Welcome to today's issue of Secret CISO. We're diving deep into the alarming wave of data breaches that have swept across the globe, affecting billions of individuals and organizations. From the massive data breach at National Public Data that compromised Social Security numbers, to the United Healthcare breach that may affect almost half of the U.S. population, we're breaking down the details and exploring the aftermath.

We'll also look at how victims are responding, with lawsuits already underway against companies like Dollar Energy Fund. And it's not just the U.S. that's been hit - over half of Chile's population has been exposed in a data leak, and personal details of Ukrainian refugees were released due to a council data breach. In the midst of this chaos, we'll share expert advice on how to protect your data and what to do if it's been stolen.

We'll also discuss the latest security research, including a report on how threat actors are increasingly targeting macOS. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. United Healthcare Group/Change Healthcare Prescription Claims Systems Data Breach: A significant data breach involving the United Healthcare Group/Change Healthcare prescription claims systems has been reported. Victims of the breach are currently receiving notices. The breach may affect up to 45% of the U.S. population. Source: Insurance News Net
2. Chile's Population Data Leak: Over half of Chile's population has been exposed in a massive data breach. The breach has leaked personal data of the citizens, causing a significant impact on the country's cybersecurity. Source: TechRadar
3. ADT Data Breach: Home security company ADT has confirmed a data breach following unauthorized access to a customer database. The breach was confirmed after a threat actor listed the stolen database for sale. Source: CPO Magazine
4. Radiology Information Systems Provider Data Breach: A cyberattack on a provider of radiology information systems has resulted in a data breach. The breach impacted patient information including dates of birth, driver's license numbers, and Social Security numbers. Source: Radiology Business
5. Ambulnz Data Breach: Ambulnz Holdings, LLC, a medical transportation company, has reported a data breach affecting patients of Jefferson Health and Main Line Health. The breach was discovered on August 13, 2024, and a notice has been filed with the Attorney General of California. Source: JD Supra

Security Research

1. Threat Actors Increasingly Target macOS: Security researchers have discovered a new encryptor targeting macOS in April 2023. The research highlights the growing threat to Apple's operating system, emphasizing the need for robust security measures. Source: TechRepublic
2. Security Firm AppOmni Warns of Data Exposure Loophole in SuiteCommerce: AppOmni's security research has identified a data exposure loophole in SuiteCommerce. Administrators are advised to take immediate action to mitigate this risk. Source: PYMNTS
3. Chinese Hacking Firm iSoon Targeted European Networks: Leaked documents reveal that Chinese hacking firm iSoon has been targeting European networks. The firm's main customer is believed to be the Ministry of China. Source: GovInfoSecurity
4. Fixing Unpatched Vulnerabilities Without Traditional Patches: Security research by Cato Networks suggests that unpatched vulnerabilities can be fixed without traditional patches. This innovative approach could revolutionize cybersecurity practices. Source: GovInfoSecurity
5. UNILAG Don Awarded Women Advance: Research Security Fellowship: A researcher from the University of Lagos has been awarded the Women Advance: Research Security Fellowship. The fellowship aims to enhance research security knowledge and skills and establish the selected candidates as research security leaders. Source: University of Lagos

Top CVEs

1. Microsoft Edge (Chromium-based) Elevation of Privilege: A vulnerability in Microsoft Edge could allow an attacker to escalate their privileges, potentially gaining unauthorized access to system resources. Microsoft is currently working on a fix. Source: CVE-2024-43472
2. Ingress-nginx Security Issue: A security issue in ingress-nginx allows an actor with permission to create Ingress objects to bypass annotation validation and inject arbitrary commands, potentially compromising the ingress-nginx controller's credentials. Users are advised to update to the latest version. Source: CVE-2024-7646
3. IBM Security Directory Integrator Authentication Issue: IBM Security Directory Integrator and Security Verify Directory Integrator do not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM has issued a fix. Source: CVE-2022-33162
4. IBM QRadar Suite Software Information Disclosure: IBM QRadar Suite Software and IBM Cloud Pak for Security could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM has issued a fix. Source: CVE-2023-47728
5. JetTabs for Elementor Local File Inclusion: The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. A fix is currently being worked on. Source: CVE-2024-7146

API Security

1. CVE-2024-43837 - Linux Kernel Vulnerability: A null pointer dereference vulnerability has been resolved in the Linux kernel's BPF_PROG_TYPE_EXT program. The issue occurred when loading an EXT program without specifying attr->attach_prog_fd, causing prog->aux->dst_prog to be null and leading to a null pointer dereference when calling resolve_prog_type(). Source: CVE-2024-43837
2. CVE-2024-43824 - Linux Kernel PCI Endpoint Vulnerability: A vulnerability in the Linux kernel's PCI endpoint has been resolved. The issue was related to redundant NULL checks in the pci_epf_test_core_init() function. The fix involves using the cached pci_epf_test::epc_features value to avoid the NULL check. Source: CVE-2024-43824
3. CVE-2023-3416 - tagDiv Opt-In Builder Plugin Vulnerability: The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter in the 'create_stripe_subscription' REST API endpoint. This vulnerability allows authenticated attackers with administrator-level privileges to append additional SQL queries into existing queries, potentially extracting sensitive information. Source: CVE-2023-3416
4. CVE-2023-3419 - tagDiv Opt-In Builder Plugin Vulnerability: A similar vulnerability to CVE-2023-3416 exists in the tagDiv Opt-In Builder plugin, this time via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint. This vulnerability also allows authenticated attackers with administrator-level privileges to append additional SQL queries into existing queries, potentially extracting sensitive information. Source: CVE-2023-3419
5. Cilium Gateway API Information Leak: Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets that they should no longer have access to. Source: Cilium Gateway API Information Leak

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found the information valuable and actionable. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure.

If you found this newsletter helpful, why not share it with your friends and colleagues?

The more we spread awareness about these security issues, the safer we can make our digital world. Until next time, keep your data safe and your systems secure.