Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Good day, Secret CISO readers! Today's newsletter is packed with critical updates on the latest cyber threats and breaches. First up, we delve into a concerning cyber breach at a university in NSW, Australia, where students' data was compromised. The incident has sparked a broader conversation about the Mandatory Notification of Data Breach Scheme. Next, we examine the trillion-dollar data breach crisis in healthcare, a sector where cybersecurity is literally a matter of life and death. The far-reaching implications of these breaches are a stark reminder of the importance of robust security measures. In other news, CentroMed has fallen victim to another cyberattack, marking the second data breach disclosed by the organization in the past year. Meanwhile, digital imaging products manufacturer OmniVision has disclosed a data breach following a 2023 ransomware attack.

We also explore Homeland Security's collection of DNA data from 1.5 million immigrants over four years, a practice that has raised significant privacy concerns. In a significant development, the DICT has labeled the massive data breach on the PNP's firearms and explosives office a national security concern. Finally, we touch on the arrest of the alleged operator of Incognito Market and OmniVision's data breach disclosure. Stay tuned for more updates and remember, knowledge is power when it comes to cybersecurity. Stay safe out there!

Data Breaches

  1. University Students Cyber Breach: A concerning email was sent to university students following a cyber breach. The NSW Information Privacy Commission was notified in early February in accordance with the Mandatory Notification of Data Breach Scheme. Source: news.com.au
  2. Healthcare's Trillion-Dollar Data Breach Crisis: The trillion-dollar data breach crisis in healthcare represents a critical threat to patient safety and privacy. The far-reaching impact of these breaches is a matter of life and death. Source: hitconsultant.net
  3. CentroMed Cyberattack: CentroMed has fallen victim to another cyberattack, marking the second data breach reported in a year. The details of the breach have not been disclosed yet. Source: hipaajournal.com
  4. OmniVision Data Breach: Digital imaging products manufacturer OmniVision disclosed a data breach following the 2023 Cactus ransomware attack. The extent of the breach is currently unknown. Source: securityaffairs.com
  5. Homeland Security DNA Data Collection: Since a Trump administration rule mandating the collection of all detained immigrants' DNA went into effect in 2020, the number of collected DNA has reached 1.5 million. The implications of this data collection are still being evaluated. Source: therecord.media

Security Research

  1. Cado Security Research on Organizational Vulnerability: Cado Security, a leading provider of investigation and response automation platforms, has released new research indicating that nearly 90% of organizations are susceptible to cyber threats. This research highlights the increasing need for robust cybersecurity measures in the digital age. Source: Yahoo Finance
  2. GHOSTENGINE Cryptojacking Attack: Cybersecurity researchers have uncovered a new cryptojacking campaign, dubbed GHOSTENGINE, that exploits vulnerable drivers to disable known security solutions. This discovery underscores the evolving sophistication of cyber threats and the importance of maintaining up-to-date security measures. Source: The Hacker News
  3. Turla APT's MSBuild Exploitation: Researchers have discovered that Russia's Turla APT is abusing MSBuild to deliver the TinyTurla backdoor. This revelation underscores the ongoing threat posed by state-sponsored cyber-espionage groups and the need for robust defenses against such sophisticated attacks. Source: Dark Reading
  4. AI Security and Strategic Governance: A new report from the R Street Institute discusses the importance of strategic governance in advancing AI security. The report suggests that some policies within AI companies may discourage independent evaluation, highlighting the need for transparency and accountability in AI development. Source: R Street Institute
  5. Microsoft's AI 'Recall' Feature Security Concerns: Microsoft's new AI 'Recall' feature has raised security and privacy concerns among researchers. Critics argue that the feature could potentially enable malicious hackers, underscoring the need for careful consideration of security implications in AI development. Source: SC Media

Top CVEs

  1. CVE-2024-21683 - Confluence Data Center and Server RCE Vulnerability: A high severity RCE vulnerability was discovered in version 5.2 of Confluence Data Center and Server. This vulnerability allows an authenticated attacker to execute arbitrary code, impacting confidentiality, integrity, and availability. Users are advised to upgrade to the latest version. Source: CVE-2024-21683
  2. CVE-2024-27130 - QNAP Operating System Buffer Copy Vulnerability: A buffer copy vulnerability has been reported in several QNAP operating system versions. If exploited, this vulnerability could allow users to execute code via a network. The vulnerability has been fixed in the latest version. Source: CVE-2024-27130
  3. CVE-2024-31989 - Argo CD Redis Server Vulnerability: An unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379 in Argo CD, a GitOps continuous delivery tool for Kubernetes. This vulnerability could lead to Privilege Escalation or information leakage. The issue has been patched in the latest version. Source: CVE-2024-31989
  4. CVE-2024-22274 - vCenter Server Authenticated RCE Vulnerability: The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands. Source: CVE-2024-22274
  5. CVE-2024-36039 - PyMySQL SQL Injection Vulnerability: PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped. Source: CVE-2024-36039

API Security

  1. CVE-2024-4153 - Lunary-AI/Lunary API Vulnerability: A flaw in lunary-ai/lunary version 1.2.2 allows attackers to bypass user creation limits and potentially evade payment requirements. The issue arises from an undefined behavior when handling input to the API, specifically through a POST request to the /v1/users endpoint. Source: CVE-2024-4153
  2. CVE-2024-32988 - 'OfferBox' App JWT Secret Key Vulnerability: 'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. The secret key for JWT may be retrieved if the application binary is compromised. Source: CVE-2024-32988
  3. CVE-2024-2088 - NextScripts: Social Networks Auto-Poster Plugin Vulnerability: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys. Source: CVE-2024-2088
  4. CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit: CHAOS version 5.0.8, a free and open-source Remote Administration Tool, contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability. Source: CHAOS 5.0.8 Exploit
  5. CVE-2024-35058 - NASA AIT-Core API Vulnerability: An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted input. Source: CVE-2024-35058

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving cyber threats. From universities to healthcare systems, no sector is immune to the potential devastation of a data breach. We've seen how cyberattacks can lead to significant financial losses, compromise sensitive information, and even pose a threat to national security. It's clear that cybersecurity is not just a matter of protecting data, but also a matter of life and death. As we continue to navigate this digital landscape, let's remember to stay informed, stay prepared, and most importantly, stay secure.

If you found today's newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can build a safer digital world. Stay tuned for more updates tomorrow. Until then, stay safe and secure!

Read more

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the controversial use of Pokemon Go player data by Niantic to train AI map models, raising serious privacy concerns and potential data breach risks. We also discuss the

By Secret CISO