Welcome to today's issue of Secret CISO, where we delve into the latest cybersecurity news and developments. Today, we're focusing on the rising threat of data breaches and how they're impacting various sectors, from education to healthcare and beyond. We'll be discussing the data breach that occurred in 2021, which is still affecting users today, with a hacker named ShinyHunters attempting to sell personal data on the dark web. We'll also look into the recent data leak confirmed by AT&T and how it's impacting millions of consumers. In the healthcare sector, we'll explore the data breach that hit an Atlanta OB-GYN practice and how it's leading to a class action lawsuit. We'll also discuss the data breach at Otolaryngology Associates that has impacted the personal information of over 316k patients. In the world of academia, we'll delve into the postsecondary data breach scenario and how it's affecting student privacy. We'll also touch on the data breach at Monmouth College and how it's impacting students and former students. Finally, we'll look at the latest cybersecurity research, including the increasing sophistication of cyberattacks and how consumers can protect themselves. We'll also discuss the uncertainty surrounding cloud security and where your data is actually stored. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. AT&T Data Breach: AT&T confirmed a massive data leak, affecting 73 million customers. The breach, dating back to 2021, was exposed by a hacker who claimed indifference to AT&T's admission. The leaked data is reportedly available on the dark web. Source: TechDirt, Yahoo Finance.
2. City of Hope Data Breach: Over 800,000 patients were affected by a data breach at the City of Hope cancer treatment and research center. The stolen files contained patient names, social security numbers, financial details, and medical records information. Source: Fierce Healthcare, Bleeping Computer.
3. SurveyLama Data Breach: Millions of SurveyLama users had their data exposed in a major breach. The company confirmed the breach, which was reported by the creator of the Have I Been Pwned? website. Source: TechRadar.
4. Integris Health Data Breach: Integris Health is investigating a data breach where hackers claim they stole more than two million patients' data to sell on the dark web. The extent of the breach and the type of data stolen are still under investigation. Source: News 9.
5. US Government Data Theft: The US government is investigating claims of a massive theft and leak of classified information from the Pentagon and other national security agencies. The alleged criminal activity was reported by The Register, but details remain scarce. Source: The Register.

Security Research

1. "Why a near-miss cyberattack put US officials and the tech industry on edge": A near-miss cyberattack on US digital infrastructure has raised concerns about the country's cybersecurity preparedness. The incident was a wake-up call for officials and the tech industry, highlighting the need for more robust security measures. Source: Reuters
2. "Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws": Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances. The discovery underscores the need for continuous security updates and monitoring. Source: The Hacker News
3. "Getting Vulnerability Management Back on the Rails – Patrick Garrity": Patrick Garrity, a security researcher at VulnCheck, emphasizes the importance of focusing on vulnerabilities, vulnerability exploitation, and threat actors in order to manage security effectively. Source: SC Magazine
4. "A chilling near-miss shows how today's digital infrastructure is vulnerable": A security researcher's discovery of a significant vulnerability in the US's digital infrastructure led to a federal rebuke of Microsoft. The incident underscores the need for more robust security measures in the digital infrastructure. Source: The Economist
5. "Microsoft's Security Chickens Have Come Home to Roost": The theft of a Microsoft signing key has raised serious security concerns. The incident highlights the need for more stringent security measures and the potential risks of cloud security. Source: SecurityWeek

Top CVEs

1. CVE-2024-28182 (nghttp2 library): The nghttp2 library prior to version 1.61.0 keeps reading an unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset, causing excessive CPU usage. This vulnerability is mitigated in nghttp2 v1.61.0 by limiting the number of CONTINUATION frames it accepts per stream. Source: CVE-2024-28182
2. CVE-2024-27316 (nghttp2): HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2, leading to potential memory issues if a client does not stop sending headers. Source: CVE-2024-27316
3. CVE-2024-22189 (quic-go): In quic-go prior to version 0.42.0, an attacker can cause its peer to run out of memory by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The issue is patched in version 0.42.0. Source: CVE-2024-22189
4. CVE-2024-30255 (Envoy): The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to a flood of CONTINUATION frames. Users should upgrade to mitigate the effects of the CONTINUATION flood. Source: CVE-2024-30255
5. CVE-2024-28787 (IBM Security Verify Access): IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. Source: CVE-2024-28787

Final Words

As we wrap up today's edition of the Secret CISO newsletter, we can't help but emphasize the importance of staying vigilant in the face of data breaches. From local businesses to postsecondary institutions and even major corporations like AT&T, no one is immune to the potential risks. Remember, knowledge is power. By staying informed about the latest breaches and understanding how to protect yourself, you can significantly reduce your risk of becoming a victim. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. After all, cybersecurity is a shared responsibility. Stay safe, stay informed, and see you in the next edition of Secret CISO.