Secret CISO 8/12: East Valley Institute and McLaren Health Breaches, Dutch AI Chatbot Data Leaks, Security Research at Black Hat and Def Con
Welcome to today's issue of Secret CISO, your daily source for the latest in cybersecurity news. Today, we're diving into a series of data breaches that have rocked the tech world, from the East Valley Institute of Technology to McLaren Health.
We'll explore the implications of these breaches, the types of personal information targeted, and the steps you can take to protect yourself. We'll also delve into the world of AI chatbots, examining a warning from the Dutch Data Protection Authority about potential data breaches. Plus, we'll look at the rise in active ransomware groups and the billions of personal records exposed in a recent breach.
In other news, we'll discuss the latest security research from Black Hat and Def Con 2024, the cost of a data breach in France, and the vulnerabilities found in Windows 10 and 11. We'll also touch on the potential for foreign interference in the 2024 election and the security risks associated with Chinese apps.
Finally, we'll round out our newsletter with a look at the latest vulnerabilities and security flaws, from Microsoft's warning about OpenVPN vulnerabilities to the ancient browser security flaw affecting Safari, Chrome, and Firefox. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.
Data Breaches
- 48 types of PII targeted in East Valley Institute of Technology breach: The personal and health information of 200,000 people was compromised in a data breach at East Valley Institute of Technology. The breach involved data such as names and addresses. Source: SC Magazine
- McLaren Health Data Breach: McLaren Health suffered a significant data breach leading to interruptions in services, including difficulties in refilling prescriptions and accessing patient data. The extent of sensitive data exposure is still unknown. Source: Accesswire
- Breach exposed billions of personal records, lawsuit says: A massive data breach may have exposed billions of personal information records, according to a lawsuit. The breach could have serious implications for consumers, who are advised to take steps to protect themselves. Source: WFXR
- Dutch Data Protection Authority Warns that Using AI Chatbots Can Lead to Personal Data Breaches: The Dutch Data Protection Authority has warned that the use of AI chatbots can lead to personal data breaches. In one instance, an employee of a medical practice entered patient medical data into an AI chatbot. Source: JD Supra
- National Public Data breach sees 2.7 billion sensitive records exposed: Records from National Public Data, a US data broker, were leaked last week by a threat actor named "Fenice" on the Breached hacking forum. The breach may have compromised the personal data of 2.9 billion people. Source: Tech Monitor
Security Research
- Def Con spotlights AI's soaring importance in the high-stakes cybersecurity war—and its vulnerability: Ariel Herbert-Voss, founder of RunSybill and previously OpenAI's first security research, emphasized the growing importance of AI in cybersecurity. The discussion highlighted the potential vulnerabilities in AI systems and the need for robust security measures. Source: Fortune
- New Windows 10 And 11 Blue Screen Of Death Warning Issued: Researchers have found that all versions of Windows 10 and Windows 11 are susceptible to a new type of 'Blue Screen of Death' error, even with all current security updates installed. This discovery underscores the need for continuous vigilance and updates in system security. Source: Forbes
- Chinese apps a potential security risk, experts say: Security Research experts from INDSR have warned that Chinese apps pose significant information security risks. The experts emphasized that information security risks are national security risks, highlighting the need for stringent app security measures. Source: Taipei Times
- Hong Kong chip fab raises U.S. research security concerns: report: A defense policy group in Washington has raised concerns about research security related to a Hong Kong chip fab. The group warns that the chip fab could potentially compromise U.S. research security. Source: Nikkei Asia
- This ancient browser security flaw affecting Safari, Chrome and Firefox is finally being fixed: Cybersecurity researchers from Oligo have detailed a longstanding browser security flaw affecting Safari, Chrome, and Firefox. The flaw, dubbed the "0.0.0.0-day", is finally being addressed, highlighting the importance of continuous security updates in web browsers. Source: TechRadar
Top CVEs
- Signal Handler in sshd(8) (CVE-2024-7589): A signal handler in sshd(8) may call a logging function that is not async-signal-safe, potentially leading to a race condition that a determined attacker may exploit for unauthenticated remote code execution. Source: CVE-2024-7589
- Microsoft Office Spoofing (CVE-2024-38200): Microsoft Office has been identified with a spoofing vulnerability, potentially allowing malicious actors to misrepresent themselves or their actions. Source: CVE-2024-38200
- Improper Validation in MSR (CVE-2023-31315): A model specific register (MSR) has been found to improperly validate, potentially allowing a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, leading to arbitrary code execution. Source: CVE-2023-31315
- Microsoft Edge Memory Corruption (CVE-2024-38218): Microsoft Edge (HTML-based) has been identified with a memory corruption vulnerability, potentially leading to unexpected behavior or system instability. Source: CVE-2024-38218
- Script Execution Vulnerability (CVE-2024-22116): An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section, potentially leading to arbitrary code execution. Source: CVE-2024-22116
API Security
- Kamaji Hosted Control Plane Manager Vulnerability (CVE-2024-42480): Kamaji, the Hosted Control Plane Manager for Kubernetes, has a vulnerability in versions 1.0.0 and earlier. The issue lies in the "open at the top" range definition in RBAC for etcd roles, allowing some TCPs API servers to read, write, and delete the data of other control planes. The vulnerability is fixed in later versions. Source: vulners.com.
- Unbound NULL Pointer Dereference Flaw (CVE-2024-43167): A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault, leading to a denial of service by causing the application to terminate. Source: vulners.com.
- OpenFGA Authorization Bypass Vulnerability (CVE-2024-42473): OpenFGA, an authorization/permission engine, has a vulnerability in versions v1.5.7 and v1.5.8. The issue allows for authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Users are advised to downgrade to v1.5.6 as soon as possible. A patch is planned for future inclusion. Source: vulners.com.
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the 48 types of PII targeted in the East Valley Institute of Technology breach to the rising number of active ransomware groups. Remember, security isn't just about technology - it's about awareness, vigilance, and continuous learning.
Stay safe, stay informed, and don't forget to share this newsletter with your friends and colleagues. They'll thank you for it. Until next time, keep your data secure and your systems protected.