Secret CISO 8/5: Arisa Health and First Commonwealth Data Breaches, Illinois Election Records Leak, CrowdStrike-Delta Dispute, Normalyze's New DSPM, and APT41

Secret CISO 8/5: Arisa Health and First Commonwealth Data Breaches, Illinois Election Records Leak, CrowdStrike-Delta Dispute, Normalyze's New DSPM, and APT41

Good morning, Secret CISO readers! Today's newsletter is packed with the latest cybersecurity news and insights. We're starting with a significant data breach at Arisa Health, affecting over 375,000 patients. Cyberattacks have also hit Sun City Pediatrics in Texas and Calibrated Healthcare in California. In other news, First Commonwealth Federal Credit Union is under investigation following a data breach in June. Misconfigured databases have leaked 4.6 million Illinois election records, including sensitive personal information.

We also have an interesting piece from Dark Reading on the need for different data protection strategies in today's world. Meanwhile, CrowdStrike is rejecting negligence claims from Delta Air Lines over an IT outage. In the realm of data security, Normalyze is filling critical gaps with market-driven DSPM requirements. We also delve into the rising cost of retail data breaches and the legal action against the Department of Education over a data breach. Our newsletter also covers the importance of an effective security strategy with data loss prevention for CIOs, the alarming statistic that almost three-quarters of ransomware victims are hit multiple times, and IBM's new AI-powered cybersecurity assistant for threat detection.

Stay tuned for more updates, including the appointment of Alex Stamos as Chief Information Security Officer at SentinelOne, the role of early adopters in driving security innovation, and the exposure of 4.6 million US voters' data by a tech contractor. Don't miss out on our expert insights and analysis of these stories and more in today's issue of Secret CISO. Stay safe and informed!

Data Breaches

  1. Arisa Health Confirms Data Breach Affected More Than 375,000 Patients: Arisa Health, a healthcare provider, confirmed a data breach that impacted over 375,000 patients. The breach has also been reported by Sun City Pediatrics in Texas and Calibrated Healthcare in California. Source: HIPAA Journal
  2. Federman & Sherwood Investigates First Commonwealth Federal Credit Union for Data Breach: First Commonwealth Federal Credit Union is under investigation by Federman & Sherwood after a cybersecurity incident was detected on June 27, 2024. The credit union immediately launched an investigation. Source: Morningstar
  3. Misconfigured databases leak 4.6M Illinois election records: A misconfigured database leaked 4.6 million Illinois election records, including individuals' names, addresses, Social Security numbers, and other sensitive information. Source: SC Media
  4. CrowdStrike Rejects Delta's Negligence Claims Over IT Outage: CrowdStrike dismissed negligence claims by Delta Air Lines, which threatened to sue after a faulty security software caused an IT outage. Source: GovInfoSecurity
  5. Legal action against Department of Education over data breach: The Department of Education is facing legal action over a data breach. A full and thorough investigation into the breach has been launched. Source: Belfast News Letter

Security Research

  1. Hackers Warn Of Dangerous New 0-Click Threat To GenAI Apps: A new research from Technion - Israel Institute of Technology, Cornell Tech, and Intuit reveals a dangerous 0-click threat to GenAI apps. The security researchers have warned about the potential hacking capabilities of this threat. Source: Forbes
  2. Hacker group FIN7 is selling EDR evasion tools to other cyber criminals: The notorious hacker group FIN7 is reportedly selling EDR evasion tools to other cyber criminals. This development poses a significant threat to the security landscape. Source: Security Intelligence
  3. Researchers Uncover Flaws in Windows Smart App Control and SmartScreen: Elastic Security Labs has uncovered flaws in Windows Smart App Control and SmartScreen. These vulnerabilities could potentially allow for security breaches with minimal user interaction. Source: The Hacker News
  4. China-linked APT41 breached Taiwanese research institute: APT41, a China-linked group, has breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. This breach underscores the persistent cyber threats posed by state-sponsored actors. Source: Security Affairs
  5. New Android Trojan "BlankBot" Targets Turkish Users' Financial Data: Cybersecurity researchers have discovered a new Android Trojan named "BlankBot" that targets Turkish users' financial data. This discovery highlights the increasing sophistication of mobile-based cyber threats. Source: The Hacker News

Top CVEs

  1. CVE-2024-35143 - Unauthorized Access in IBM Planning Analytics Local: IBM Planning Analytics Local 2.0 and 2.1 have a vulnerability that allows a remote attacker to gain unauthorized access to the MongoDB server due to its configuration that allows connections without password authentication. Source: CVE-2024-35143
  2. CVE-2024-7409 - DoS Attack in QEMU NBD Server: A flaw in the QEMU NBD Server allows a denial of service (DoS) attack. This vulnerability occurs due to improper synchronization during socket closure when a client keeps a socket open as the server is taken down. Source: CVE-2024-7409
  3. CVE-2024-5081 - CSRF and XSS Vulnerabilities in wp-eMember WordPress Plugin: The wp-eMember WordPress plugin before v10.7.0 lacks CSRF checks in some places and is missing sanitisation as well as escaping. This could allow attackers to make a logged-in admin add Stored XSS payloads via a CSRF attack. Source: CVE-2024-5081
  4. CVE-2024-7459 - CSRF Vulnerability in OSWAPP Warehouse Inventory System: A vulnerability in OSWAPP Warehouse Inventory System 1.0/2.0 allows for cross-site request forgery due to an unknown function of the file /edit_account.php. The exploit has been publicly disclosed and may be used. Source: CVE-2024-7459
  5. CVE-2024-7462 - Buffer Overflow in TOTOLINK N350RT: A critical vulnerability in TOTOLINK N350RT 9.3.5u.6139_B20201216 allows for a buffer overflow due to the manipulation of the argument ssid in the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The exploit has been publicly disclosed and may be used. Source: CVE-2024-7462

API Security

  1. API Security Vulnerability in Multiple Pimax Products: Multiple Pimax products have been found to accept WebSocket connections from unintended endpoints. This vulnerability, if exploited, could allow arbitrary code execution by a remote unauthenticated user. This is a serious concern as it could potentially lead to unauthorized access and control over the system. Source: CVE-2024-41889
  2. Path Traversal Vulnerability in elunez eladmin: A critical vulnerability has been discovered in elunez eladmin up to version 2.7. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the Database Management/Deployment Management component. The manipulation of the 'file' argument leads to path traversal: 'dir/../../filename'. The exploit has been publicly disclosed and may be used, posing a significant risk. Source: CVE-2024-7458

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we can see, the cybersecurity landscape is ever-evolving, with new threats and challenges emerging daily. From data breaches affecting hundreds of thousands of patients to misconfigured databases leaking millions of election records, the need for robust, proactive security measures has never been more critical.

Remember, knowledge is power. By staying informed, we can all play a part in safeguarding our digital world.

If you found today's newsletter helpful, please consider sharing it with your friends and colleagues.

Let's work together to create a safer, more secure digital environment for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO