Secret CISO 9/12: Iowa State, Lehigh Valley Health, Fortinet Breaches; ICBC London Ransom; Turkish Data Leak; Research on Mobile Workforce Security
Subject: The Daily Secret CISO - Data Breaches, Security Leaks, and More Good day, In today's edition of Secret CISO, we delve into a series of data breaches and security leaks that have recently made headlines. Firstly, we look at the winter data breach that impacted some ISU employees. Although Wellmark assured Iowa State that its systems were not impacted, our vendors are yet to confirm this.
Next, we discuss the Lehigh Valley Health Network data breach lawsuit that was settled for a whopping $65 million. This lawsuit was due to a ransomware attack that saw nude images of patients published online. We also touch on the security breach suffered by Fortinet, an international cyber security giant, which affected its Asia-Pacific customers. In other news, Hunters International claims to have ransomed ICBC London and stolen 6.6TB of data. If these claims are true, this could spell bad news for customers and their financial data.
We also cover the denial by the Turkish Transport and Infrastructure Minister of a recent report of a massive personal data breach, even as he confirms an earlier leak. Lastly, we look at the proposed $65 million Lehigh Valley Health Network data breach settlement that may compensate some victims up to $80,000. Stay tuned for more updates on data breaches, security leaks, and the steps you can take to protect your sensitive data.
Data Breaches
- Winter Data Breach at Iowa State University: A security breach was reported at Iowa State University, potentially impacting some employees. Although the university's systems were not directly affected, there is uncertainty regarding the impact on vendors. Source: Inside Iowa State
- Lehigh Valley Health Network Data Breach: A lawsuit against Lehigh Valley Health Network over a Blackcat ransomware attack has been settled for $65 million. The attack led to the publication of nude images of patients. Source: HIPAA Journal
- Fortinet Data Breach: Cybersecurity giant Fortinet disclosed a data breach affecting its Asia-Pacific customers. The breach was caused by a third-party security incident. Source: Cyber Daily
- ICBC London Ransom: Hackers claim to have ransomed ICBC London and stolen 6.6TB of data. If true, this could have severe implications for customers and their financial data. Source: The Register
- Turkish Personal Data Breach: Turkish Transport and Infrastructure Minister Abdulkadir Uraloğlu denied allegations of a new data breach affecting millions but confirmed an earlier leak. The breach reportedly originated from the health system during the pandemic. Source: Turkish Minute
Security Research
- DeCENC: A Flawed Encryption Scheme: Security researcher David Buchanan has identified a flaw in the DeCENC encryption scheme used by Amazon and Netflix. The scheme is vulnerable to a proof-of-concept decryption attack, indicating a potential risk to the security of video content. Source: The Register
- WordPress Mandates Two-Factor Authentication: In an effort to combat vulnerabilities in outdated software, WordPress is now requiring two-factor authentication for plugin and theme developers, according to security researcher Ben Martin. This move is expected to significantly enhance the platform's security. Source: The Hacker News
- Exposed Mental Health Records Database: Security researcher Jeremiah Fowler discovered an exposed database containing mental health records. The firm was notified about the discovery, but the potential impact on the affected individuals remains unclear. Source: BankInfoSecurity
- French Cyber Agency Warns of APT28 Hacks: The French Cyber Agency has issued a warning about APT28, a group of nation-state actors, targeting think tanks. The warning was based on research conducted by the National Institute of Standards and Technology (NIST). Source: BankInfoSecurity
- iPhone 16 Buyers Targeted by Attackers: Security researchers at Kaspersky have discovered a scam targeting iPhone 16 buyers. The attackers use convincing websites designed to mimic legitimate sources to trick users into revealing their personal information. Source: Forbes
Top CVEs
- CVE-2024-8686 - Command Injection Vulnerability in Palo Alto Networks PAN-OS: This vulnerability allows an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the system. This could potentially lead to unauthorized system modifications or data breaches. Source: CVE-2024-8686
- CVE-2024-20304 - Vulnerability in Cisco IOS XR Software: This vulnerability could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device, possibly causing a denial of service (DoS) condition. The issue arises from improper handling of packet memory in the multicast traceroute version 2 (Mtrace2) feature. Source: CVE-2024-20304
- CVE-2024-20381 - Vulnerability in Cisco Crosswork Network Services Orchestrator: This vulnerability in the JSON-RPC API feature could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This is due to improper authorization checks on the API. Source: CVE-2024-20381
- CVE-2024-8636 - Heap Buffer Overflow in Google Chrome: This vulnerability in Skia in Google Chrome prior to 128.0.6613.137 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Source: CVE-2024-8636
- CVE-2024-38222 - Information Disclosure in Microsoft Edge: This vulnerability could potentially allow an attacker to gain access to sensitive information, leading to possible data breaches or unauthorized system access. Source: CVE-2024-38222
API Security
- SQL injection vulnerability in idoit pro version 28: This vulnerability allows an attacker to send a specially crafted query to the ID parameter and retrieve all the stored information. It's a serious threat as it exposes sensitive data to potential attackers. Source: CVE-2024-8749
- LearnPress – WordPress LMS Plugin SQL Injection: The plugin is vulnerable to SQL Injection via the 'c_only_fields' parameter of the REST API endpoint. This vulnerability allows unauthenticated attackers to append additional SQL queries into existing queries, potentially extracting sensitive information. Source: CVE-2024-8522
- External XML Entity (XXE) vulnerability in Ivanti EPM: This vulnerability in the provisioning web service of Ivanti EPM allows a remote unauthenticated attacker to leak API. It's a serious vulnerability as it could potentially expose sensitive data to unauthorized individuals. Source: CVE-2024-37397
- Untrusted Query Object Evaluation in RPC API: During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted which could potentially contain any SurrealDB value, including an object representing a subquery. This could allow an unauthenticated attacker to select, create, update and delete non-IAM resources with permissions of a system user with the editor role. Source: GHSA-64F8-PJGR-9WMR
- SQL Injection vulnerability in Ellevo v.6.2.0.38160: This vulnerability allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios. It's a serious threat as it exposes sensitive data to potential attackers. Source: CVE-2024-42760
Sponsored by Wallarm API Security Solution
Final Words
That's all for today's edition of Secret CISO. We hope this information helps you stay ahead of potential security threats and keep your systems secure. Remember, the first step in protecting your data is staying informed.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can create a safer digital world. Stay safe and secure until next time!