Secret CISO 5/3: UnitedHealth and Verizon Data Breaches, ClubNSW Leak, North Korean Hackers, and Critical Vulnerabilities in R Language

Secret CISO 5/3: UnitedHealth and Verizon Data Breaches, ClubNSW Leak, North Korean Hackers, and Critical Vulnerabilities in R Language

Good morning, Secret CISO readers! Today's newsletter is packed with the latest news and insights from the world of cybersecurity. First up, we delve into the recent UnitedHealth data breach, which exposed sensitive patient data to the open internet. This incident serves as a stark reminder of the vulnerabilities in our healthcare systems and the urgent need for robust security measures. Next, we examine the human element in cyber threats, as highlighted in Verizon's 2024 Data Breach Investigations Report. The report reveals how human error continues to play a significant role in data breaches, emphasizing the importance of ongoing security education and awareness. In other news, a major data breach has impacted the Airsoft community site, exposing the sensitive data of 75,000 individuals.

Meanwhile, a man has been charged over a ClubNSW data breach, which exposed the driver's licenses of over 1 million Australians. We also explore how 68% of data breaches occur due to social engineering attacks, according to GBHackers. This highlights the need for organizations to prioritize security training and awareness among their employees.

Finally, we look at the latest cybersecurity research and vulnerabilities, including a critical flaw in the R Language that poses a supply chain risk, and a security expert who was awarded $250,000 for uncovering a major flaw in DeFi Protocol Curve Finance. Stay safe and stay informed!

Data Breaches

  1. UnitedHealth Data Breach: UnitedHealth's patient database was exposed online, revealing unencrypted sensitive data such as contact information and social security numbers. This incident serves as a wake-up call for the UK and NHS. Source: TechCrunch
  2. Verizon 2024 Data Breach: The 2024 Data Breach Investigations Report highlights the significant role that human error plays in cyber threats, prompting security leaders to reassess their strategies. Source: Security Magazine
  3. Data Breach at NSW Club: A data breach caused by disgruntled unpaid developers led to the leak of details of a million NSW club punters on the web. Source: Interest.co.nz
  4. Airsoft Community Site Data Breach: Major airsoft game host and equipment renter Airsoft C3 suffered a data breach, compromising the sensitive data of 75,000 individuals part of its enthusiast community website. Source: SC Media
  5. Social Engineering Attacks: According to a report, 68% of data breaches occur due to social engineering attacks, emphasizing the need for improved security measures against such threats. Source: GBHackers

Security Research

  1. State-Sponsored North Korean Hackers Penetrated South Korean Defense Companies: North Korean hackers have reportedly infiltrated South Korean defense companies, stealing sensitive technical data. Some security researchers believe that North Korea may be collaborating with China in this area. Source: cpomagazine.com
  2. Network Security Firewall Market Surges to USD 12.28 Billion by 2031: The Network Security Firewall Market is projected to reach USD 12.28 billion by 2031, growing at a CAGR of 13.30%. This surge is driven by increasing cybersecurity threats and the need for advanced security solutions. Source: finance.yahoo.com
  3. CISA warned 1750 organizations of ransomware vulnerabilities last year. Only half took action: The Cybersecurity and Infrastructure Security Agency (CISA) warned 1750 organizations about potential ransomware vulnerabilities in 2021. However, only half of these organizations took the necessary action to address these vulnerabilities. Source: ciodive.com
  4. Ministers to discuss use of space for competitiveness and security: Ministers are set to discuss the use of space for enhancing competitiveness and security. The discussions will focus on the strategic importance of space in various sectors, including research and development. Source: researchprofessionalnews.com
  5. Apple hired the hackers who created the first Mac firmware virus: Apple has hired two security researchers who previously worked on viruses targeting Mac computers. This move is seen as part of Apple's efforts to strengthen its cybersecurity capabilities. Source: sg.news.yahoo.com

Top CVEs

  1. WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-40477): This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. The flaw exists within the processing of recovery volumes and can result in a memory access past the end of an allocated buffer. User interaction is required to exploit this vulnerability. Source: CVE-2023-40477
  2. Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2023-42115): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. The flaw exists within the smtp service, which can result in a write past the end of a buffer. Authentication is not required to exploit this vulnerability. Source: CVE-2023-42115
  3. Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2023-42114): This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. The flaw exists within the handling of NTLM challenge requests and can result in a read past the end of an allocated data structure. Authentication is not required to exploit this vulnerability. Source: CVE-2023-42114
  4. Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2023-42116): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. The flaw exists within the handling of NTLM challenge requests and can result in a lack of proper validation of the length of user-supplied data. Authentication is not required to exploit this vulnerability. Source: CVE-2023-42116
  5. Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability (CVE-2023-42117): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. The flaw exists within the smtp service and can result in a memory corruption condition. Authentication is not required to exploit this vulnerability. Source: CVE-2023-42117

API Security - yes, now for home routers!

  1. D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability: This vulnerability allows attackers to bypass authentication on D-Link DCS-8300LHV2 IP cameras due to the use of a hardcoded PIN in the ONVIF API. No authentication is required to exploit this vulnerability. Source: CVE-2023-51629
  2. D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability: This vulnerability allows attackers to execute arbitrary code on D-Link DCS-8300LHV2 IP cameras. The flaw exists within the ONVIF API, which does not properly validate a user-supplied string before using it to execute a system call. Source: CVE-2023-51625
  3. D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability: This vulnerability allows attackers to execute arbitrary code on D-Link G416 routers due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. No authentication is required to exploit this vulnerability. Source: CVE-2023-50211
  4. NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability: This vulnerability allows attackers to bypass authentication on NETGEAR Orbi 760 routers due to the lack of authentication prior to allowing access to functionality within the SOAP API. No authentication is required to exploit this vulnerability. Source: CVE-2023-41183
  5. D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability: This vulnerability allows attackers to execute arbitrary code on D-Link DIR-2150 routers due to the lack of proper validation of a user-supplied string before using it to execute a system call within the SOAP API interface. Source: CVE-2023-34281

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the UnitedHealth data breach to the latest Verizon report on the human element in cyber threats. We've also touched on the latest data breaches impacting various industries and the rise of social engineering attacks. Remember, staying informed is the first step in maintaining a robust security posture.

Share this newsletter with your colleagues and friends to keep them in the loop. Let's work together to create a safer digital world. Stay safe and see you tomorrow for more cybersecurity insights.

Read more

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the controversial use of Pokemon Go player data by Niantic to train AI map models, raising serious privacy concerns and potential data breach risks. We also discuss the

By Secret CISO