Welcome to today's issue of Secret CISO. We've got a lot to cover, so let's dive right in. First up, we're investigating the data breach at HALO Branded Solutions, where sophisticated threat actors accessed the company's network. We'll also be looking into the class action lawsuit against Lamoille Health Partners, which has been settled for $540,000 following a data breach that exposed sensitive information. In South Carolina, the number of consumers affected by data breaches tripled last year, a concerning trend that we'll be discussing in more detail. AT&T is also in the spotlight, with a data breach leaking customer information and impacting over 70 million people. We'll also be exploring the role of blockchain in data security, and how it can help protect against increasing data breaches and cyber threats. On the investigation front, Federman & Sherwood are looking into Ace Hardware Corporation and Clackamas Community College for potential data breaches. In international news, a data breach at Hong Kong Cyberport last year affected over 13,000 staff and jobseekers, and we'll be discussing the implications of this. Finally, we'll be sharing insights from security researchers on a range of topics, from the resurfacing of a botnet targeting end-of-life devices, to the vulnerabilities of RFID-based hotel door locks. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. HALO Branded Solutions Data Breach: In November 2023, HALO's computer systems were infiltrated by a sophisticated threat actor, leading to a significant data breach. The extent of the breach and the data compromised are yet to be disclosed. Source: BusinessWire
2. Lamoille Health Partners Data Breach: Lamoille Health Partners settled a class-action lawsuit for $540,000 following a data breach that exposed sensitive information including names, addresses, Social Security numbers, health insurance information, and medical treatment information. Source: HIPAA Journal
3. AT&T Data Breach: AT&T experienced a massive data breach that leaked customers' information, including Social Security numbers and passcodes. The breach reportedly impacted over 70 million people. Source: Miami Times Online
4. Ace Hardware Corporation Data Breach: On October 29, 2023, Ace Hardware Corporation discovered a data security incident that impacted certain corporate systems. The details of the data compromised are yet to be disclosed. Source: BusinessWire
5. Hong Kong Cyberport Data Breach: A data breach at Hong Kong Cyberport affected 13,632 staff and jobseekers, with personal data such as ID card and passport numbers stolen. The breach has raised significant privacy concerns. Source: South China Morning Post

Security Research

1. Ethereum's ERC-20 design flaws are a crypto scammer's best friend: Security researchers at Oxorio have highlighted the vulnerability of Ethereum's ERC-20 token standard to phishing scams. The design flaws allow illicit actors to send phishing messages to users, tricking them into increasing their token allowances. Source: Cointelegraph
2. WP-Members Plugin Expose Wordpress Sites To Injection Attacks: A critical vulnerability in the WP-Members Membership Plugin has been reported by a security researcher. This vulnerability allows attackers to inject malicious scripts into Wordpress sites. Source: Cyber Security News
3. Research reveals a resurfaced botnet targeting end-of-life devices: Recent research has identified a long-running campaign that targets end-of-life devices with a resurfaced botnet. The botnet exploits the vulnerabilities of these devices to carry out its malicious activities. Source: Security Magazine
4. This Android malware poses as McAfee Security app to steal your passwords and files: A new version of the Vultur trojan has been discovered by security researchers. The malware poses as the McAfee Security app on Android devices, stealing passwords and files from unsuspecting users. Source: Indian Express
5. SafeBreach Labs to Present Three Pieces of Original Research at Black Hat Asia 2024: SafeBreach's Vice President of Security Research, Tomer Bar, and fellow researchers Or Yair and Shmuel Cohen are set to release a series of high-impact security research at Black Hat Asia 2024. The research is expected to provide significant insights into the current state of cybersecurity. Source: Morningstar

Top CVEs

1. CVE-2024-29740: This candidate has been reserved for a future security problem. Details will be publicized once the issue is announced. Source: CVE-2024-29740
2. CVE-2024-27191: A 'Code Injection' vulnerability in Inpersttion Slivery Extender allows for code injection. This issue affects Slivery Extender versions from n/a through... Source: CVE-2024-27191
3. CVE-2024-27972: A 'Command Injection' vulnerability in Very Good Plugins WP Fusion Lite allows for command injection. This issue affects WP Fusion Lite versions from n/a through... Source: CVE-2024-27972
4. CVE-2024-22248: VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker-controlled domain due to improper path handling. Source: CVE-2024-22248
5. CVE-2024-22189: This candidate has been reserved for a future security problem. Details will be publicized once the issue is announced. Source: CVE-2024-22189

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving cyber threats. From the data breaches at HALO Branded Solutions and Lamoille Health Partners, to the tripling of affected consumers in South Carolina, it's clear that no one is immune. The role of blockchain in data security is becoming increasingly significant, as evidenced by the recent investigation into Ace Hardware Corporation. Meanwhile, AT&T's data breach has impacted over 70 million people, underscoring the need for robust security measures across all industries. In the world of research, we see a resurfaced botnet targeting end-of-life devices and the potential for AI to end humanity. These stories highlight the need for continuous learning and adaptation in the face of new challenges. As we continue to navigate this complex landscape, remember that knowledge is power. Share this newsletter with your friends and colleagues to keep them informed and prepared. Stay safe, stay informed, and see you in the next edition of Secret CISO.