Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity. Today, we're diving into a series of data breaches that have hit popular platforms and healthcare institutions. First, we'll look at the breach impacting Roll20, an online role-playing platform, where personal data, IP addresses, and credit card information were compromised. Next, we'll delve into the massive data leak in Australian healthcare, where 4TB of data was allegedly leaked.

We'll also discuss the class-action complaint filed against Palomar Health Medical Group amid security breach allegations, and the data breach at Evolve Bank that impacted fintech firms Wise and Affirm. In legislative news, we'll cover the enactment of free credit monitoring for data breach victims, and the arrest of a former Microsoft employee for stealing 1.2M patient records. We'll also touch on the data breaches at Ticketmaster and Prudential Financial, and the 'minor' data breach at DICT's disaster response unit. Lastly, we'll explore the state of emerging data in 2023, and the impact of data breaches on data governance projects and more. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe and secure!

Data Breaches

1. Roll20 Data Breach: Roll20, a popular online role-playing platform, has alerted its users about a data breach that has compromised personal data, IP addresses, and the last four digits of credit cards. Source: Cyber Daily.
2. Australian Healthcare Data Leak: A massive data breach in the Australian healthcare sector has allegedly leaked 4TB of data. The Perkins team is working with external cybersecurity experts to investigate the matter and re-establish security. Source: Cyber Daily.
3. Palomar Health Medical Group Security Breach: A class-action complaint has been filed against Palomar Health Medical Group amid allegations of a security breach. The breach potentially exposed sensitive personal records. Source: Fox 5 San Diego.
4. Evolve Bank Data Breach: Fintech firms Wise and Affirm were impacted by a data breach suffered by Evolve Bank. The extent of the breach and the data compromised are still under investigation. Source: Security Affairs.
5. Ticketmaster Data Breach: Ticketmaster has confirmed a data breach and is notifying affected customers. The breach's impact and the type of data compromised are currently being assessed. Source: Democrat and Chronicle.

Security Research

1. 4TB of data allegedly leaked in Australian healthcare breach: In a significant security breach, 4TB of data was reportedly leaked from an Australian healthcare system. The breach was immediately addressed with the help of cybersecurity advisers and experts. Source: Cyber Daily
2. Decade-long CocoaPods vulnerabilities exposed Apple users to potential security risks: Security researchers at E.V.A Information Security Ltd. have discovered several vulnerabilities in the CocoaPod dependency manager used in MacOS, exposing Apple users to potential security risks. Source: SiliconANGLE
3. Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication: Joe Stewart, a principal security researcher with eSentire's Threat Response Unit, has identified a problem with GitHub and Microsoft authentication systems that can be exploited through passkey redaction attacks. Source: Dark Reading
4. South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware: The AhnLab Security Intelligence Center (ASEC) has reported a hacking incident involving a South Korean ERP vendor's server, which was used to spread Xctdoor malware. Source: The Hacker News
5. Researchers Uncover New 'Indirector' CPU Vulnerability in Intel Chips: Security researchers have identified a new 'Indirector' side-channel attack on modern Intel CPUs variants, including Raptor Lake and Alder Lake. Source: The Cyber Express

Top CVEs

1. Out-of-bounds read vulnerability in Acrobat for Edge: Versions 126.0.2592.68 and earlier of Acrobat for Edge are affected by an out-of-bounds read vulnerability when parsing a crafted file. This could result in a read past the end of an allocated memory structure. An attacker could exploit this vulnerability to execute code in the context of the current user. User interaction is required for exploitation. Source: CVE-2024-34122.
2. Remote Code Execution (RCE) risks in unspecified system: Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. Source: CVE-2023-41917.
3. Hard-coded password vulnerability in mySCADA myPRO: mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected system. Source: CVE-2024-4708.
4. Security check loophole in HAProxy release: A security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry. Source: CVE-2024-37082.
5. Unauthorized access vulnerability: A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code. Source: CVE-2023-41918.

API Security

1. Avalara for Salesforce CPQ app API key exposure: The Avalara for Salesforce CPQ app, versions before 7.0, has a vulnerability that allows attackers to read an API key. It's important to note that the current version is 11. Source: CVE-2024-38453.
2. Aimeos GraphQL API admin interface improper access control: Aimeos GraphQL API admin interface, versions starting from 2022.04.1 to 2022.10.10, 2023.10.6, and 2024.4.2, has an improper access control vulnerability that allows editors to manage their own services via GraphQL API, which isn't allowed in the JQAdm front end. Source: GHSA-JJ68-CP4V-98QF.
3. Aimeos GraphQL API admin interface allows editor to modify admin account: Aimeos GraphQL API admin interface, versions starting from 2022.04.01 to 2022.10.10, 2023.10.6, and 2024.04.6, has an improper access control vulnerability that allows an editor to modify and take over an admin account in the back end. Source: GHSA-VC7J-99JW-JRQM.
4. Pomerium identity and context-aware access proxy vulnerability: Pomerium, versions prior to 0.26.1, has a vulnerability where the user info page unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. Source: CVE-2024-39315.
5. Twilio Authy API unauthenticated endpoint vulnerability: The Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, has an unauthenticated endpoint that provided access to certain phone-number data. Authy accounts were not compromised. Source: CVE-2024-39891.

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. As always, we're committed to bringing you the latest and most important cybersecurity news and insights. Remember, knowledge is power in the fight against cyber threats. Today's news underscores the importance of robust data security measures and the potential consequences of breaches. From online gaming platforms to healthcare providers and financial institutions, no sector is immune.

Don't forget to share this newsletter with your colleagues and friends to help them stay informed and safe.

Let's work together to create a more secure digital world. Stay safe and see you tomorrow!