Secret CISO 7/29: New Jersey Dental & Singaporean Software Data Breaches, Spyware Provider Hacked, Microsoft's Underestimated CrowdStruck Machines, South Korea's Military Data Exposed

Secret CISO 7/29: New Jersey Dental & Singaporean Software Data Breaches, Spyware Provider Hacked, Microsoft's Underestimated CrowdStruck Machines, South Korea's Military Data Exposed

Good morning, Secret CISO readers! Today's newsletter is packed with the latest cybersecurity news, breaches, and updates from around the globe. We start off with a significant data breach at a New Jersey dental care practice, impacting nearly 75,000 patients. On the other side of the world, a Singapore-based software firm, Ezynetic, also suffered a data security incident, compromising the sensitive personal data of over 128,000 individuals. In a shocking revelation, a spyware provider for Windows, Mac & Android was hacked, exposing sensitive data and unveiling the company's covert surveillance activities. Meanwhile, the importance of cybersecurity in future-proofing financial services is underlined by a data breach affecting 150 million consumers.

Microsoft admits to underestimating the number of CrowdStruck machines, highlighting the need for robust security measures. In India, the average cost of data breaches has risen to $2.18 million in 2023, prompting central banks to increase their cybersecurity investment budgets. South Korea discloses a data breach exposing sensitive military documents, while a US banker pleads guilty to draining $2.3 million from customer accounts following a data breach. In Australia, a security breach prompts evacuation at Adelaide Airport. Insider risk is identified as a significant threat to data security, with 87% of security leaders experiencing a data breach in the last 12 months. In other news, 'Stargazer Goblin' creates 3,000 fake GitHub accounts for malware spread, and Indian cryptocurrency exchange WazirX unveils a controversial plan to distribute a $230 million loss from a security breach among all customers. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed.

And if you are going to Black Hat, don't forget to stop by The Stickers Booth #3122

Data Breaches

  1. New Jersey dental care practice data breach: A data security incident at New Jersey Oral & Maxillofacial Surgery has impacted close to 75,000 patients. The nature of the compromised data is yet to be disclosed. Source: teiss
  2. Data breach at Singaporean software firm: Ezynetic, a Singapore-based software services provider, experienced a significant data security incident that compromised the sensitive personal data of over 128,000 individuals. The company is yet to reveal the specifics of the breach. Source: teiss
  3. Spyware Provider for Windows, Mac & Android Hacked: A breach has exposed the covert surveillance activities of an unnamed company, compromising over 10,000 devices since 2013, including Android devices. The exposed data reveals the company's surveillance operations. Source: cybersecuritynews
  4. Microsoft admits 8.5 million CrowdStruck machines estimate was lowballed: Microsoft has admitted that its initial estimate of 8.5 million machines affected by the CrowdStruck incident was underreported. The actual number of affected machines is yet to be disclosed. Source: The Register
  5. Data Breach: US Banker Drains $2.3 Million From Customers Accounts: Megan Lea Dougherty, a 36-year-old US banker, pleaded guilty to one count of bank fraud for stealing $2.393 million. The data breach from the US bank was instrumental in facilitating the fraud. Source: Watcher Guru

Security Research

  1. Skybox Security Report Reveals 30,000 New Vulnerabilities: Skybox Security Research Lab's 2024 Vulnerability and Threat Trends Report reveals that over 30,000 new vulnerabilities were published last year, indicating a significant increase in potential security threats. Source: TechCentral
  2. Gh0st RAT Trojan Targets Chinese Windows Users: Security researchers Nguyen Hoang Giang and Yi Helen Zhang have reported a new threat where the Gh0st RAT Trojan is targeting Chinese Windows users via a fake Chrome site. The scripts used to deliver the malware suggest a sophisticated attack strategy. Source: The Hacker News
  3. Secure Boot Master Key Exposure: Researchers at firmware security vendor Binarily have published research indicating that the exposure of the Secure Boot master key renders it virtually useless, highlighting a significant vulnerability in system security. Source: The Register
  4. Dr. Satpreet Singh's Research on Adaptive Leadership: Dr. Satpreet Singh's transformative research on adaptive leadership in public-private partnerships sets new standards for security enhancement, potentially revolutionizing the way security partnerships are formed and managed. Source: KGET
  5. CHERI RISC-V: Hardware Extension for Conditional Capabilities: Researchers at Ericsson Security Research and Université Libre have published a study on the adaptation of Capability Hardware Enhanced RISC with Conditional Capabilities, potentially offering a new approach to hardware security. Source: Semiconductor Engineering

Top CVEs

  1. CVE-2024-41090: A vulnerability in the Linux kernel could allow a corrupted skb to be sent downstack, potentially causing out-of-bound access or confusing the underlayer with incorrect header length. This issue has been resolved by adding missing verification for short frame in the tap_get_user_xdp() path. Source: CVE-2024-41090
  2. CVE-2024-41091: Similar to the above, this Linux kernel vulnerability could cause a corrupted skb to be sent downstack due to missing verification for short frame in the tun_xdp_one() path. This issue has also been resolved. Source: CVE-2024-41091
  3. CVE-2024-7201: The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database. Source: CVE-2024-7201
  4. CVE-2024-7202: Similar to the above, the query functionality of WinMatrix3 Web package from Simopro Technology also lacks proper validation of user input, allowing SQL command injection. Source: CVE-2024-7202
  5. CVE-2024-7171: A critical vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. The manipulation of the argument hostTime in the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi leads to OS command injection. Source: CVE-2024-7171

Black Hat is Comming

Don't miss to pickup Cool Stickers from the FRIDGE at the Stickers Booth 3122

Get the coolest stickers at Black Hat 2024 - Booth #3122
Cool down at the booth #3122 - your one-stop shop for the coolest security stickers in town!

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From New Jersey to Singapore, data breaches continue to impact businesses and individuals alike. The cost of these breaches is on the rise, with India seeing an increase to $2.18 million in 2023. Meanwhile, the cybersecurity landscape continues to evolve, with new threats and vulnerabilities emerging daily.

Remember, staying informed is the first step in maintaining a robust security posture. Share this newsletter with your colleagues and friends to help them stay ahead of the curve.

Until next time, stay safe and secure.

Read more