Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news. Today, we're diving into a series of data breaches that have left companies and customers scrambling. Ticketmaster has begun notifying customers of a data breach that occurred between April 24, 2024, potentially exposing sensitive customer information. Meanwhile, the Qilin Ransomware gang has leaked 400GB of NHS and patient data on Telegram after failed ransom negotiations. The Los Angeles Unified School District (LAUSD) is also in hot water after a data breach exposed student, teacher, and staff data due to a Snowflake vulnerability.

In Wisconsin, a security incident involving Disability Rights Wisconsin may have exposed Medicaid members' information. In Georgia, over 279,063 individuals have been impacted by a data breach targeting CGM, a company providing services to wireless companies. The victims have only six days left to claim a one-time payment from a $1.5m pot. In the healthcare sector, a May 2023 data breach at Superior Air-Ground Ambulance Service has triggered a class-action lawsuit, while UnitedHealth Group has begun data breach notifications following a February cyberattack. In tech news, Intelbroker claims to have hacked Apple in the same week as AMD, prompting Apple to enhance its security measures.

Meanwhile, the Chemical Security Assessment Tool (CSAT) was infiltrated by a malicious actor, potentially leading to data exfiltration. In the world of research, security experts are making strides in identifying crime hotspots and improving retirement security for near-retirees. However, the Kraken-CertiK saga continues, with a security researcher maliciously withdrawing $3M worth of funds. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe and secure!

Data Breaches

1. Ticketmaster Data Breach: Ticketmaster has begun notifying customers potentially affected by a data breach that occurred between April 24, 2024. The extent of the breach and the specific data compromised have not been disclosed. Source: FOX 32 Chicago
2. Qilin Ransomware Leaks NHS and Patient Data: The Qilin ransomware gang has publicly leaked 400GB of NHS and patient data on Telegram following failed ransom negotiations. The gang had initially demanded $50 million to prevent the data leak. Source: Hackread
3. LAUSD Data Breach: The Los Angeles Unified School District (LAUSD) has suffered a data breach due to a Snowflake vulnerability, exposing student, teacher, and staff data. The specific data leaked and the number of individuals affected are currently unknown. Source: Hackread
4. Wisconsin Medicaid Data Breach: The Wisconsin Department of Health Services has reported a security incident involving one of its partners, Disability Rights Wisconsin. The breach may have exposed the information of Wisconsin Medicaid members, though the extent of the exposure is unclear. Source: FOX 11
5. CGM Data Breach: Over 279,063 individuals have been impacted by a data breach targeting CGM, a Georgia-based company that provides services to wireless and other industries. The specific data compromised in the breach has not been disclosed. Source: The US Sun

Security Research

1. Inflation-wary employees: How employers can improve retirement security for near-retirees: Researchers Jean-Pierre Aubry and Laura D. Quinby of Boston College have authored a paper discussing the impact of inflation on retirement security. They suggest ways employers can help near-retirees secure their financial future amidst high inflation. Source: BenefitsPro
2. Kraken-CertiK $3M saga, zkSync airdrop wallets dumping tokens: Finance Redefined: A security researcher allegedly withdrew $3 million worth of funds from Kraken. The incident, which was initially announced by a Kraken executive, has sparked discussions about the ethical boundaries of security research. Source: Cointelegraph
3. Legal Defense Fund Covers Crypto Research - Dark Reading: The Security Alliance, a nonprofit organization, has provided funding to protect those who illegally access crypto assets with the aim of improving security. This move highlights the complex ethical landscape of security research in the crypto space. Source: Dark Reading
4. Google's Zero-Day Hunters Test AI for Security Research - GovInfoSecurity: Google's team of zero-day hunters are exploring the use of artificial intelligence to improve automated threat identification and analysis. The researchers believe that AI can significantly enhance the efficiency and effectiveness of security research. Source: GovInfoSecurity
5. On the frontlines of protecting AI | Security Info Watch: The Protect AI huntr bug bounty community has discovered vulnerabilities in AI systems. This highlights the increasing importance of security research in the rapidly evolving field of artificial intelligence. Source: Security Info Watch

Top CVEs

1. CVE-2020-27352 - Docker Snap Systemd Service Units: This vulnerability allows processes from containers created and managed by Docker Snap to be moved into the cgroup of the main daemon within the snap itself when reloading system units, potentially granting additional privileges to a container within the snap. Source: Vulners
2. CVE-2023-38389 - Artbees JupiterX Core Incorrect Authorization: This vulnerability allows unauthorized access to functionality not properly constrained by ACLs in Artbees JupiterX Core. Source: Vulners
3. CVE-2024-35767 - Squeeze File Upload: This vulnerability allows unrestricted upload of files with dangerous types in Bogdan Bendziukov Squeeze, potentially leading to code injection. Source: Vulners
4. CVE-2024-6239 - Poppler's Pdfinfo Utility Flaw: A flaw in Poppler's Pdfinfo utility can cause the utility to crash when using certain malformed input files, leading to a denial of service. Source: Vulners
5. CVE-2024-6240 - Parallels Desktop Software Privilege Management: This vulnerability allows an attacker to add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system. Source: Vulners

API Security

1. CVE-2024-5791 - Online Booking & Scheduling Calendar for WordPress by vcita Stored Cross-Site Scripting: This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the 'wp_id' parameter in all versions up to, and including, 4.4.2. The scripts will execute whenever a user accesses a wp-admin due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates valuable in keeping your organization's security posture strong and resilient. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

Let's work together to create a safer digital world for everyone. Until next time, stay safe and secure!