Welcome to today's edition of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're dealing with a full house of data breaches, lawsuits, and settlements. First up, a casino didn't play its cards right and is now facing a lawsuit over a data breach that left victims vulnerable to identity theft. Meanwhile, Goodwin House Inc. is under investigation after a data breach potentially compromised customer data. In the health sector, 23andMe has agreed to a $30 million settlement and committed to a three-year security monitoring program to resolve claims it failed to safeguard customer data.

Lehigh Valley Health Network also agreed to a $65 million settlement following a data breach in 2023. In a massive data breach, millions of records from the National Social Insurance Fund (NSIF) of Cameroon are up for sale on the Dark Web. The Port of Seattle is refusing to pay a ransom and warns of a potential data leak. Goodwin Living has filed an official notice of a data breach affecting confidential information.

In other news, businesses are learning from the rise of cyber espionage, and researchers are developing AI-powered security systems that predict criminal behavior. Stay tuned for more updates and remember, in the world of cybersecurity, it's always better to be safe than sorry.

Data Breaches

1. Casino didn't play its cards right to prevent data breach: A casino is facing lawsuits for failing to report a data breach in a timely manner, leaving victims vulnerable to identity theft without any warnings to monitor their financial accounts. Source: Westlaw Today
2. DATA BREACH ALERT: Edelson Lechtzin LLP Is Investigating: Edelson Lechtzin LLP is investigating claims on behalf of Goodwin House Inc. customers whose data may have been compromised. Source: GlobeNewswire
3. 23andMe Agrees to $30 Million Deal Resolving Data Breach Dispute: 23andMe Inc. has agreed to a $30 million settlement and committed to a three-year security monitoring program to resolve claims it failed to safeguard customer data. Source: Bloomberg Law
4. Massive Data Breach: Millions of NSIF Records Up for Sale on Dark Web: Millions of data records from users of the National Social Insurance Fund (NSIF) of Cameroon are available for sale on the dark web, according to several security experts. Source: Digital Business Africa
5. Port of Seattle refuses to pay Rhysida ransom, warns of data leak: The Port of Seattle has refused to pay a ransom to the Rhysida hacker group and warns that the hackers may respond by posting data they claim to have stolen on their dark web site. Source: The Record

Security Research

1. Content providers have dim view of tech vendors' security attitudes - DPP research: The research project analyses the current state of IT security within the media industry, revealing vastly different attitudes to cyber protection. Source: IBC
2. Remote Access Tool Sprawl Increases OT Risks: Researchers have highlighted that the lack of security features and the overabundance of external access tools are increasing attack surfaces in organizations. Source: BankInfoSecurity
3. Feds Prioritize Open-Source Software Security Initiatives: Policymakers are increasingly turning to the security research community to solve cybersecurity challenges, resulting in efforts like open-source software security initiatives. Source: GovCIO Media & Research
4. TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud: Cleafy security researchers Michele Roviello and Alessandro Strino have discovered that the TrickMo Android Trojan is exploiting accessibility services to commit on-device banking fraud. Source: The Hacker News
5. PIXHELL Makes Monitors Sing Like a Canary: Security researcher Mordechai Guri at Ben-Gurion University of the Negev has found a way to make monitors spill secrets in a similar way to a canary trap. Source: Hackster.io

Top CVEs

1. CVE-2024-29779: This vulnerability could potentially lead to a local escalation of privilege due to an unusual root cause. No additional execution privileges are needed and user interaction is not required. Source: CVE-2024-29779
2. CVE-2024-44092: This vulnerability is due to test/debugging code left in a production build, which could lead to a local escalation of privilege. No additional execution privileges are needed and user interaction is not required. Source: CVE-2024-44092
3. CVE-2024-6587: A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the api_base parameter when making requests, leading to unauthorized access and potential misuse of the API. Source: CVE-2024-6587
4. CVE-2024-44093: This vulnerability could potentially lead to a local escalation of privilege due to a logic error in the code. No additional execution privileges are needed and user interaction is not required. Source: CVE-2024-44093
5. CVE-2024-44094: This vulnerability could potentially lead to a local escalation of privilege due to improper input validation. No additional execution privileges are needed and user interaction is not required. Source: CVE-2024-44094

API Security

1. CVE-2024-8775: A flaw in Ansible could expose sensitive information stored in Ansible Vault files during the execution of a playbook. This can lead to unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access. Source: CVE-2024-8775
2. Lunary improper access control vulnerability: An improper access control vulnerability exists in lunary-ai/lunary. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. Source: Lunary improper access control vulnerability
3. LiteLLM Server-Side Request Forgery (SSRF) vulnerability: A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the api_base parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by api_base. This request includes the OpenAI API key. Source: LiteLLM Server-Side Request Forgery (SSRF) vulnerability
4. CVE-2024-45104: A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API. Source: CVE-2024-45104
5. CVE-2024-39924: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Source: CVE-2024-39924

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From casinos failing to prevent data breaches to the rise of cyber espionage, it's clear that the world of cybersecurity is as dynamic and unpredictable as ever. Remember, staying informed is the first step in protecting yourself and your organization. So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of the cyber threats.

Stay safe, stay vigilant, and remember - the house doesn't always win when it comes to cybersecurity. See you tomorrow for more updates from the frontlines of the digital battlefield.