Secret CISO 8/23: Missouri AG Investigates Data Breach, Microsoft Fixes Copilot Studio Flaw, Kootenai Health Breach Probed, AT&T Faces Lawsuit Over Data Breach, Fidelity Bank Rejects Data Breach Fine
Welcome to today's issue of Secret CISO. We're diving into a series of data breaches that have been making headlines across the nation. In Missouri, Attorney General Andrew Bailey has launched an investigation into a widespread data breach, urging affected residents to reach out to his office's consumer protection hotline. Meanwhile, Kootenai Health's recent breach has raised concerns over the security of private information entrusted to healthcare providers. In Columbus, city employees are voicing their frustrations over the handling of a cyberattack that resulted in the exposure of residents' private information.
On the corporate front, AT&T is facing a lawsuit following an April data breach that impacted customers of more than 16 other cell phone providers. In the banking sector, Fidelity Bank is contesting a hefty fine following allegations of a data breach, while a settlement has been approved in the Ameritas Mutual data breach lawsuit. On the tech front, Microsoft has fixed a flaw in its Copilot Studio that exposed cloud data risk, while Snowflake insists that the security burden rests with customers following a wave of attacks.
We'll also be discussing the latest security research, including a warning for iPhone users about a specific sequence of characters that can cause devices to crash, and a critical LiteSpeed Cache vulnerability that puts five million WordPress websites at risk. Stay tuned for more updates on these stories and other breaking news in the world of cybersecurity. Stay safe, stay informed with Secret CISO.
Data Breaches
- Missouri AG launches investigation into widespread data breach: Missouri Attorney General Andrew Bailey has initiated a probe into a significant data breach affecting residents of the state. Those who believe they may have been impacted are encouraged to contact the consumer protection hotline. Source: FOX4KC.com
- Breach Roundup: Microsoft Fixed Copilot Studio Flaw: Security researchers from Tenable discovered a server-side request forgery vulnerability in Microsoft's Copilot Studio, exposing a potential risk to cloud data. The flaw has since been rectified by Microsoft. Source: BankInfoSecurity
- Kootenai Health Data Breach under Investigation: Kootenai Health is under investigation by Levi & Korsinsky, LLP following a data breach that has raised concerns over the security of private information entrusted to the healthcare provider. Source: westernslopenow.com
- Fidelity Bank Data Breach Allegations: Fidelity Bank is contesting a ₦555.8 million fine imposed by the NDPC following allegations of a data breach. This is the largest fine the NDPC has ever imposed for data breaches. Source: The Cyber Express
- Patelco Credit Union reveals customer data was exposed in ransomware attack: Patelco Credit Union has disclosed that members' Social Security and driver's license numbers, dates of birth, and email addresses may have been compromised in an unauthorized ransomware attack. Source: northbaybusinessjournal.com
Security Research
- Urgent warning: Don't type these characters or your iPhone will crash: A security researcher has warned iPhone users against typing a specific sequence of four characters into the search bar in the settings app or the app library, as it can cause the device to crash. The issue is not considered a security risk but can be inconvenient for users. Source: Daily Mail
- Five million WordPress websites in danger due to critical LiteSpeed Cache vulnerability: Security researcher John Blackbourn discovered a critical vulnerability in LiteSpeed Cache that puts five million WordPress websites at risk. The vulnerability, if exploited, could allow unauthorized access to sensitive data. Source: Cybernews
- New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data: Cato Security researcher Tara Gould has discovered a new macOS malware dubbed "Cthulhu Stealer" that targets Apple users' data. The malware is bundled with two binaries and is capable of stealing sensitive user data. Source: The Hacker News
- U.S. says Georgia Tech put 'sensitive government information' at risk: A lawsuit claims that a security research group at Georgia Tech did not follow the federal government's computer security requirements, thereby putting sensitive government information at risk. The specifics of the alleged violations have not been disclosed. Source: 13WMAZ
- North Korean Hackers Pivot Away From Public Cloud: Security researchers have discovered that North Korean hackers are moving away from the public cloud and are instead using custom-built infrastructure. This shift could potentially make their activities harder to detect and disrupt. Source: BankInfoSecurity
Top CVEs
- Microsoft Edge for Android Spoofing (CVE-2024-38208): A vulnerability in Microsoft Edge for Android allows for potential spoofing attacks. Attackers could manipulate the display of website addresses to trick users into visiting malicious sites. Source: CVE-2024-38208
- Microsoft Edge (Chromium-based) Remote Code Execution (CVE-2024-38210): Microsoft Edge (Chromium-based) has a remote code execution vulnerability. This could allow an attacker to execute arbitrary code in the context of the current user. Source: CVE-2024-38210
- Kashipara Bus Ticket Reservation System XSS (CVE-2024-42763): A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code. Source: CVE-2024-42763
- NGINX Agent's "config_dirs" Restriction Bypass (CVE-2024-7634): NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directories. Source: CVE-2024-7634
- REXML DoS Vulnerability (CVE-2024-43398): REXML, an XML toolkit for Ruby, has a DoS vulnerability when it parses an XML that has many deep elements that have the same local name attributes. This could impact systems parsing untrusted XMLs with tree parser API like REXML::Document.new. Source: CVE-2024-43398
API Security
- REXML denial of service vulnerability: A DoS vulnerability has been discovered in the REXML gem before 3.3.6, which can be exploited when parsing an XML with many deep elements that have the same local name attributes. This vulnerability primarily affects those who parse untrusted XMLs with the tree parser API like REXML::Document.new. The issue has been patched in the REXML gem 3.3.6 or later. Source: vulners.com
- GoAuthentik vulnerable to Insufficient Authorization for several API endpoints: Several API endpoints in GoAuthentik can be accessed by users without proper authentication/authorization. The main API endpoints affected require the knowledge of the ID of an object, which is not easily accessible or guessable to an unprivileged user. The issue has been fixed in authentik 2024.4.4, 2024.6.4, and 2024.8.0. Source: vulners.com
- CVE-2024-42490: Authentik, an open-source Identity Provider, has several API endpoints that can be accessed without correct authentication/authorization. The affected endpoints require the knowledge of the ID of an object, which is not easily accessible or guessable to an unprivileged user. The issue has been fixed in authentik 2024.4.4, 2024.6.4, and 2024.8.0. Source: vulners.com
- CVE-2024-3127: An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions, it may be possible to bypass the IP restriction for groups through GraphQL, allowing unauthorized users to perform some actions at the group level. Source: vulners.com
- CVE-2024-43398: The REXML gem before 3.3.6 has a DoS vulnerability when parsing an XML with many deep elements that have the same local name attributes. This vulnerability primarily affects those who parse untrusted XMLs with the tree parser API like REXML::Document.new. The issue has been patched in the REXML gem 3.3.6 or later. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
As we wrap up today's edition of Secret CISO, we've seen a surge in data breaches across various sectors, from healthcare to banking. The Missouri AG's investigation into a widespread data breach is a stark reminder of the importance of robust security measures. The breach at Microsoft's Copilot Studio and the concerns over Snowflake's security burden further underscore the need for vigilance. Remember, it's not just about protecting your own data, but also about safeguarding the information entrusted to you by customers and clients. In the digital world, security is everyone's responsibility.
If you found today's newsletter informative, please consider sharing it with your friends and colleagues.
Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of potential threats. Stay safe, stay informed, and see you in the next edition of Secret CISO!