Secret CISO 9/22: Star Health Mega Breach, Disney Ditches Slack, Zero-Day Attacks Unveiled, Security Researcher Exposes MC2 Data Leak
Good morning, Secret CISO readers! Today, we're diving into the murky waters of zero-day attacks, where security teams have zero days to patch vulnerabilities. We'll also explore the mysterious waves of spoofed traffic, known as 'Noise Storms', that have been observed since 2020. In data breach news, National Public Data confirms a breach, and CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog. We'll also discuss the recent data breaches that have targeted governments and exposed hundreds of thousands of payroll records. In the healthcare sector, a health system is set to pay $65 million after hackers leaked nude patient photos. Meanwhile, Star Health, India's largest health insurer, suffered a massive data breach, with sensitive customer data being leaked via Telegram chatbots.
We'll also discuss how CEOs can overcome AI adoption challenges and the strategies they can employ to mitigate the reputational and financial risks from data breaches. In other news, Apple's macOS Sequoia is reportedly causing issues for EDR tools, and there's been an alarming spike in scam calls originating from robocalls. Stay tuned for more updates on cybersecurity and remember, knowledge is power when it comes to protecting your data. Stay safe out there!
Data Breaches
- Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020: A significant data breach has been confirmed by National Public Data. The breach is part of a larger pattern of "noise storms," or massive waves of spoofed traffic, that have been observed since 2020. Source: Security Affairs
- UK's Armed Forces Payroll Records Exposed: Approximately 270,000 payroll records belonging to the UK's armed forces were exposed in a data breach. The breach has raised serious concerns about the security of sensitive military information. Source: The Print
- Health System to Pay $65 Million After Data Breach: A health system is set to pay $65 million after a data breach resulted in the leak of nude patient photos. The breach has raised concerns about the security of personal health information. Source: The Washington Post
- Star Health Suffers Major Data Breach: Star Health, India's largest health insurer, has suffered a data breach. Sensitive customer data, including medical reports and PAN details, were made accessible via Telegram chatbots. Source: International Business Times
- Disney to Stop Using Slack After Data Breach: The Walt Disney Company is transitioning away from using Salesforce's Slack for internal communications after a hacking group leaked data from the platform. The breach has highlighted the risks associated with using third-party communication tools. Source: MSN
Security Research
- Critical VMware vCenter Server bugs fixed, Apple releases iOS 18: Security researchers have been warning about the potential vulnerabilities in VMware vCenter Server and Apple's iOS 18. Both companies have now released patches to fix these issues, improving the overall security of their systems. Source: Help Net Security
- Hacker behind Snowflake customer data breaches remains active: A hacker has reportedly extorted $2.7 million from attacks on Snowflake customers, according to a researcher tracking the case. This highlights the ongoing threat posed by cybercriminals and the importance of robust cybersecurity measures. Source: CyberScoop
- macOS Sequoia Rollout: Users Report Issues with Browsers and Security Software: Security researchers, including Will Dormann, have reported issues with the macOS Sequoia rollout, including problems with browsers and security software. This highlights the potential vulnerabilities that can arise during major software updates. Source: Pune News
- 106.32m US citizens' 'comprehensive' private information exposed in massive data leak: Security researchers have found that MC2 Data company left a database with 2.2Terabyte (TB) of consumers' data exposed, affecting 106.32 million US citizens. This massive data leak underscores the importance of proper data management and security practices. Source: Consumer Connect
- AWS patches worrying security flaw that could have led to account hijacking: Researchers have found a security flaw in Managed Workflows for Apache Airflow that could have led to account hijacking. AWS has since patched the flaw, demonstrating the importance of continuous security monitoring and timely patching. Source: MSN
Top CVEs
- CVE-2024-47218: An issue was discovered in vesoft NebulaGraph up to version 3.8.0, allowing for bypassing of certain security measures. Users are advised to update to the latest version to mitigate this vulnerability. Source: CVE-2024-47218.
- CVE-2024-9075: A vulnerability was found in Stirling-Tools Stirling-PDF up to version 0.28.3, leading to potential cross-site scripting. The issue has been addressed in version 0.29.0, and users are recommended to update. Source: CVE-2024-9075.
- CVE-2024-47220: An issue was discovered in the WEBrick toolkit for Ruby up to version 1.8.1, allowing for HTTP request smuggling. Users are advised not to use Webrick in production environments. Source: CVE-2024-47220.
- CVE-2024-47210: Gladys Assistant before version 4.45.1 allows for privilege escalation due to a flaw in the updateMySelf function. Users are advised to update to the latest version to mitigate this vulnerability. Source: CVE-2024-47210.
- CVE-2024-42323: A malicious XML RCE vulnerability was found in Apache HertzBeat (incubating) before version 1.6.0. This vulnerability can only be exploited by authorized attackers. Users are recommended to upgrade to version 1.6.0. Source: CVE-2024-42323.
API Security
- CVE-2024-40703 IBM Cognos Analytics Information Disclosure: IBM Cognos Analytics versions 11.2.0 through 12.0.3 and IBM Cognos Analytics Reports for iOS 11.0.0.7 have a vulnerability that could allow a local attacker to obtain sensitive information, specifically an API key. This information could be used to launch further attacks. Source: Vulners
- CVE-2024-47210 Gladys Assistant Privilege Escalation: Gladys Assistant before version 4.45.1 has a vulnerability that allows privilege escalation. This is due to the fact that req.body.role can be used in updateMySelf, enabling a user to change their own role. Source: Vulners
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered everything from zero-day attacks to the latest data breaches and cybersecurity strategies. Remember, in the digital world, knowledge is your best defense. Stay informed, stay secure. If you found this newsletter helpful, consider sharing it with your colleagues and friends. They might appreciate the heads up and you'll be helping to create a more security-conscious environment.
Tomorrow, we'll be back with more updates from the ever-evolving world of cybersecurity. Until then, keep your data safe and your systems secure.