Subject: The Human Factor in Cybersecurity - A Daily Dose of Secret CISO Good day, In today's edition of Secret CISO, we delve into the heart of cybersecurity - the human factor. As the cost of an average data breach rises to a staggering $4.45 million, organizations are left scrambling for quick fixes, often overlooking the crucial role that human error plays in these breaches. We kick off with a disturbing revelation from Harvard Pilgrim Health Care, which has increased its ransomware victim count to a whopping 2.86 million. This serves as a stark reminder of the escalating threats in the healthcare sector, with another Massachusetts healthcare provider warning patients of a recent data breach. Meanwhile, across the Atlantic, the Nigeria Data Protection Commission is tightening its scrutiny on the licensees of the National Identity Management Commission following a data breach. The NDPC is also calling for vigilance amid an ongoing data breach probe. In other news, a staggering 17 billion records were exposed last year, according to Flashpoint's 2024 Global Threat Intelligence Report. This alarming figure underscores the urgent need for advanced cybersecurity strategies to boost shareholder returns and protect against data breaches. Lastly, we turn our attention to the importance of data security in remote roles. As more organizations adopt remote work, penetration testing emerges as a key practice to protect against data breaches. Stay tuned for more updates and remember, in the world of cybersecurity, the human factor is often the weakest link. Stay safe, [Your Name] Secret CISO

Data Breaches

1. Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million: The healthcare provider's data breach investigation revealed additional compromised data, increasing the victim count to 2.86 million. The accessed data has not been specified. Source: HIPAA Journal
2. Data Breach: NIMC Agents to Face More Scrutiny: The Nigeria Data Protection Commission has increased scrutiny on the licensees of the National Identity Management Commission following a data breach. The specifics of the breach are not detailed. Source: Punch Newspapers
3. Massachusetts Healthcare Provider Warns Patients of Data Breach: A Massachusetts healthcare provider has alerted patients of a data breach that compromised some personal information. The extent and nature of the compromised data remain undisclosed. Source: Boston 25 News
4. Data Breach: NIMC Bars Agents from Name, Details Modification: The National Identity Management Commission (NIMC) has restricted third-party agents from accessing its database following a reported data breach. The specifics of the breach are not detailed. Source: Businessday NG
5. Taj Hotels Suffers Data Breach Exposing Personal Data of 1.5 Million Guests: India-based Taj Hotels has experienced a data breach that may have compromised the sensitive personal information of approximately 1.5 million guests. The specifics of the compromised data are not detailed. Source: MSN

Security Research

1. Energy Insecurity in NYC Households: Researchers have highlighted the growing issue of energy insecurity, the struggle to meet basic household energy needs, in New York City. The study reveals the implications of this problem on urban households, sparking concern among experts. Source: The Cooldown
2. Decade-old Linux 'wall' bug: Security researcher Skyler Ferrante discovered a decade-old Linux bug, WallEscape, which can be exploited to create fake SUDO prompts and steal passwords. The bug is described as an "improper neutralization of escape sequences in wall" command. Source: Bleeping Computer
3. UND Designated as Cyber Security Center of Excellence: The University of North Dakota (UND) has been designated as a National Center of Academic Excellence in Cyber Security. This designation is expected to open doors for more research and funding at UND. Source: UND Today
4. Malware Upload Attack Hits PyPI Repository: Researchers at Checkmarx have warned of multiple malware upload attacks on the PyPI Repository. The details of these attacks and their implications are discussed in a research note. Source: SecurityWeek
5. 3 ChatGPT Security Myths Debunked: Cato Security's research team has investigated the business risks associated with ChatGPT and debunked three common security myths. The team found no real cause for concern, contrary to popular belief. Source: SDxCentral

Top CVEs

1. CVE-2023-42931: A process in macOS versions could gain admin privileges without proper checks. The issue has been addressed in macOS Ventura 13.6.3, macOS Sonoma 14.2, and macOS Monterey 12.7.2. Source: CVE-2023-42931
2. CVE-2023-6371: GitLab CE/EE versions before 16.8.5, 16.9.3, and 16.10.1 are vulnerable to a Stored XSS attack via a wiki page with a crafted payload. The issue has been discovered and addressed. Source: CVE-2023-6371
3. CVE-2022-45850: Nickys Image Map Pro has a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. The issue affects Image Map Pro versions before a certain update. Source: CVE-2022-45850
4. CVE-2023-42962: iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3 have a vulnerability that could allow a remote attacker to cause a disruption. The issue has been addressed with improved checks. Source: CVE-2023-42962
5. CVE-2023-42950: A use after free issue in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2 could lead to arbitrary code execution when processing maliciously crafted web content. The issue has been addressed with improved memory management. Source: CVE-2023-42950

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the world of cybersecurity is a dynamic one, with new threats and solutions emerging every day. From the increasing ransomware victim count at Harvard Pilgrim Health Care to the heightened scrutiny on NIMC agents in Nigeria, it's clear that data breaches are a global concern. But it's not all doom and gloom. The human factor in cybersecurity is being recognized and addressed, and advanced cybersecurity strategies are boosting shareholder returns. We're also seeing a focus on data security in remote roles and a call for vigilance amid data breach probes. Remember, knowledge is power. By staying informed, we can all play a part in enhancing our cybersecurity defenses and protecting our data. If you found today's newsletter informative, why not share it with your friends and colleagues? Let's spread the word and foster a culture of cybersecurity awareness. Stay safe, stay informed, and see you in the next edition of Secret CISO.