Good morning, Secret CISO readers! Today's newsletter is packed with critical updates on data breaches and security research. First up, we have a major data breach at Star Health, where over 31 million customers' data was exposed and sold via Telegram chatbots. The company is now facing potential bans due to this incident. In a similar vein, Insurance Agency Marketing Services is under investigation for a data breach that exposed sensitive information, including Social Security numbers and passport details.

Meanwhile, the Philippines' Department of Foreign Affairs has expressed concern over a data breach at APO Production Unit, a passport printer. In other news, a suspected data breach at the Taxation Directorate General in Jakarta has raised concerns about the security of taxpayer data within their infrastructure and systems. On a global scale, Dell Technologies is under scrutiny for a potential data breach affecting over 10,800 employees and partners. In response to a massive data breach, Disney has decided to discontinue its use of Slack for internal communication.

Lastly, we have some expert advice on how to protect yourself from data breaches, and a discussion on the recently enacted Texas Data Privacy And Security Act. Stay tuned for more updates and remember, knowledge is the key to cybersecurity. Stay informed, stay secure.

Data Breaches

1. Star Health Data Breach Exposes Millions of Customers' Info: Star Health, India's largest health insurance provider, suffered a data breach with over 31 million customers' information being sold via Telegram chatbots. The company denies a widespread data breach and is cooperating with authorities. Source: The Coin Republic
2. Federman & Sherwood Investigates Insurance Agency Marketing Services, Inc. for Data Breach: Insurance Agency Marketing Services, Inc. is under investigation after a data breach exposed individuals' names, Social Security numbers, Passport numbers, and driver's license numbers. Source: Business Wire
3. Philippines concerned over data breach risk at passport printer: The Department of Foreign Affairs (DFA) of the Philippines expressed concern over a data breach at APO Production Unit, a passport printing company. Source: The Investor
4. Suspected data breach raises concerns about planned core tax system: The Taxation Directorate General in Jakarta has raised concerns about the security of taxpayer data within their infrastructure and systems following a suspected data breach. Source: The Jakarta Post
5. Threat Actor Allegedly Claims Breach of Dell Employee Data: A post on a hacking forum has raised concerns over a potential data breach at Dell Technologies, allegedly affecting 10,800 employees and partners. Source: Cyber Security News

Security Research

1. Pagers: A security expert explains why Hezbollah went low-tech: Hezbollah has increased its use of electronic pagers, a seemingly outdated technology, for communication purposes. This low-tech approach is believed to be a strategic move to avoid detection and interception of their communications. Source: The New Daily
2. Security Researcher Reveals Critical Bug in Arc Browser's Boost Feature: A critical vulnerability, CVE-2024-45489, was discovered in the Arc browser's Boost feature. The security flaw was promptly patched by the Arc browser developers after it was reported. Source: Techopedia
3. Snowflake Hacker Still Active, Finding New Victims, Expert Says: A prolific hacker known as "Snowflake" continues to evade law enforcement and find new victims. The hacker has been openly bragging about the attacks to journalists and security researchers. Source: Yahoo Finance
4. UK, US and Canada to collaborate on cybersecurity research: The UK, US, and Canada are partnering to enhance cybersecurity research in support of defense and security. The collaboration aims to strengthen the cybersecurity capabilities of the three nations. Source: Innovation News Network
5. HackerOne: Nearly Half of Security Professionals Believe AI Is Risky: A recent survey by HackerOne found that 48% of security professionals believe that artificial intelligence (AI) poses significant risks. The survey highlights the growing concerns about the potential misuse of AI in cyberattacks. Source: TechRepublic

Top CVEs

1. CVE-2024-9038: Codezips Online Shopping Portal 1.0 has a vulnerability in the file insert-product.php, allowing unrestricted upload through the manipulation of the argument productimage1/productimage2/productimage3. The attack can be launched remotely. Source: CVE-2024-9038
2. CVE-2024-45793: Confidant, an open-source secret management service, is subject to a cross-site scripting vulnerability in multiple endpoints. The attacker needs to be authenticated and have privileges to create new credentials. This issue has been patched in version 6.6.2. Source: CVE-2024-45793
3. CVE-2024-47062: Navidrome, an open-source web-based music collection server and streamer, has multiple vulnerabilities including SQL Injections and ORM Leak. These vulnerabilities can be used to leak information and dump the contents of the database. They have been addressed in release version 0.53.0. Source: CVE-2024-47062
4. CVE-2024-45489: Arc before 2024-08-26 allows remote code execution in JavaScript boosts due to misconfigured Firebase ACLs. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. Source: CVE-2024-45489
5. CVE-2024-46647: eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal. Source: CVE-2024-46647

API Security

1. CVE-2024-6786: A vulnerability has been discovered that allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing. Source: CVE-2024-6786
2. CVE-2024-45229: The Versa Director offers REST APIs for orchestration and management. A vulnerability was discovered that could potentially expose the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. Versa recommends that Directors be upgraded to one of the remediated software versions. Source: CVE-2024-45229
3. Prevent XSS from Confidant API call: Potential XSS from API calls has been identified. The attacker needs to be authenticated and have privileges to create new credentials, but could use this to show information and run scripts to other users into the same Confidant instance. A patch has been released in version 6.6.2. Source: Prevent XSS from Confidant API call
4. Navidrome has Multiple SQL Injections and ORM Leak: Multiple vulnerabilities have been found in Navidrome, including SQL Injections and ORM Leak. Attackers can potentially retrieve arbitrary information and inject arbitrary SQL code. Source: Navidrome has Multiple SQL Injections and ORM Leak

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the Star Health data breach to the potential Dell Technologies data leak.

Remember, staying informed is the first step towards ensuring your organization's security. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can build a safer digital world.

Stay vigilant, stay secure. See you in the next edition of Secret CISO.