Secret CISO 4/15: IBM Bolsters Cyber Resilience, BHF and Roku Breaches, Top Cloud Security Threats, Healthcare Data Ownership

Secret CISO 4/15: IBM Bolsters Cyber Resilience, BHF and Roku Breaches, Top Cloud Security Threats, Healthcare Data Ownership

Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on cybersecurity, data breaches, and more. Firstly, we delve into Cohesity's extended collaboration with IBM to strengthen cyber resilience. This partnership is a significant step towards combating data breaches and cyber-attacks, with IBM's investment in Cohesity playing a crucial role. Next, we discuss the recent data breach denial by BHF Couriers. Despite the company's denial, a post from a hacker named Okhotnik claims to have successfully breached the company's data. In other news, Roku has suffered its second cyber incident this year, affecting almost 600k accounts. This incident highlights the increasing need for robust security measures in the digital world. We also explore the top cloud security threats as discussed by Michal Lewy-Harush, Aqua Security's CIO. This video provides valuable insights into the security challenges faced by global businesses. Lastly, we analyze the changing dynamics of healthcare data breaches since the onset of COVID-19. The pandemic has led to a concerning shift in breach dynamics, emphasizing the need for stronger data security and privacy protections. Stay tuned for more updates on cyber risk strategies, probes into Facebook's data breach, and the latest security measures implemented to minimize business disruption. Stay safe and informed, [Your Name]

Data Breaches

  1. Cohesity Extends Collaboration to Strengthen Cyber Resilience with IBM Investment in Cohesity: Cohesity has extended its collaboration with IBM to bolster its cyber resilience initiative, focusing on enhancing data security capabilities across hybrid cloud environments. This move comes in response to the increasing prevalence and cost of data breaches and cyber-attacks. Source: CXOToday
  2. BHF Couriers Denies Credit Card Data Breach: BHF Couriers has denied allegations of a data breach, despite claims from a hacker that they successfully breached the company. The incident highlights the ongoing threat of cyberattacks and the importance of robust security measures. Source: Cyber Daily
  3. Second Roku Cyber Incident Affects Almost 600k: Streaming service Roku has suffered its second security incident of the year, with hackers gaining access to almost 600,000 accounts. The breach underscores the need for stronger security measures in the streaming industry. Source: Cyber Daily
  4. Exposing the Top Cloud Security Threats: Aqua Security's CIO, Michal Lewy-Harush, discusses the top cloud security threats facing global businesses. The video highlights the growing importance of robust cloud security measures in the face of increasingly sophisticated cyber threats. Source: Help Net Security
  5. Who Owns My Data? An Analysis of Healthcare Data Breach Trends Since COVID-19: The COVID-19 pandemic has led to a concerning change in data breach dynamics in the healthcare sector, with an increase in data security and privacy breaches. The analysis underscores the need for stronger data protection measures in the healthcare industry. Source: Brown Political Review

Security Research

  1. Unveiling energy security in agriculture through vital indicators extraction and insights: This research unveils the importance of energy security in agriculture, providing vital indicators for researchers and planners to evaluate energy consumption methods effectively. Source: Nature
  2. National Security Expert: Biden is a remarkably good president for Israel - Arutz Sheva: Dr. Chuck Freilich, a Senior Researcher at INSS, discusses the impact of Biden's presidency on Israel's national security. His election prospects are said to depend on his relationship management. Source: Arutz Sheva
  3. Harnessing advanced technology to combat Nigeria's security challenges - Businessday NG: This article discusses how advanced technology can be harnessed to combat Nigeria's security challenges, featuring insights from IT Security researcher and CEO of Dplus, Dopamu. Source: Businessday NG
  4. Here's how to stop your bank account from getting drained by card-skimming devices - NOW Toronto: This piece provides insights on how to protect bank accounts from card-skimming devices, highlighting the increasing creativity of scammers. Source: NOW Toronto
  5. Flying missiles over Knesset 'big victory' for Iran: Zionist researcher - IRNA English: Researcher Beni Sabti discusses the implications of the recent missile attack over Knesset, terming it a 'big victory' for Iran. Source: IRNA English

Top CVEs

  1. CVE-2024-1846 - Responsive Tabs WordPress Plugin Vulnerability: The Responsive Tabs WordPress plugin before 4.0.7 has a vulnerability that could allow users with the contributor role and above to perform Stored Cross-Site Scripting due to lack of validation and escape of some shortcode attributes. Source: CVE-2024-1846
  2. CVE-2024-1310 - WooCommerce WordPress Plugin Vulnerability: The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. Source: CVE-2024-1310
  3. CVE-2024-2836 - Social Share, Social Login and Social Comments Plugin Vulnerability: The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks. Source: CVE-2024-2836
  4. CVE-2024-2857 - Simple Buttons Creator WordPress Plugin Vulnerability: The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Source: CVE-2024-2857
  5. CVE-2024-1755 - NPS Computy WordPress Plugin Vulnerability: The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF. Source: CVE-2024-1755

Final Words

And that's a wrap for today's edition of Secret CISO. From the strengthening of cyber resilience through collaborations like IBM and Cohesity, to the unfortunate data breaches affecting companies like Roku and BHF Couriers, we've covered a lot of ground. The world of cybersecurity is ever-evolving, and it's our mission to keep you informed and prepared. Remember, knowledge is power. The more we know, the better we can protect our digital landscapes. So, if you found today's newsletter helpful, why not share it with your colleagues and friends? Let's spread the word and strengthen our collective cyber resilience. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the controversial use of Pokemon Go player data by Niantic to train AI map models, raising serious privacy concerns and potential data breach risks. We also discuss the

By Secret CISO