Secret CISO 9/10: Kremlin-backed hackers target Russian nonprofit, Slim CD breach affects 1.7M, Medicare data breach impacts 1M, research on physical security systems attack

Secret CISO 9/10: Kremlin-backed hackers target Russian nonprofit, Slim CD breach affects 1.7M, Medicare data breach impacts 1M, research on physical security systems attack

Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're diving into a series of data breaches affecting organizations worldwide, from a pro-democracy nonprofit in Russia to a major credit card company. First up, the Free Russia Foundation, a U.S.-based nonprofit, is investigating a data breach allegedly orchestrated by Kremlin-backed hackers. Meanwhile, payment gateway provider Slim CD has disclosed a data breach impacting 1.7 million individuals, compromising personal and credit card information.

In healthcare, nearly a million Medicare users have been impacted by a data breach, raising concerns about the security of sensitive personal information. On the corporate front, car rental giant Avis is alerting customers of a data breach following a major cyberattack, and the National Privacy Commission is still waiting on details regarding a data breach that hit the Metro Pacific Tollways Corporation. In the wake of these breaches, we'll also be sharing tips on how to protect your identity and navigate massive data breaches. In other news, we'll be looking at how hackers are attacking physical security systems and how security integrators can help customers protect themselves.

Lastly, we'll be highlighting some recent research on cybersecurity, including a study on how mobile security should be central to modern data protection strategies, and an analysis of the resurgence of suicide bombings in Nigeria after a four-year break. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

  1. Free Russia Foundation Data Breach: The U.S.-based Free Russia Foundation nonprofit is investigating a data breach after thousands of emails and documents were allegedly leaked by Kremlin-backed hackers. The extent of the breach and the potential impact on the organization's operations are still under review. Source: The Record
  2. Slim CD Data Breach: Payment gateway provider Slim CD reported a data breach affecting 1.7 million credit card holders. The breach, which lasted for ten months, compromised personal and credit card information. The company is reviewing its data security policies to prevent future breaches. Source: SecurityWeek
  3. Medicare Data Breach: Nearly 1 million Medicare users were impacted by a data breach. The breach involved Wisconsin Physicians Service, which collects information such as Medicare and Social Security numbers to manage Medicare claims and audit healthcare. The potential consequences of the breach are still being assessed. Source: AARP
  4. MPTC Data Breach: The National Privacy Commission was notified of a data breach that hit Metro Pacific Tollways Corporation. The details of the breach, including the number of affected individuals and the type of compromised data, are still awaited. Source: ABS-CBN News
  5. Avis Data Breach: Car rental company Avis reported a data breach affecting nearly 300,000 customers. The breach resulted in the theft of sensitive personal information. Avis is currently working with cybersecurity experts to enhance security protections for the impacted business. Source: Computing UK

Security Research

  1. Suicide bombings in Nigeria: tactic is back after a four-year break: After a four-year hiatus, suicide bombings have resurfaced in Nigeria. The article discusses three possible reasons for this resurgence, based on over two decades of national security and counter-terrorism research. Source: defenceWeb
  2. SonicWall devices are coming under attack from major assault: SonicWall devices are currently under a significant attack, with security researchers from Arctic Wolf and Rapid7 attributing the assault to Akira ransomware. Source: TechRadar
  3. Researcher Exploited CI / CD Pipelines To Gain Full Server Access: A potentially dangerous security flaw has been identified in CI/CD pipelines, which could allow full server access if exploited. The flaw originates from the presence of an exposed pipeline. Source: Cyber Security News
  4. WhatsApp's 'View Once' privacy feature could be easily bypassed due to this bug: A security flaw in WhatsApp's 'View Once' privacy feature could put its two billion users at risk of sensitive data leaks. The bug was recently discovered by security researcher Tal Be'ery. Source: TechRadar
  5. New Lookout Threat Research Proves Mobile Security Should Be Central to Modern Data Protection Strategies: New research from Lookout Threat emphasizes the importance of mobile security in modern data protection strategies. The study provides evidence that mobile security should be a central focus for organizations. Source: Morningstar

Top CVEs

  1. CVE-2024-45411: Twig, a template language for PHP, has a vulnerability that allows user-contributed templates to bypass sandbox restrictions under certain circumstances. The issue has been fixed in versions 1.44.8, 2.16.1. Source: CVE-2024-45411
  2. CVE-2024-7341: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, allowing an attacker who hijacks the current session before authentication to trigger session. Source: CVE-2024-7341
  3. CVE-2024-37288: Kibana has a deserialization issue that can lead to arbitrary code execution when parsing a YAML document with a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools and have configured an Amazon Bedrock connector. Source: CVE-2024-37288
  4. CVE-2024-44375: D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp. Source: CVE-2024-44375
  5. CVE-2024-7955: The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Source: CVE-2024-7955

API Security

  1. CVE-2024-6173: A member of the AXIS OS Bug Bounty Program, 51l3nc3, discovered a vulnerability in a Guard Tour VAPIX API parameter that could allow an attacker to block access to the guard tour configuration page in the Axis device's web interface. Axis has released patches for the flaw. Source: vulners.com
  2. CVE-2024-6509: Marinus Pfund, another member of the AXIS OS Bug Bounty Program, found that the VAPIX API alwaysmulti.cgi was vulnerable to file globbing, which could lead to resource exhaustion of the Axis device. Axis has released patches for this flaw as well. Source: vulners.com
  3. CVE-2024-0067: Marinus Pfund also discovered that the VAPIX API ledlimit.cgi was vulnerable to path traversal attacks, allowing the listing of folder/file names on the local file system of the Axis device. Axis has released patches for this flaw. Source: vulners.com
  4. Keycloak Open Redirect vulnerability: An open redirect vulnerability was found in Keycloak, where a specially crafted URL can trick users into visiting a malicious webpage. This issue can potentially lead to successful phishing attacks or other types of attacks. Source: vulners.com
  5. CVE-2024-42759: A privilege escalation issue was found in Ellevo v.6.2.0.38160, allowing a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We hope you found our curated selection of security news and insights useful. Remember, in the digital world, staying informed is the first step towards staying safe.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to make the digital world a safer place for everyone. Stay safe and see you in the next edition! Best, [Your Name]

Read more

Secret CISO 11/20: Ford's Supplier Data Breach, Cyera's $300M Funding Boost, Patelco and Aspen Healthcare Data Breaches, Microsoft's 'Zero Day Quest', T-Mobile Thwarts Data Breach

Secret CISO 11/20: Ford's Supplier Data Breach, Cyera's $300M Funding Boost, Patelco and Aspen Healthcare Data Breaches, Microsoft's 'Zero Day Quest', T-Mobile Thwarts Data Breach

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the world of data breaches, risk assessment tools, and the rising costs of cyber threats. Ford recently completed an investigation into a data breach, concluding that its systems

By Secret CISO