Good morning Secret CISO readers, Today's newsletter is packed with critical updates on recent data breaches and cybersecurity developments. The Department of Justice (DOJ) has been notifying recipients about a significant data breach that occurred through a ransomware attack. This breach, discovered in May 2023, exposed sensitive information such as Social Security numbers and birthdates. In other news, an ex-employee has pleaded guilty to a 2023 data breach at Jordan Valley Community Health Center. Meanwhile, Florida has passed a cybersecurity data breach immunity law, requiring businesses to notify the Department of Legal Affairs whenever a security breach affects 500 or more individuals. In a concerning development, AT&T has confirmed a data breach affecting more than 73 million current and former customers. The breach was first flagged by FeganScott, a law firm representing consumers, which has launched an investigation into the incident. On the research front, the 23rd Annual Security Conference saw presentations from 11 SCSU faculty and students. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is also investigating a breach at business intelligence company Sisense, following a warning to CISOs about the potential risks. Stay tuned for more updates and insights into these stories. Stay safe and secure! Best, [Your Name]

Data Breaches

1. DOJ Ransomware Attack: The Department of Justice (DOJ) has informed recipients about a data breach that occurred through a ransomware attack, discovered in May 2023. The breach exposed sensitive information such as Social Security numbers and birthdates. Source: WGAL
2. Jordan Valley Community Health Center Data Breach: An ex-employee pleaded guilty to a data breach at Jordan Valley Community Health Center in 2023. The breach led to the center sending patients letters about the incident and recommending protective measures. Source: OzarksFirst
3. Florida's Cybersecurity Data Breach Immunity Law: Florida has passed a cybersecurity data breach immunity law that requires businesses to notify the state's Department of Legal Affairs whenever a security breach affecting 500 or more individuals occurs. Source: Fisher Phillips
4. Sisense Data Breach: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating a data breach at business intelligence company Sisense, which may have exposed sensitive customer data. Source: Krebs on Security
5. BenefitsCal Data Breach: Unauthorized users potentially accessed thousands of BenefitsCal accounts in a data breach, exposing personal information in the process. Source: Sacbee

Security Research

1. Why CISA is Warning CISOs About a Breach at Sisense: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a recent security breach at Sisense, discovered by independent security researchers. CISA is working with private industry partners to respond to the incident. Source: Krebs on Security
2. Analysis of Results from Integrated Safety Assessment of Research Reactors (INSARR) Missions: The International Atomic Energy Agency (IAEA) has published an analysis of the results from Integrated Safety Assessment of Research Reactors (INSARR) missions. The report provides valuable insights into the safety of research reactors. Source: IAEA
3. Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously: Researchers from AhnLab Security Intelligence Center (ASEC) have discovered that attackers are likely exploiting inappropriate settings in expired Redis services to spread the Metasploit Meterpreter backdoor. Source: Dark Reading
4. US and Japan commit $110M to AI research: The US and Japan have committed $110 million to AI research, with support from tech giants like Nvidia, Microsoft, Amazon, and Arm. The initiative aims to strengthen national security and advance AI usage in the US government. Source: ZDNet
5. Threat actors hit GitHub search with malware scheme: Security researchers at Checkmarx have discovered a new malware scheme that exploits GitHub's search functionality. By manipulating repository properties, attackers can lure users into downloading malicious code. Source: Digit

Top CVEs

1. CVE-2023-51672: FunnelKit Checkout is affected by a Missing Authorization vulnerability. The issue affects all versions of FunnelKit Checkout. Source: CVE-2023-51672
2. CVE-2024-27991: SupportCandy is vulnerable to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. The issue affects all versions of SupportCandy. Source: CVE-2024-27991
3. CVE-2024-29019: ESPHome, a system to control microcontrollers remotely through Home Automation systems, is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. Source: CVE-2024-29019
4. CVE-2024-27988: WEN Themes WEN Responsive Columns is vulnerable to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. The issue affects all versions of WEN Responsive Columns. Source: CVE-2024-27988
5. CVE-2024-25912: Skymoonlabs MoveTo is affected by a Missing Authorization vulnerability. The issue affects all versions of MoveTo. Source: CVE-2024-25912

Final Words

And there you have it, folks. Another day, another data breach. It's a stark reminder of the importance of cybersecurity in our increasingly digital world. From the DOJ to AT&T, no one is immune. But remember, knowledge is power. Stay informed, stay vigilant, and most importantly, share this knowledge. If you found today's edition of Secret CISO insightful, why not pass it on? Share it with your colleagues, friends, and fellow cybersecurity enthusiasts. Let's spread the word and foster a culture of cybersecurity awareness. After all, in the fight against cyber threats, we're all in this together. Until next time, stay safe and secure.