Secret CISO 5/20: Nissan and WebTPA Data Breaches, MediSecure Ransomware Attack, Utah's New Breach Notification Law, Threat Hunting Strategies, and Quantum Security Research
Welcome to today's edition of the Secret CISO newsletter. We have a lot to cover, so let's dive right in. First up, CyEx, a leading provider of cyber and data breach response solutions, has announced the acquisition of Simpluris Inc., a settlement administrator. This move is expected to strengthen CyEx's position in the cybersecurity market. In M&A news, cloud and security giant Akamai is acquiring API security firm Noname Security for a whopping $450 million. This acquisition comes in the wake of a data breach at Nissan that impacted 53,000 employees. In the healthcare sector, a data breach at WebTPA has affected 2.4 million health insurance policyholders. The lawsuits allege that WebTPA was negligent in implementing reasonable and appropriate data security measures. On the legislative front, amendments to Utah's cybersecurity and data breach notification law took effect on May 1, 2024.
The SEC now requires financial institutions to notify customers of breaches within 30 days. In threat intelligence, the MLS Chicago Fire Football Club reported a security breach. Threat hunting is being touted as a proactive security strategy that can help secure organizations by closing potential gaps in the security system. In other news, a cyberattack on Jacksonville hospital has put the city on alert. The attack compromised the security defenses of networks, software, data, servers, and computers. Lastly, a leading researcher in cryptographic security has emphasized the need for global cooperation to secure our satellite infrastructure. Stay tuned for more updates on the cybersecurity landscape. Stay safe and secure!
Data Breaches
- Nissan Data Breach: Nissan experienced a significant data breach impacting 53,000 employees. The breach was part of a larger cybersecurity M&A roundup for the first half of May 2024. Source: SecurityWeek
- WebTPA Data Breach: WebTPA, a health insurance company, suffered a data breach affecting 2.4 million policyholders. The company is facing lawsuits alleging negligence in implementing reasonable and appropriate data security measures. Source: HIPAA Journal
- MediSecure Data Breach: MediSecure, a healthcare provider, reported a data breach impacting patient and healthcare provider information. The breach was due to a ransomware attack compromising data related to prescriptions distributed until November 2023. Source: SecurityWeek
- Samco Securities Data Breach: Indian brokerage firm, Samco Securities, suffered a data breach with cybercriminals stealing and putting up for sale personal data belonging to 3000 customers. Source: MediaNama
- Knowmad Mood Data Breach: The threat actor Chucky claimed responsibility for a data breach at Knowmad Mood, stemming from an attack on its internal CRM system. Source: The Cyber Express
Security Research
- Cryptography Expert: Work Today Can Help Protect Blockchain From Quantum Attacks Tomorrow: A leading researcher in cryptographic security suggests that while quantum computers may not be imminent, proactive measures to protect blockchains from potential quantum attacks should be taken now. Source: The Quantum Insider
- Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal: Security researcher Antonis discovered a flaw in Foxit PDF Reader that hackers are exploiting to deliver a diverse range of malware. The vulnerability lies in the user's tendency to agree to the second message without reading. Source: The Hacker News
- PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026): Bryan Smith, a security researcher with Redline Cyber Security, discovered a privilege escalation flaw in Ivanti EPMM v12.0 and earlier versions. The proof of concept for the exploit has been released. Source: Help Net Security
- Students Uncover Security Bug That Could Let Millions Do Their Laundry For Free: A group of students discovered a security bug that could potentially allow millions to do their laundry for free. The vulnerability remains open, and the researchers are offering to assist firms with security concerns. Source: Cyber Security News
- Deepfakes now rank as the second most common information security incident for UK: According to ISMS.online's research, deepfakes have become the second most common information security incident in the UK. Despite AI being part of the problem, 72% agree that AI and machine learning will help improve data security programs. Source: Global Security Mag
Top CVEs
- CVE-2024-35938 - Linux Kernel Vulnerability: A vulnerability in the Linux kernel could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system. This is caused by the deserialization of untrusted data. Source: CVE-2024-35938
- CVE-2024-35933 - Linux Kernel Bluetooth Vulnerability: A flaw in the Linux kernel's Bluetooth module could lead to a null pointer dereference if hci_cmd_sync_complete() is triggered and skb is NULL. This could potentially lead to system crashes. Source: CVE-2024-35933
- CVE-2024-36070 - Tine LDAP Backend Vulnerability: Tine, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. Source: CVE-2024-36070
- CVE-2024-36053 - MintUpload Package Vulnerability: In the mintupload package for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service. Source: CVE-2024-36053
- CVE-2024-5101 - Simple Inventory System Vulnerability: A vulnerability in the Simple Inventory System 1.0 allows for SQL injection through the manipulation of the ITEM argument in the updateproduct.php file. The attack can be initiated remotely. Source: CVE-2024-5101
API Security
- CVE-2024-4287 - Improper Input Validation in mintplex-labs/anything-llm: A vulnerability exists due to improper input validation in the workspace update process. The application fails to validate or format JSON data sent in an HTTP POST request, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator. Source: vulners.com
- CVE-2024-3761 - Unauthorized Dataset Deletion in lunary-ai/lunary: In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. Source: vulners.com
- CVE-2024-36076 - CSRF Vulnerability in Syslifters SysReptor: Syslifters SysReptor before 2024.40 has a CSRF vulnerability for WebSocket. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
That's all for today's edition of Secret CISO. We've covered a lot of ground, from acquisitions and mergers to data breaches and new security strategies. Remember, in the world of cybersecurity, knowledge is power. So, keep yourself updated and stay one step ahead of the threats.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to make the digital world a safer place for everyone. Stay safe and see you tomorrow!