Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the rising costs of healthcare data breaches, which are projected to hit nearly $10M in 2024. Despite a decline in expenses since last year, healthcare remains the costliest industry for data breaches, a position it has held since 2011. In other news, Canada's privacy commissioner has launched an investigation into a massive data breach at Ticketmaster, which saw the personal information of 560 million customers stolen. The breach included names, addresses, phone numbers, and credit card details. Meanwhile, data breaches in Australia were 50% more common than the global average in 2023, according to new research from Rubrik.

On the other hand, data breach costs in India hit an all-time high in 2024, with industries like healthcare and technology being targeted. In the financial sector, data breaches cost an average of $6.08m in 2024, further expanding demands on resources. The UK was not spared either, with data breach costs soaring to £3.58 million between March 2023 and February 2024. In the realm of cybersecurity research, a record-breaking $75M ransom was paid to cybercriminals by a Fortune 50 company, highlighting the urgent need for improved security measures.

Lastly, we look at the latest cybersecurity vulnerabilities and exploits, including a command injection vulnerability that could allow an authenticated user to execute operating system commands as root via a specially crafted API. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. Healthcare Data Breach Costs Nearly $10M in 2024: Despite a decline in expenses from the previous year, the healthcare sector remains the most expensive industry for data breaches, a position it has held since 2011. Source: HealthcareDive
2. Ticketmaster Data Breach: Hackers stole the personal information of 560 million Ticketmaster customers, including names, addresses, phone numbers, and credit card details. The company is now offering free credit monitoring to affected customers. Source: Global News and WRAT
3. Australian Organisations Experience Highest Rate of Data Breaches: Data breaches were 50% more common in Australia than the global average in 2023, according to new research from Rubrik. Source: TechRepublic
4. United of Omaha Data Breach: United of Omaha is notifying customers that their personal information, including names, Social Security numbers, and contact addresses, may have been compromised in a data breach. Source: UP Matters
5. Post Office Data Breach: The Post Office leaked confidential details of 555 Horizon scandal claimants following an urgent investigation. Source: Freeths

Security Research

1. Record $75M Ransom Paid To Cybercriminals: A Fortune 50 company reportedly paid a record-breaking $75 million ransom to the Dark Angels ransomware group. Zscaler, a cloud-based information security company, urges businesses to fix security gaps and involve law enforcement in such cases. Source: Tripwire
2. Karak and Space and Time Revolutionize Blockchain Security: Karak and Space and Time are joining forces to enhance blockchain security. Industry experts, including Dr. Jane Smith, a blockchain security researcher, are closely monitoring this development. Source: CoinTrust
3. Meta AI Safety System Easily Compromised: A study shows that Meta's AI safety system, PromptGuard, can be easily compromised. The flaw was identified by security researcher Aman Priyanshu. Source: ChannelE2E
4. Hackers Distributing Malicious Python Packages: Hackers are distributing malicious Python packages via a popular developer Q&A platform, warns security researcher Jenna Wang. Source: The Hacker News
5. Employees at Dell, AT&T, Verizon, Capital One Exposed via Popular Office App: Employees at major companies like Dell, AT&T, Verizon, and Capital One have been exposed via a popular office app, according to a security researcher at Cybernews. Source: Cybernews

Top CVEs

1. CVE-2024-39379 - Acrobat for Edge Out-of-Bounds Read Vulnerability: Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. This vulnerability could potentially lead to sensitive information disclosure. User interaction is required for exploitation. Source: CVE-2024-39379
2. CVE-2024-23444 - Elasticsearch-certutil CLI Tool Vulnerability: When elasticsearch-certutil CLI tool is used with the csr option to create a new Certificate Signing Requests, the generated private key is stored on disk unencrypted even if the --pass parameter is passed in the command. Source: CVE-2024-23444
3. CVE-2024-7342 - Baidu UEditor File Upload Vulnerability: A vulnerability was found in Baidu UEditor 1.4.3.3 that affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted file upload. The exploit has been publicly disclosed. Source: CVE-2024-7342
4. CVE-2024-7336 - TOTOLINK EX200 Buffer Overflow Vulnerability: A critical vulnerability was found in TOTOLINK EX200 4.0.3c.7646_B20201211 that affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The exploit has been publicly disclosed. Source: CVE-2024-7336
5. CVE-2024-39607 - ELECOM Wireless LAN Routers OS Command Injection Vulnerability: OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. Source: CVE-2024-39607

API Security

1. REXML DoS Vulnerability (CVE-2024-41946): The REXML gem 3.3.2, an XML toolkit for Ruby, has a Denial of Service (DoS) vulnerability when parsing an XML with many entity expansions using SAX2 or pull parser API. The issue is fixed in the REXML gem 3.3.3. Source: vulners.com
2. Command Injection Vulnerability (CVE-2022-4002): A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API. Source: vulners.com
3. Denial-of-Service Vulnerability (CVE-2022-4003): A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API. Source: vulners.com
4. Authentication Bypass Vulnerability (CVE-2022-4001): An authentication bypass vulnerability could allow an attacker to access API functions without proper authentication. Source: vulners.com
5. GetSimple CMS Vulnerability Exploit (CVE-2022-41544): A script to exploit CVE-2022-41544 vulnerability in GetSimple CMS has been released. The script performs several steps to check for vulnerabilities, leak API keys, set cookies, obtain CSRF tokens, upload a shell, and trigger the shell. Source: vulners.com

Sponsored by Wallarm API Security Solution, let's meet at Black Hat, Sticker Booth 3122

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cost of data breaches continues to rise across industries, with healthcare bearing the brunt of these expenses. From Ticketmaster's massive data breach to the soaring costs in Australia, it's evident that no sector is immune. In light of these developments, it's crucial for organizations to prioritize data security and invest in robust protection measures. Remember, the cost of prevention is often far less than the cost of a breach.

If you found today's newsletter informative, please consider sharing it with your colleagues and friends. Let's work together to spread awareness and promote a culture of cybersecurity. Stay safe and secure until our next edition of Secret CISO.