 data breach. Pembina Memorial Hospital also reported a data breach, while a major credit bureau in South Africa faces an enforcement notice following a data breach on 18 March 2022. On the tech front, a cyberattack has led to an IT and email outage at a tech trade union, with some member data potentially compromised. Israel Post, however, has managed to patch a data breach without any sensitive data leakage. In a recent report by SpyCloud, it was revealed that 61% of data breaches in 2023 were malware-related. In retail news, discount retailer Giant Tiger confirmed a third-party breach that compromised customer data. In Australia, a Dentsu report revealed that the majority of Australians don't trust brands with their data, with 73% fearful of data breaches. AT&T, on the other hand, insists that none of its systems have been compromised despite claims of a data breach. In the world of sports, an alleged data breach at the England and Wales Cricket Board (ECB) has been claimed by 'IntelBroker', a hacker. In research news, security researchers at Oligo Security have reported that hackers have breached hundreds of AI servers. A new Gmail and M365 security warning has also been issued as a 2FA bypass attack has been confirmed. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed with Secret CISO.
Data Breaches
- Reported HHS breach leading to theft of $7.5M under investigation: The HHS is currently investigating a data breach that led to a theft of $7.5 million. The impacted systems contained CWU member information, but further investigation is still ongoing. Source: SC Magazine
- Dis-Chem avoids potential R10-million fine for data breach: South Africa's Information Regulator is satisfied that Dis-Chem has taken sufficient corrective actions following a data breach of roughly 3.6 million records. The company managed to avoid a potential R10-million fine. Source: MyBroadband
- Information regulator nails TransUnion for massive data breach in South Africa: TransUnion has received an enforcement notice from South Africa's Information Regulator over multiple failings uncovered in a 2022 data breach. The exact extent of the breach is still under investigation. Source: BusinessTech
- Data breach at Pembina Memorial Hospital: Pembina Memorial Hospital has experienced a data breach. The extent of the breach and the data involved are still under investigation. Source: Valley News Live
- Major credit bureau slapped with enforcement notice for data breach in South Africa: The Information Regulator has issued an enforcement notice to credit bureau TransUnion following a data breach on 18 March 2022. The extent of the breach and the data involved are still under investigation. Source: MyBroadband
Security Research
- Hackers Breached Hundreds Of Companies' AI Servers: Researchers from Oligo Security and Protect AI have disclosed that hackers have breached hundreds of AI servers across various companies. The extent of the damage and the identity of the hackers remain unknown. Source: Forbes
- New Gmail And M365 Security Warning As 2FA Bypass Attack Confirmed: The Sekoia Threat Detection & Research team has spotted a 2FA bypass attack on Gmail and M365. The attack, named Tycoon 2FA, poses a significant threat to user security. Source: Forbes
- Alarming: researchers can fingerprint and block eight out of ten top VPN providers: Researchers from the University of Michigan have found that they can fingerprint and block traffic from eight out of the top ten VPN providers. This discovery raises significant concerns about the security and privacy of VPN users. Source: CyberNews
- TA450 Hackers Uses Embedded Links in PDF Attachments to Attack Windows: Security researchers have discovered a new attack method used by TA450 hackers. The hackers embed malicious links in PDF attachments to launch attacks on Windows systems. Source: CyberSecurityNews
- WordPress Astra Theme Vulnerability Affects +1 Million Sites: Security researchers have identified a potential XSS vulnerability in the Astra WordPress theme, which has over one million installs. The vulnerability has been quietly patched. Source: Search Engine Journal
Top CVEs
- CVE-2022-45352: A missing authorization vulnerability has been identified in Muffingroup's Betheme, potentially allowing unauthorized access to sensitive data. The issue affects all versions of Betheme. Source: CVE-2022-45352.
- CVE-2022-45851: ShareThis Dashboard for Google Analytics is susceptible to a missing authorization vulnerability, potentially leading to unauthorized data access. The issue affects all versions of the dashboard. Source: CVE-2022-45851.
- CVE-2022-45349: Muffingroup's Betheme has another missing authorization vulnerability, which could lead to unauthorized data access. The issue affects all versions of Betheme. Source: CVE-2022-45349.
- CVE-2022-45356: A missing authorization vulnerability has been identified in Muffingroup's Betheme, potentially allowing unauthorized access to sensitive data. The issue affects all versions of Betheme. Source: CVE-2022-45356.
- CVE-2022-45351: Another missing authorization vulnerability has been found in Muffingroup's Betheme, potentially leading to unauthorized data access. The issue affects all versions of Betheme. Source: CVE-2022-45351.
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the HHS breach investigation to the potential fine evasion by Dis-Chem. We've also touched on the data breach at Pembina Memorial Hospital and the cyberattack on the CWU. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure. If you found today's newsletter helpful, don't keep it to yourself. Share it with your friends, colleagues, and anyone else who might benefit from staying in the loop on the latest in cybersecurity news. Until next time, keep your data safe and your systems secure.