Welcome to today's edition of the Secret CISO newsletter. We have a lot to cover, so let's dive right in. First up, Affinity Health Services has announced a data breach affecting both employees and patients. The breach was discovered on March 18, 2024, and a notice has been filed with the Attorney General of Montana. In other news, Houser LLP has reported a data breach that impacted close to 700,000 individuals. The breach was discovered in May last year and a notice was filed with the Office of the Maine Attorney General on February 28. NHS Scotland has also been threatened by the INC Ransom extortion operation. The group is threatening to expose 3 TB of data. In the US, hospitals in California and North Dakota have reported cyberattacks. Pomona Valley Hospital Medical Center in California is notifying 13,345 individuals about a data breach at a subcontractor of one of its businesses. R1 RCM has also reported a data breach and has notified patients potentially affected by a cybersecurity incident that involved personal identifiable information. In banking news, Axis Bank credit card users have been impacted by fraudulent transactions. The bank, however, has stated that there has been no data breach. In 2023, 17 billion personal records were exposed in data breaches, a 34.5% rise from the previous year. The Nigeria Data Protection Commission is investigating over 400 cases of privacy breaches involving online loan apps. In the world of cybersecurity, indicators of attack (IOAs) are becoming increasingly important as they provide evidence of a security incident that investigators gather. Senators Chuck Grassley and Ron Wyden are holding the United Network for Organ Sharing (UNOS) accountable after a data breach exposed 1.5 million organ transplant patients' sensitive data. In Scotland, the NHS has received a ransom demand to prevent a data leak. The breach does not appear to have extended beyond NHS Dumfries and Galloway. In the world of e-commerce, data from Shopify plugins developed by Saara has been leaked. The Cybernews research team exposed a data breach from a publicly accessible MongoDB database tied to the Shopify plugin developers from Saara. Finally, in the world of cybersecurity research, the National Institute of Standards and Technology (NIST) has unveiled a new consortium to manage its National Vulnerability Database. That's all for today. Stay safe and secure!

Data Breaches

1. Affinity Health Services Data Breach: Affinity Health Services reported a data breach to the Attorney General of Montana on March 18, 2024. The breach affected both employees and patients, however, the extent of the breach is still under investigation. Source: JD Supra
2. Houser LLP Data Breach: Houser LLP announced a data breach that impacted close to 700,000 individuals. The breach was discovered in May of the previous year and was reported to the Office of the Maine Attorney General on February 28. Source: Teiss
3. NHS Scotland Data Leak: Scotland's National Health Service was threatened by the INC Ransom extortion operation to expose 3 TB of data. The extent of the breach and the potential impact on patients is still under investigation. Source: SC Magazine
4. Pomona Valley Hospital Medical Center Data Breach: Pomona Valley Hospital Medical Center in California reported a data breach affecting 13,345 individuals. The breach occurred at a subcontractor of one of its business partners. Source: HIPAA Journal
5. R1 RCM Data Breach: R1 RCM reported a data breach and has notified potentially affected patients. The breach involved personal identifiable information, however, the extent of the breach is still under investigation. Source: Becker's Hospital Review

Security Research

1. Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection: Israeli security researcher Oshri Kalfon revealed aspects of the PhaaS service in July 2023. The network uses RCS and iMessage to evade detection, posing a significant cybersecurity threat. Source: The Hacker News
2. Why Hacker Tactics Are Shifting To Cookie Theft: A top security researcher suggests that hackers are shifting their tactics to cookie theft as a security measure against the risk posed by stolen or compromised passwords. Multi-factor authentication is recommended to combat this risk. Source: CRN
3. Critical Defence Research Collaboration Bolsters National Security: The passing of amendments to Australia's Defence Controls Act has bolstered national security through critical defence research collaboration. The collaboration aims to strengthen national security measures. Source: Mirage News
4. NIST Unveils New Consortium to Manage its National Vulnerability Database: In early March, security researchers noticed a significant drop in vulnerability enrichment data uploads on the NVD website. The NIST has responded by unveiling a new consortium to manage the database. Source: Infosecurity Magazine
5. New iPhone Password Attack Warning Issued To Apple Users: Security researcher Brian Krebs has spotted annoying popups appearing on all Apple devices—iPhones, iPads, and Macs. These popups are part of a new iPhone password attack, prompting a warning to Apple users. Source: Forbes

Top CVEs

1. CVE-2024-0071: NVIDIA GPU Display Driver for Windows contains a vulnerability that allows an unprivileged user to cause an out-of-bounds write, leading to possible code execution, denial of service, escalation of privileges, and data disclosure. Source: CVE-2024-0071
2. CVE-2023-44999: A Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Stripe Payment Gateway could lead to unauthorized actions being performed on behalf of the user. Source: CVE-2023-44999
3. CVE-2023-34020: Uncanny Owl Uncanny Toolkit for LearnDash contains a URL Redirection to Untrusted Site vulnerability, potentially leading to phishing attacks or unauthorized actions. Source: CVE-2023-34020
4. CVE-2024-0073: NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer that could lead to code execution, denial of service, escalation of privileges, information disclosure, and data loss. Source: CVE-2024-0073
5. CVE-2022-45847: WPAssist.Me WordPress Countdown Widget contains a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross-Site Scripting (XSS), potentially leading to unauthorized actions being performed on behalf of the user. Source: CVE-2022-45847

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving cyber threats. From Affinity Health Services to NHS Scotland, no organization is immune to the risk of data breaches. It's a stark reminder that we must all do our part to protect sensitive information, whether it's our own or that of our patients, customers, or employees. We hope you found today's news roundup informative and useful. Remember, knowledge is power in the fight against cybercrime. So, don't keep this information to yourself. Share Secret CISO with your friends and colleagues, and let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.