Secret CISO 6/19: AMD's Massive Data Breach, Aptihealth's Patient Data Compromise, FTC's Complaint Against TikTok, and Latest Security Research Findings

Secret CISO 6/19: AMD's Massive Data Breach, Aptihealth's Patient Data Compromise, FTC's Complaint Against TikTok, and Latest Security Research Findings

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into the world of data breaches, exploring how they're impacting organizations across the globe. First, we'll be discussing the upcoming event “Hacking the Materiality of a Data Breach” on Super Cyber Friday, and how SEC regulations could potentially shape incident response playbooks. We'll also touch on the shifting public opinion regarding data breaches. In the news, AMD is under investigation for a potential data breach, with notorious cybercriminal Intelbroker claiming responsibility. We'll delve into the details of this alleged breach and its potential implications. Meanwhile, nearly 20,000 patients of behavioral health engagement company Aptihealth have been affected by a data breach, highlighting the ongoing vulnerability of healthcare data. In other news, the Association of Texas Professional Educators is under investigation following a data breach in February, and we'll be discussing why data still leaks through enterprise DLP solutions.

We'll also be looking at the recent data breach affecting Maxicare, and the FTC's complaint against TikTok for alleged data privacy practices. Finally, we'll be exploring the latest research in cybersecurity, including the adoption of zero trust, SSE, SASE to enhance network access security, and the latest findings from LevelBlue Labs. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

  1. AMD Investigates Potential Data Breach: AMD, a global computing powerhouse, is currently investigating a potential data breach after a hacker claimed to have obtained a database from the company and put it up for sale on a dark web forum. The alleged breach was first reported by Intelbroker, a notorious cybercriminal. Source: TechRadar, The Verge
  2. Aptihealth Patients Affected by Business Associate Data Breach: Nearly 20,000 patients of behavioral health engagement company Aptihealth have been affected by a data breach. The breach was announced by the company, highlighting the ongoing vulnerability of health data. Source: HIPAA Journal
  3. Association of Texas Professional Educators Data Breach: The Association of Texas Professional Educators (ATPE) experienced a data breach on February 12, 2024, after identifying unusual activity within its computer network. The ATPE has since secured its network and is working with law enforcement to investigate the incident. Source: Wire19
  4. Maxicare Data Breach: Maxicare, a health insurance provider, confirmed a data breach that affected less than 1% of its member population. The company was alerted to the potential security incident on June 13 and has since assured members that no medical data was stolen. Source: Manila Standard
  5. LendingTree Probes Potential Snowflake-Related Data Breach: LendingTree is currently investigating a potential data breach related to Snowflake, a cloud-based data warehousing platform. The details of the breach, including the number of affected users and the type of data potentially compromised, have not been disclosed. Source: BNN Bloomberg

Security Research

  1. Kraken Crypto Exchange Extortion Attempt: Kraken, a popular cryptocurrency exchange, faced an extortion attempt from a security researcher who discovered a bug but refused to disclose specifics. The situation highlights the importance of ethical conduct in cybersecurity research. Source: Finbold
  2. Microsoft Corporate Email Spoofing Bug: A security researcher publicized a flaw that allows threat actors to spoof Microsoft corporate emails, potentially enabling phishing attacks. Microsoft initially dismissed the disclosure. Source: SC Media
  3. LevelBlue Labs' Evasive Loader Research: LevelBlue Labs, a managed security services provider, released new research on an evasive loader targeting Chinese-speaking victims. The threat actor behind this has not yet been classified as an advanced persistent threat (APT). Source: BusinessWire
  4. Markopolo's Scam Targeting Crypto Users: Security researcher Manoj Kumar warned about a scam by Markopolo targeting cryptocurrency users through fake meeting software. The scam involves distributing a URL linking to cloud storage via text messages that appear authentic. Source: The Hacker News
  5. Chrome 126 Update Patches Vulnerability: Google's Chrome 126 update patches a vulnerability that was exploited at a hacking competition. The security defects were reported by a security researcher known as 'wgslfuzz'. Source: SecurityWeek

Top CVEs

  1. CVE-2023-48759 - Missing Authorization in Crocoblock JetElements For Elementor: This vulnerability affects JetElements For Elementor, where an attacker can exploit missing authorization checks. Users are advised to update to the latest version. Source: CVE-2023-48759
  2. CVE-2023-47770 - Missing Authorization in Muffin Group Betheme: Betheme by Muffin Group has a missing authorization vulnerability. Users are recommended to update to the latest version to mitigate this vulnerability. Source: CVE-2023-47770
  3. CVE-2023-47771 - Missing Authorization in ThemePunch OHG Essential Grid: Essential Grid by ThemePunch OHG is affected by a missing authorization vulnerability. Users are advised to update to the latest version. Source: CVE-2023-47771
  4. CVE-2023-47681 - Missing Authorization in QuadLayers WooCommerce Checkout Manager: QuadLayers WooCommerce Checkout Manager has a missing authorization vulnerability. Users are recommended to update to the latest version to mitigate this vulnerability. Source: CVE-2023-47681
  5. CVE-2023-45658 - Missing Authorization in POSIMYTH Nexter: Nexter by POSIMYTH has a missing authorization vulnerability. Users are advised to update to the latest version. Source: CVE-2023-45658

API Security

  1. Exploit for CVE-2024-28397 in js2py: A vulnerability has been discovered in the js2py python package, which is widely used by web scrapers to parse JavaScript code. The flaw lies in the implementation of a global variable within js2py, allowing an attacker to obtain a reference to a python object in the js2py environment. This can enable the attacker to escape the js environment and execute arbitrary commands on the host. The threat actor can host a website containing a malicious js file or send a malicious script via HTTP API for the victim to parse, leading to remote code execution on the host. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we hope you found our insights on data breaches, cybersecurity, and incident response playbooks valuable. The world of cybersecurity is ever-evolving, and it's crucial to stay informed and prepared. Remember, cybersecurity is not just the responsibility of a single department or individual - it's a collective effort. Share this newsletter with your colleagues and friends to help them stay updated on the latest trends and threats in the cybersecurity landscape. Join us again on 7-12-24 for our next edition, "Hacking the Materiality of a Data Breach" – Super Cyber Friday.

We'll delve into how SEC regulations impact incident response playbooks and explore the shifting public opinion on data breaches. Stay safe, stay informed, and let's continue to strengthen our defenses against the ever-present cyber threats.

Read more

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Welcome to today's edition of Secret CISO, where we delve into the latest happenings in the world of cybersecurity. Today, we're unpacking a series of data breaches that have sent shockwaves across various sectors. First up, we're looking at a data breach involving a

By Secret CISO
Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO