Secret CISO 8/14: Edmonton City and Indonesian Government Data Breaches, Enzo Biochem's $4.5M Settlement, Research on Rising Breach Costs and Russian Phishing Attacks
Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the world of data breaches and their escalating costs, with a focus on recent incidents that have left organizations and individuals exposed. In Edmonton, a contractor's error led to a data breach that exposed the personal and family data of city, library, and police staff. Meanwhile, a fresh data breach in Indonesia is piling pressure on the government to establish a cyber privacy agency, highlighting the ongoing struggle with security in government-built digital infrastructure. In the healthcare sector, Enzo Biochem is set to pay $4.5M for a patient data breach, a stark reminder of the risks and costs associated with inadequate data security. UnitedHealth has also begun informing patients affected by a major data breach, emphasizing the importance of prompt communication in such incidents.
On a broader scale, a massive data hack has reportedly stolen the information of 2.9 billion people, including social security numbers. If you're one of the victims, we'll guide you through the steps you can take to protect yourself. As the costs of data breaches continue to rise, hitting a record high of $4.88 million, we explore how to cap them. We also examine the downplaying of a Columbus ransomware-related data breach and discuss effective data security measures beyond the breach. In other news, we look at the increasing sophistication of phishing attacks from Russia, the hacking of wireless shifters in bike races, and the surge in file-sharing phishing attacks.
We also share insights from cybersecurity experts on various topics, from proactive security to the implementation of Splunk Enterprise Security. Stay tuned for more updates on the latest vulnerabilities and how to protect your systems. As always, stay safe and secure!
Data Breaches
- Edmonton City, Library, and Police Staff Data Breach: An unknown number of Edmonton city, library, and police staff, along with their families, had their data exposed in a breach. The contractor is being blamed for the incident. Source: Edmonton Journal
- Indonesian Government Data Breach: A fresh data breach has put pressure on the Indonesian government to form a cyber privacy agency. The breach highlights the ongoing security issues with government-built digital infrastructure. Source: The Star
- Enzo Biochem Patient Data Breach: Enzo Biochem, a healthcare company, has agreed to pay $4.5 million for a data breach that put patients at serious risk of fraud and identity theft. The breach highlights the importance of prioritizing data security in the healthcare sector. Source: GenomeWeb
- UnitedHealth Data Breach: UnitedHealth Group has begun informing patients about a major data breach. The compromised information ranges from health conditions to Social Security numbers. Source: Star Tribune
- Oxfam Hong Kong Data Breach: The Hong Kong branch of international charity Oxfam suffered a data breach potentially affecting 470,000 people. The privacy watchdog has launched an investigation into the incident. Source: South China Morning Post
Security Research
- Russia Launching More Sophisticated Phishing Attacks: A new report by the Citizen Lab reveals an increase in sophisticated phishing attacks originating from Russia. The report highlights the need for enhanced cybersecurity measures to counter these threats. Source: The Guardian
- Hack Your Rival's Wireless Shifters: Researchers at the Usenix Security Symposium have discovered vulnerabilities in wireless bicycle shifters that could be exploited to gain an unfair advantage in bike races. The findings underscore the importance of securing even seemingly innocuous wireless devices. Source: WIRED
- File-Sharing Phishing Attacks Surge 350%: A new report from Abnormal Security reveals a 350% surge in file-sharing phishing attacks. The report underscores the growing threat of phishing attacks and the need for robust cybersecurity measures. Source: Global Security Mag
- The AMD SinkClose Security Hole: Security researchers Enrique Nissim and Krzysztof Okupski from IOActive have discovered a dangerous security hole in AMD processors, dubbed SinkClose. The researchers provide guidance on how to protect systems from this vulnerability. Source: ZDNet
- Aqua Security Finds Critical Vulnerabilities in Six AWS Services: Aqua Security's research team, Nautilus, has identified critical vulnerabilities in six major AWS services. These flaws pose risks of remote code execution, full-service takeovers, and data breaches. Source: IT Brief Asia
Top CVEs
- Security Center Broker Information Disclosure (CVE-2024-38155): A vulnerability in the Security Center Broker could lead to information disclosure, potentially exposing sensitive data. Users are advised to update their systems to mitigate the risk. Source: CVE-2024-38155
- MongoDB Enterprise Server Backup Files Vulnerability (CVE-2024-6384): MongoDB Enterprise Server versions prior to 6.0.16, 7.0.11 and 7.3 have a vulnerability where "hot" backup files may be downloaded by underprivileged users if they can acquire a unique backup identifier. Users are advised to update to the latest version. Source: CVE-2024-6384
- Microsoft Local Security Authority (LSA) Server Information Disclosure (CVE-2024-38118): A vulnerability in Microsoft's Local Security Authority (LSA) server could lead to information disclosure, potentially exposing sensitive data. Users are advised to update their systems to mitigate the risk. Source: CVE-2024-38118
- Windows TCP/IP Remote Code Execution (CVE-2024-38063): A vulnerability in Windows TCP/IP could allow remote code execution if an attacker sends specially crafted packets to an affected system. Users are advised to update their systems to mitigate the risk. Source: CVE-2024-38063
- Windows Network Virtualization Remote Code Execution (CVE-2024-38159): A vulnerability in Windows Network Virtualization could allow remote code execution if an attacker sends specially crafted packets to an affected system. Users are advised to update their systems to mitigate the risk. Source: CVE-2024-38159
API Security
- CVE-2024-7743 in wanglongcn ltcms 1.0.20: A critical vulnerability was found in the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file can lead to server-side request forgery. The attack can be launched remotely and the exploit is publicly known. Source: CVE-2024-7743
- CVE-2024-7742 in wanglongcn ltcms 1.0.20: Another critical vulnerability was identified in the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file can lead to server-side request forgery. The attack can be launched remotely and the exploit is publicly known. Source: CVE-2024-7742
- CVE-2024-7741 in wanglongcn ltcms 1.0.20: This critical vulnerability affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file can lead to path traversal. The attack can be initiated remotely and the exploit is publicly known. Source: CVE-2024-7741
- CVE-2024-7740 in wanglongcn ltcms 1.0.20: This critical vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url can lead to server-side request forgery. The attack can be initiated remotely and the exploit is publicly known. Source: CVE-2024-7740
Sponsored by Wallarm API Security Solution
Final Words
That's it for today's edition of Secret CISO. We've covered a lot of ground, from the data breach in Edmonton city to the rising costs of data breaches and the need for effective data security measures. Remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.