Secret CISO 5/11: Ascension and Ohio Lottery Hit by Ransomware, State Actor Targets B.C. Government, Dell Data Breach, and Research on Real Cost of Cybersecurity Breaches

Secret CISO 5/11: Ascension and Ohio Lottery Hit by Ransomware, State Actor Targets B.C. Government, Dell Data Breach, and Research on Real Cost of Cybersecurity Breaches

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have rocked the healthcare, lottery, and tech sectors. Ascension, a healthcare provider, has reportedly suffered a ransomware attack, disrupting elective procedures and potentially compromising patient data. Meanwhile, the Ohio Lottery is dealing with the fallout from a Christmas Eve cyber attack that exposed the personal data of over 538,000 individuals. In the tech world, Dell has announced a data breach involving customer names and addresses. The breach occurred through a Dell portal, highlighting the vulnerability of even the most established tech giants.

On the legal front, a suit against the American Bar Association over a 2023 data security breach has been dismissed, affecting some 1.5 million ABA members. In international news, a state actor is being blamed for a cyberattack on B.C. government systems in Canada. The attack has prompted involvement from the Canadian Centre for Cyber Security and other agencies.

Finally, we'll look at the latest research aiming to calculate the real cost of cybersecurity breaches, and why Google Chrome users need to update their browsers urgently. Stay tuned for more updates and remember, knowledge is the first line of defense.

Data Breaches

  1. 'Ascension Suffered Ransomware Attack': Ascension, a healthcare organization, reportedly fell victim to a ransomware attack, leading to a halt in elective procedures. If a data breach is discovered, the company plans to notify and support anyone impacted. Source: Becker's Hospital Review
  2. 'Ohio Lottery Data Breach': A cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of over 538,000 individuals. Legal action is being taken on behalf of customers whose personal data may have been compromised. Source: Security Affairs
  3. 'Cyberattack on B.C. Government Systems': The Canadian Centre for Cyber Security and other agencies are investigating a cyberattack on B.C. government systems, believed to be the work of a state actor. The head of B.C.'s public service has not confirmed if the hack is linked to the security breach of Microsoft's systems. Source: CBC News
  4. 'Data Security Breach at the ABA': A data security breach affected some 1.5 million members of the American Bar Association (ABA) in March 2023. The breach allegedly stemmed from credit card payments. Source: Law.com
  5. 'Dell Announces Data Breach': Dell disclosed that a database containing customer names and addresses was accessed through a Dell portal. The tech giant has not provided further details on the extent of the breach. Source: CBS News

Security Research

  1. 'Google Chrome users, here's why you need to update your browser urgently': Google Chrome has released an urgent update to address security vulnerabilities. Users are advised to update their browsers immediately to prevent potential security breaches. Source: Moneycontrol
  2. 'Security News This Week: Microsoft Deploys Generative AI for US Spies': Microsoft has developed a new attack, "TunnelVision", which impacts nearly all VPN applications. The attack has been possible since 2022, indicating a long-standing vulnerability. Source: WIRED
  3. 'Michelle Woods Appointed Vice President of RAND's Homeland Security Research Division': Michelle Woods, a distinguished homeland security policy expert, has been appointed Vice President and Director of the RAND Homeland Security Research Division. Source: HSToday
  4. 'OpenZeppelin Discloses 'High Severity Vulnerability' in DeFi Wallet Argent': OpenZeppelin security researchers have disclosed a high severity vulnerability in the DeFi Wallet Argent. The vulnerability could have led to significant security breaches. Source: Yahoo Life UK
  5. 'Millions of IoT Devices at Risk From Flaws in Integrated Cellular Modem': Millions of IoT devices are at risk due to flaws in integrated cellular modems. The impacts could vary from operational disruptions to severe threats to public safety and security. Source: Dark Reading

Top CVEs

  1. CVE-2024-34070: This is a reserved CVE, meaning the details of the security problem are yet to be publicized. The organization or individual who reserved it will announce the specifics when ready. Source: Vulners.
  2. CVE-2024-30055: Another reserved CVE, the details of the security issue are not yet disclosed. The organization or individual who reserved it will reveal the specifics at the appropriate time. Source: Vulners.
  3. CVE-2024-32964: This CVE is also reserved. The details of the security problem will be announced by the organization or individual who reserved it when they are ready. Source: Vulners.
  4. CVE-2024-34360: This is a reserved CVE. The specifics of the security issue are yet to be publicized by the organization or individual who reserved it. Source: Vulners.
  5. CVE-2024-22345: This CVE is reserved. The details of the security problem will be announced by the organization or individual who reserved it when they are ready. Source: Vulners.

API Security

  1. 'ATX Validation Issue in Smesher': A security flaw has been identified in the ATX validation process of the Smesher, where nodes can publish ATXs referencing an incorrect previous ATX. This breaks protocol rules and could serve as an attack vector, rewarding nodes for holding their PoST data for less than one epoch while still being eligible for rewards. The API needs to be extended to fetch events from a node that detected malicious behavior, and go-spacemesh needs to be patched to prevent publishing these ATXs. Source: Vulners
  2. 'Server-Side Request Forgery Vulnerability in Lobe-Chat': The latest version of lobe-chat (v0.141.2) has an unauthorized SSRF vulnerability. Attackers can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The vulnerability can be exploited through the /api/proxy endpoint. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the ransomware attack on Ascension to the data breach impacting Ohio Lottery, it's clear that cybersecurity threats are ever-present and evolving. But remember, knowledge is power. By staying informed, we can better prepare and protect ourselves and our organizations. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and foster a community that's well-equipped to tackle these cybersecurity challenges.

Remember, in the world of cybersecurity, the story never ends. So, stay tuned for tomorrow's edition of Secret CISO, where we'll bring you the latest updates from the frontlines of the digital battlefield. Stay safe out there!

Read more