Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and lawsuits that have been making headlines. Infosys McCamish is facing its fourth class action suit over a data breach that occurred in 2023. Meanwhile, the Wyatt Detention Center is also dealing with a federal lawsuit over a data breach that affected ten times the number of victims initially estimated.

In other news, software maker MCG Health has settled a data breach suit for $8.8 million, two years after a hack in 2020. We also explore the importance of close collaboration at the C-level for effective data protection, as highlighted by Intelligent CISO. In a shocking turn of events, a security firm unknowingly hired a North Korean hacker, highlighting the importance of thorough background checks. We also delve into the largest healthcare data breach claimed by Daixin Team, involving the theft of 10 million unique records from Acadian Ambulance.

Finally, we look into the recent data breaches at Michigan Medicine, Brookfield Zoo Chicago, and the City of Columbus, and the potential impacts on personal and health information of thousands of individuals. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe!

Data Breaches

1. Infosys McCamish facing fourth class action suit over 2023 data breach: Infosys McCamish is facing its fourth class action lawsuit following a data breach in 2023. The complaint was filed in the U.S. District Court for the Northern District of Georgia. Source: Economic Times
2. Wyatt Detention Center hit with federal lawsuit over data breach: A data breach at the Donald W. Wyatt Detention Facility has led to a federal lawsuit. The number of victims is estimated to be ten times higher than initially reported. Source: News From The States
3. Software Maker MCG Health Settles Data Breach Suit for $8.8M: MCG Health, part of the Hearst Health Network, has settled a data breach lawsuit for $8.8 million. The breach occurred in February 2020 and was not disclosed for over two years. Source: BankInfoSecurity
4. Imagine360 Issues Data Breach Letters Following May 2024 Cyber Incident: Imagine360, LLC has filed a notice of data breach with the Attorney General of Montana following a cyber incident in May 2024. The company discovered that an unauthorized party had gained access to its systems. Source: JD Supra
5. Daixin Team Claims to Have Stolen 10 Million Unique Records from Acadian Ambulance: The Daixin Team claims to have stolen 10 million unique records from Acadian Ambulance in what could be the largest healthcare data breach to date, if the group's claims are valid. Source: HIPAA Journal

Security Research

1. Guidelines for Research Security Programs at Covered Institutions: The White House Office of Science and Technology Policy (OSTP) has issued guidelines for research security programs at federally-funded research institutions. The guidelines aim to protect U.S. research and development work from foreign adversaries. Source: Lexology
2. New Phishing Scam Targeting German Customers: Security researcher Pedro Umbelino has warned of a new phishing scam targeting German customers. The scam has seen a significant drop, between 15% and 20%, in the number of unique IPs and organizations. Source: The Hacker News
3. Boost to Quantum Hubs for Life-saving Blood Tests and Resilient Security Systems: The UK government has announced a £100 million boost to quantum hubs for the development of life-saving blood tests and resilient security systems. The new innovations in quantum will not only focus on research but also on putting that research to work. Source: Gov.uk
4. Emory to Lead $6.4 Million SECURE Southeast Center for NSF Research Security Initiative: The National Science Foundation is funding a $67 million national research security initiative, including $6.4 million for an initiative focused on Emory University. The initiative aims to enhance research security at the university. Source: Emory News
5. Data from Deleted GitHub Repos May Not Really Be Deleted: Researchers at Truffle Security have found that data from deleted GitHub repositories (public or private) may not really be deleted. This discovery raises concerns about the security of data stored on GitHub. Source: The Register

Top CVEs

1. Microsoft Edge (Chromium-based) Information Disclosure: A vulnerability in Microsoft Edge could allow an attacker to gain access to sensitive information. This issue arises due to improper handling of objects in memory by the scripting engine. Source: CVE-2024-38103
2. IBM Security Directory Integrator Stored XSS: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are vulnerable to stored cross-site scripting. This vulnerability could allow users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. Source: CVE-2024-28772
3. Tenda FH1201 Command Injection Vulnerability: Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter. An attacker could exploit this vulnerability to execute arbitrary commands on the affected system. Source: CVE-2024-41468
4. Softaculous Webuzo Authentication Bypass: Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Source: CVE-2024-24621
5. ForIP Tecnologia Administração PABX SQL Injection: A critical vulnerability has been found in ForIP Tecnologia Administração PABX 1.x. The vulnerability is due to an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to SQL injection. The attack can be launched remotely. Source: CVE-2024-7105

API Security

1. CVE-2024-4447 - System Maintenance Tool Vulnerability: This vulnerability exposes sessionId data for all users via the Direct Web Remoting API. Although the attack vector is small and requires high permissions, it could be used by a malicious administrator to make their actions untraceable. This issue has been fixed in the latest versions. Source: CVE-2024-4447
2. Unsound kstring Integration in gix-attributes: The gix-attributes unsafely creates a &str from a &[u8] containing non-UTF8 data. This non-UTF8 str is exposed to outside code, which may lead to undefined behavior. Source: GHSA-CX7H-H87R-JPGR
3. CVE-2024-36111 - KubePi JWT Token Verification Defect: In KubePi versions 1.6.3 to 1.8.0, there is a defect in the JWT token verification. The JWT key in the default configuration file is empty, allowing an attacker to bypass login verification and take over the backend. This issue has been patched in version 1.8.0. Source: CVE-2024-36111
4. Remote Code Execution in Spring Cloud Data Flow: In versions prior to 2.11.4, a malicious user with access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system, potentially compromising the system. Source: GHSA-P528-3MVF-GR87
5. CVE-2024-41110 - Docker Security Checker: This tool checks multiple hosts for vulnerabilities related to CVE-2024-41110 in Docker installations. It specifically looks for vulnerable Docker versions and the use of AuthZ plugins, which can potentially lead to security issues. Source: CVE-2024-41110

Sponsored by Wallarm API Security Solution.

Get Stickers at BlackHat BOOTH 3122

Final Words

As we wrap up today's edition of Secret CISO, we're reminded that the world of cybersecurity is a constantly evolving landscape. From Infosys McCamish facing its fourth class action suit over a data breach to the Wyatt Detention Center dealing with the aftermath of a massive data leak, it's clear that no organization is immune to the threat of cyber attacks.

We've also seen how software maker MCG Health has had to settle a data breach suit for a whopping $8.8M, highlighting the financial implications of failing to adequately protect data. On a more positive note, we've seen how collaboration at the C-level can be key to effective data protection, as highlighted in an article by Intelligent CISO. But the fight against cyber threats is far from over. With new data breaches being reported daily, it's more important than ever to stay informed and take proactive measures to protect your organization.

If you found today's newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world.

Stay tuned for more updates tomorrow. Stay safe and secure!