Secret CISO 7/20: Not ONLY CrowdStrike - Dallas Ransomware Attack, Dell & Dean's Security Incident, Lurie Children's Hospital Cyberattack, MediSecure Breach, Infosys McCamish Systems Leak, also Rite Aid and AT&T Data Breaches
Welcome to today's issue of Secret CISO, where we bring you the latest updates on cybersecurity incidents and developments. Today, we're focusing ..
No, not only on a massive cyber glitch grounded flights at and impacted businesses appears to have been cybersecurity company CrowdStrike. But ...
... on a series of data breaches that have affected millions of individuals and organizations worldwide. First up, Pennsylvania has updated its Breach of Personal Information Notification Act, enhancing its data protection framework. Despite this, data breaches continue to occur, with a ransomware attack in Dallas exposing the personal data of over 200,000 people. Law firm Dell & Dean, PLLC, also fell victim to a data security incident, which impacted its server infrastructure.
Meanwhile, Lurie Children's Hospital is facing a lawsuit from parents who claim the hospital failed to protect their children's data during a cybersecurity attack. In Australia, a data breach at MediSecure, a former electronic prescription provider, compromised the personal and limited health data of approximately 12.9 million Australians. Infosys McCamish Systems, Rite Aid, and Ticketmaster have also reported data breaches, with Rite Aid's breach affecting 2.2 million individuals. AT&T has reversed its initial statement on a data breach disclosed last week, now stating that most FirstNet customers were impacted. The company is now facing a class action lawsuit in Texas.
Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.
Data Breaches
- Dallas Ransomware Attack Exposes 200,000 People's Data: A ransomware attack in Dallas has exposed the personal data of over 200,000 people nationwide. The compromised data includes social security numbers, medical information, and health insurance details. Source: Government Technology
- Data Breach at Dell & Dean, PLLC: On September 29, 2022, Dell & Dean, PLLC became aware of a data security incident that impacted its server infrastructure, taking its systems offline. The extent of the breach is currently under investigation. Source: Business Wire
- MediSecure Data Breach Affects 12.9 Million Australians: MediSecure, a former electronic prescription provider, suffered a data breach compromising the personal and limited health data of approximately 12.9 million Australians. The breach has not impacted the current national prescription delivery service. Source: Insurance Business
- Data Breach at Infosys McCamish Systems: Infosys McCamish Systems, LLC filed a notice of data breach with the Attorney General of Massachusetts after discovering a breach that leaked the information of Nassau Life & Annuity. The extent of the breach is currently under investigation. Source: JD Supra
- Rite Aid Discloses Data Breach Affecting 2.2 Million Individuals: Rite Aid has disclosed a data breach affecting 2.2 million individuals. The extent of the breach and the type of compromised data are currently under investigation. Source: JD Supra
Security Research
- Global Outage Caused by CrowdStrike Update: A recent update from cybersecurity firm CrowdStrike caused a global outage, likely due to skipped checks. The incident has been described as severely disruptive and has raised questions about the company's update procedures. Source: CNA
- IT Outage Highlights Cyber Resilience Concerns: A global IT outage has caused widespread disruption, highlighting the importance of cyber resilience. Experts have reacted to the news, emphasizing the need for robust infrastructure to prevent such incidents. Source: Science X
- HPE Critical 3PAR Processor Flaw: A critical flaw in HPE's 3PAR Processor could allow remote attackers to bypass authentication. The issue was reported by security researcher Milad Fadavvi, highlighting the importance of ongoing security research. Source: Cybersecurity News
- Major Vulnerabilities in the Global Information Ecosystem: A massive IT outage has spotlighted major vulnerabilities in the global information ecosystem. The incident underscores the need for improved cybersecurity measures and infrastructure. Source: UMBC
- Golden Jubilee Research Awards: Xi He and Graeme Smith have received the Golden Jubilee Research Awards from the University of Waterloo. The awards recognize their contributions to privacy and security research, demonstrating the impact of their work in the field. Source: University of Waterloo
Top CVEs
- CVE-2024-6205: The PayPlus Payment Gateway WordPress plugin before 6.6.9 is vulnerable to SQL injection due to improper sanitisation and escape of a parameter. This flaw allows unauthenticated users to manipulate SQL statements via a WooCommerce API route. Source: vulners.com
- CVE-2024-21583: Multiple versions of Gitpod packages are susceptible to Cookie Tossing due to a missing __Host- prefix on the gitpod_io_jwt2 session cookie. This vulnerability allows an adversary controlling a subdomain to manipulate the cookie's value on the Gitpod control plane. Source: vulners.com
- CVE-2024-41172: Apache CXF versions before 3.6.4 and 4.0.5 have a memory leak issue where a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected, leading to potential memory exhaustion. Source: vulners.com
- CVE-2024-6694: The WP Mail SMTP plugin for WordPress up to version 4.0.1 is vulnerable to information exposure. The plugin exposes the SMTP password in the settings, allowing authenticated attackers with administrative-level access to view the SMTP password for the supplied server. Source: vulners.com
- CVE-2024-41107: The CloudStack SAML authentication (disabled by default) does not enforce signature check, allowing an attacker to bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. Source: vulners.com
API Security
- CVE-2024-6491 - Unauthorized Data Modification in Getwid – Gutenberg Blocks Plugin: The Getwid – Gutenberg Blocks plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check on the mailchimp_api_key_manage function. This vulnerability allows authenticated attackers with Contributor-level access and above to manipulate the MailChimp API. Source: vulners.com
- CVE-2024-6489 - Unauthorized Data Modification in Getwid – Gutenberg Blocks Plugin: Similar to CVE-2024-6491, this vulnerability in the Getwid – Gutenberg Blocks plugin for WordPress allows authenticated attackers with Contributor-level access and above to manipulate the Google API due to a missing capability check on the get_google_api_key function. Source: vulners.com
- CVE-2024-40348 - Unauthenticated Directory Execution in Bazaar v1.4.3: An issue in the /api/swaggerui/static component of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory. This vulnerability exposes the system to potential unauthorized access and manipulation. Source: vulners.com
- CVE-2024-6205 - SQL Injection in PayPlus Payment Gateway WordPress Plugin: The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitize and escape a parameter before using it in a SQL statement via a WooCommerce API route. This vulnerability, accessible to unauthenticated users, can lead to an SQL injection, compromising the integrity of the database. Source: vulners.com
- CVE-2024-21583 - Cookie Tossing in Gitpod Packages: Multiple versions of Gitpod packages are vulnerable to Cookie Tossing due to a missing __Host- prefix on the gitpod_io_jwt2 session cookie. This vulnerability allows an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane, potentially leading to unauthorized actions. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
That's it for today's edition of Secret CISO. It's clear that the cybersecurity landscape is constantly evolving, and it's our job to stay one step ahead.
Remember, knowledge is power. Share this newsletter with your friends and colleagues to keep them in the loop. Let's work together to create a safer digital world. Stay safe and see you tomorrow for more cybersecurity updates.