Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news. Today, we're diving into a series of data breaches that have affected millions of individuals worldwide. First up, we have a massive data breach at prescription services firm Sav-Rx, impacting 2.8 million people. The compromised data includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, and eligibility data. Next, we have a data breach at MediSecure, with stolen data now up for sale on the Dark Web. The threat actor created an account on the hacking forum just one day before MediSecure disclosed the data breach. In Greece, the Ministry of the Interior and Member of the European Parliament Anna-Michele Asimakopoulou were fined over a campaign data breach.

Meanwhile, the Passport, Immigration and Citizenship Agency (PICA) in Jamaica insists there has been no data breach, despite accusations to the contrary. The impact of the Cencora data breach is proving to be far more widespread than initially thought, affecting more than a dozen pharmaceutical giants including Novartis. In India, a data leak has exposed the personal data of military and police personnel, including facial scans, fingerprints, identifying marks, and documents such as birth certificates and employment records.

In the US, the RansomHub ransomware group has added American Clinical Solutions to its data leak site, indicating a breach of the network. Finally, we have responses from security leaders to a ransomware attack on the City of Wichita, highlighting the ongoing threat of such attacks. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. New Chrome Zero-Day Patched by Google: Google has recently patched a zero-day vulnerability in Chrome that was being actively exploited. Users are urged to update their browsers to the latest version to ensure their safety. Source: SecurityWeek
2. Ascension Saint Thomas Health patient files class action lawsuit over data breach: A patient at Ascension Saint Thomas Health has filed a class-action lawsuit over a data breach. The breach has raised concerns about the security of patient data. Source: SecurityWeek
3. ICE Hit With SEC Fine for Delayed VPN Breach Disclosure: The Securities and Exchange Commission (SEC) has fined Intercontinental Exchange (ICE) $10 million for not promptly reporting a VPN security breach in 2021, which compromised employee data. Source: SecurityWeek
4. Sav-Rx discloses data breach impacting 2.8 million Americans: Prescription management company Sav-Rx has disclosed a data breach, potentially compromising the personal information of over 2.8 million people in the United States. The nature of the exposed data has not been disclosed. Source: SecurityWeek
5. Data Breach at Prescription Services Firm Sav-Rx: Sav-Rx, a prescription services firm, has suffered a data breach impacting 2.8 million individuals. The compromised data includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, and eligibility data. Source: SecurityWeek

Security Research

1. UK announces £8.5m grant 'to push boundaries of AI safety research': The UK Research and Innovation (UKRI) and The Alan Turing Institute have announced an £8.5 million grant to advance AI safety research. Shahar Avin, an AI safety researcher, will join the institute on secondment. Source: Computing UK
2. Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique: Security researchers have warned about the threat actors behind the CatDDoS malware botnet, who have exploited over 80 known security flaws in various software over the past three months. Source: The Hacker News
3. Spyware Website Leaking People's Phones Real-Time Screenshots Online: A security researcher discovered a vulnerability in pcTattleTale, a monitoring software, which allowed unauthorized access to the victim's real-time screenshots. Source: Cybersecurity News
4. WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites: Security researcher Ben Martin reported that a WordPress plugin was exploited to steal credit card data from e-commerce sites. The plugin was designed to add new fields to the billing form that request credit card details. Source: The Hacker News
5. Understanding Microsoft's Vulnerability Trends: An expert Q&A with James Maude, Field CTO, BeyondTrust: BeyondTrust, the intelligent identity and access security company, has released its Annual Microsoft Vulnerabilities Report. The report was discussed in an expert Q&A with James Maude, Field CTO at BeyondTrust. Source: Edge Middle East

Top CVEs

1. CVE-2023-52548: Huawei Matebook D16 is vulnerable to arbitrary memory corruption in SMI Handler of ThisiServicesSmm SMM module, potentially leading to code execution. Users are advised to update their systems. Source: CVE-2023-52548
2. CVE-2023-52547: Another vulnerability in Huawei Matebook D16 could lead to memory corruption in SMI Handler of HddPassword SMM Module, potentially leading to code execution. Users are advised to update their systems. Source: CVE-2023-52547
3. CVE-2022-48681: Some Huawei smart speakers have a memory overflow vulnerability that may cause certain functions to malfunction. Users are advised to update their devices. Source: CVE-2022-48681
4. CVE-2023-52711: Various issues due to exposed SMI Handler in AmdPspP2CmboxV2 can be leveraged to bypass protections and potentially lead to code execution. Users are advised to update their systems. Source: CVE-2023-52711
5. CVE-2023-52710: Huawei Matebook D16 is vulnerable to a communication buffer size issue that can lead to data corruption and potentially code execution. Users are advised to update their systems. Source: CVE-2023-52710

API Security

1. Debezium UI 2.5 Credential Disclosure Vulnerability: Debezium UI 2.5 has a credential disclosure vulnerability that could potentially expose sensitive information. Users are advised to update to the latest version to mitigate this risk. Source: Vulners
2. Meshery SQL Injection Vulnerability (CVE-2024-35182): Another SQL injection vulnerability has been found in Meshery, affecting versions prior to 0.7.22. The vulnerability could lead to arbitrary file write and unauthorized data access. The issue has been fixed in version 0.7.22. Source: Vulners
3. MIT IdentiBot Vulnerability (CVE-2024-35237): MIT IdentiBot, an open-source Discord bot, has a vulnerability that could reveal the full name and other information about a Discord user who has verified their affiliation with MIT. The vulnerability has been patched in the latest version of MIT IdentiBot. Source: Vulners
4. OpenAPI Generator Path Traversal Vulnerability (CVE-2024-35219): OpenAPI Generator, prior to version 7.6.0, has a path traversal vulnerability that could allow attackers to read and delete files and folders from an arbitrary, writable directory. The issue has been fixed in version 7.6.0. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of staying vigilant in the face of ever-evolving cyber threats. From the data breach impacting 2.8 million at Sav-Rx to the stolen data from MediSecure being sold on the dark web, it's clear that no sector is immune to these threats. We also saw how Greece's privacy agency is taking action against data breaches, and how security leaders are responding to ransomware attacks. It's a reminder that we're all in this together, and sharing information and best practices is key to staying one step ahead of the cybercriminals. Remember, cybersecurity isn't just about protecting your own data - it's about safeguarding the entire digital ecosystem.

So, if you found today's newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe and see you tomorrow for more updates from the world of cybersecurity.