Good morning, Secret CISO readers! Today's newsletter is packed with important updates from the world of cybersecurity. We start with the delayed disclosure of a major data breach at Sav-Rx, which exposed sensitive information of over 2.8 million customers. The Louisiana School District is also in the spotlight for a data breach that revealed sensitive information about thousands of teachers and students. In Australia, Ticketmaster customers are on high alert after a cyber incident potentially leaked their personal details. Meanwhile, the Data Protection Commission has opened an investigation into the Health Service Executive over data breaches related to medical records. In the political arena, a data breach in Doral has escalated political turmoil, with a councilwoman claiming her files were accessed and the mayor suspecting politically motivated attacks.

In other news, ShinyHunters, a hacking group, claims to have successfully breached Ticketmaster's security, stealing a whopping 1.3 TB of data from 560 million users. We also delve into the world of AI and research, with warnings about weak offboarding management and insider risks, and the potential threat of AI ahead of the general election. Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the cybersecurity game. Stay safe!

Data Breaches

1. Sav-Rx Discloses October 2023 Data Breach After Eight Months: Sav-Rx, a prescription management company, has disclosed a data breach that occurred in October 2023, exposing the sensitive information of over 2.8 million customers. The breach was first indicated in a filing with the Office of the Maine Attorney. Source: Spiceworks and SiliconANGLE
2. Louisiana School District Notifies Data Breach Victims After News Investigation: A data breach in a Louisiana school district exposed sensitive information about thousands of teachers and students. The breach was revealed by reporters, and subsequent analysis showed that the leaked records contained the Social Security numbers of at least 13,500 people. Source: Yahoo and The 74
3. Alleged Ticketmaster Data Breach Sees 560 Million Users' Info for Sale in Hacking Forum: Hacking group ShinyHunters claims to have breached Ticketmaster's security, stealing 1.3 TB of data from 560 million users. The stolen data allegedly includes payment details. Source: TechTimes and Hackread
4. Video of Medical Records Posted Online in HSE Data Breach: The Data Protection Commission has opened an investigation into the Health Service Executive over data breaches related to videos of paper medical records being posted online. Source: RTE
5. First American December Data Breach Impacts 44,000 People: First American Financial Corporation, the second-largest title insurance company in the United States, revealed that a December data breach impacted 44,000 people. Source: Bleeping Computer

Security Research

1. New Research Warns About Weak Offboarding Management and Insider Risks: A new study highlights the security risks associated with improper employee offboarding. If not managed correctly, this routine administrative task can lead to significant security vulnerabilities. Source: The Hacker News
2. Time running out for regulators to tackle AI threat ahead of general election, researchers warn: Dr Alexander Babuta, director of the Centre for Emerging Technology and Security at the Alan Turing Institute, warns that regulators need to address the potential threats posed by AI before the upcoming general election. Source: Sky News
3. Ex-Open AI researcher Jan Leike joins Anthropic amid AI safety concerns: Jan Leike, a prominent researcher who recently resigned from OpenAI over safety and governance issues, has joined OpenAI competitor, Anthropic. This move underscores the growing concerns about AI safety in the industry. Source: CIO
4. Researcher Finds PcTattletale Stalkerware on U.S. Hotels, Corporate, and Law Firm Computers: A security flaw in the PcTattletale spyware tool has led to the leak of live-screen recordings of targeted systems to the internet. The tool was found on computers in U.S. hotels, corporations, and law firms. Source: Homeland Security Today
5. Netflix Paid Out Over $1 Million via Bug Bounty Program: Netflix has paid out over $1 million through its Bug Bounty Program, demonstrating the company's commitment to security and the value of ethical hacking. Source: Security Week

Top CVEs

1. CVE-2024-4741: This is a reserved CVE entry, details will be provided once the vulnerability is publicized. It's crucial to stay updated with the latest information to ensure your systems are secure. Source: CVE-2024-4741
2. CVE-2024-5027: Another reserved CVE entry, the details of which will be released upon public disclosure. Regular monitoring of such vulnerabilities can help in proactive security management. Source: CVE-2024-5027
3. CVE-2024-36110: This CVE entry is currently reserved. The specifics will be disclosed once it's publicized. Keeping an eye on such entries can help in early detection and mitigation of potential threats. Source: CVE-2024-36110
4. CVE-2024-35240: A reserved CVE entry, the details will be available post-publication. Regular updates on such vulnerabilities can aid in maintaining a robust security posture. Source: CVE-2024-35240
5. CVE-2024-3657: This is a reserved CVE entry, the specifics of which will be disclosed upon public announcement. Staying abreast with such information can help in timely threat detection and prevention. Source: CVE-2024-3657

API Security

1. Silverstripe/GraphQL CSRF Vulnerability: A serious Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the GraphQL controller of Silverstripe. This flaw could allow authenticated users to be manipulated into visiting a URL that sends a GET request to the affected server, potentially leading to data mutation or destruction without the user's knowledge. It's crucial for users to update their systems to the latest version to mitigate this risk. Source: Vulners.
2. API Security Issue in Cisco Smart Software Manager: Cisco's Smart Software Manager has been found to contain a high-severity API security issue. This vulnerability could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. Users are advised to apply the latest software updates. Source: Cisco.
3. API Vulnerability in VMware vRealize Operations: VMware's vRealize Operations has been found to contain an API vulnerability that could allow an attacker to view sensitive information. This vulnerability is due to improper access controls and users are urged to update to the latest version to fix this issue. Source: VMware.
4. API Security Flaw in Atlassian Confluence: A critical API security flaw has been discovered in Atlassian's Confluence that could allow an attacker to execute arbitrary code. The flaw is due to improper input validation and users are advised to update to the latest version to mitigate this risk. Source: Atlassian.
5. API Vulnerability in Fortinet's FortiOS: Fortinet's FortiOS has been found to contain an API vulnerability that could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to improper handling of HTTP requests and users are urged to update to the latest version to fix this issue. Source: Fortinet.

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the landscape of data security is ever-evolving. From the Sav-Rx data breach affecting millions to the politically charged cyber incident in Doral, we're reminded of the importance of robust cybersecurity measures. We also delve into the world of AI safety concerns, with ex-Open AI researcher Jan Leike joining Anthropic, and the ongoing debate about user privacy between Elon Musk and WhatsApp. Remember, staying informed is the first step towards safeguarding your data.

If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Stay safe and see you in the next edition of Secret CISO!