Welcome to today's edition of Secret CISO, your daily dose of cybersecurity insights. Today, we dive into the murky waters of data breaches and vulnerabilities that are shaking up the digital world. First up, we explore the new Trojan malware, Necro, that's giving Android users sleepless nights by infecting millions of devices. Meanwhile, the importance of protecting personal information is underscored as data breaches become increasingly common, with credit experts warning that time is of the essence for anyone using identity protection services. In a shocking turn of events, a cyberattack on Kuwait Health Ministry has impacted hospitals across the country, reminding us of the real-world consequences of digital threats.

On the home front, the massive MC2 data breach has affected millions of Americans, raising questions about the security of background check companies. In legal news, SolarWinds' security chief calls for tighter cyber laws following a landmark lawsuit, while a Monticello woman files a lawsuit against Baptist Health over a data breach at a Drew County hospital. In the world of insurance, a data leak at India's Star Health has raised eyebrows, with Cloudflare denying involvement.

Meanwhile, Meta faces a hefty $102 million privacy fine from the European Union over a 2019 password security lapse. As we navigate these turbulent cybersecurity waters, we'll also look at how to spot medical misinformation on social media, the importance of cybersecurity awareness training for student workers, and delve into the world of credit card fraud markets. Stay tuned for more updates and remember, in the world of cybersecurity, knowledge is your best defense.

Data Breaches

1. Android's latest nightmare: Millions of devices infected by sneaky malware: A new Trojan malware, Necro, has been discovered, infecting apps downloaded through unofficial sources and potentially compromising millions of Android devices. Source: CyberGuy
2. A cyberattack on Kuwait Health Ministry impacted hospitals in the country: A significant cyberattack on the Kuwait Health Ministry has disrupted hospital operations across the country. The extent of the data breach is still under investigation. Source: DataBreaches.net
3. Massive MC2 Data Breach Affects Millions of Americans: The MC² Data breach has affected millions of Americans, highlighting the risk of companies specializing in background checks. The extent of the data compromised is still under investigation. Source: El Adelantado
4. Data leak at India's Star Health; Cloudflare denies involvement: A data leak at India's Star Health has raised concerns, although Cloudflare denies involvement. The insurer maintains that sensitive customer data remains secure. Source: Khaleej Times
5. Data Breach Reportedly Leads To Stolen Social Security Numbers Of Nearly 3 Billion Americans: A security breach at background check company Jerico Pictures Inc., has reportedly led to the theft of social security numbers of nearly 3 billion Americans. Source: MSN

Security Research

1. Fake WalletConnect App Scams 150 Users, Stealing Their Crypto Funds!: Security researchers have discovered a fake WalletConnect app that has scammed 150 users by prioritizing the draining of the most valuable tokens first, resulting in significant losses. Source: Crypto News Flash
2. "Hacked NASA Again": Hacker Exposes Major Loopholes: An independent security researcher has exposed major security loopholes in NASA's system. The space agency has acknowledged the hacker's work and rewarded them for their efforts. Source: NDTV
3. Microsoft VP: We heard critics "loud and clear" after company upgrades this AI feature: Microsoft has implemented several measures to address potential exploitation of its AI tool, following concerns raised by security researchers. Source: Times of India
4. US Concerned by Report of Secret Russian War Drone Project in China: Su Tzu-yun, a researcher at Taiwan's Institute for National Defense and Security Research, has raised concerns about a secret Russian war drone project in China. Source: NTD
5. Kia: Flaw in web portal allowed researchers remote access to cars: Security researchers have found vulnerabilities in Kia's web application that allowed them to remotely access cars and view personal data of car owners. Source: Heise Online

Top CVEs

1. CVE-2024-9315 - SourceCodester Employee and Visitor Gate Pass Logging System Vulnerability: A critical vulnerability was discovered in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. The flaw lies in the file /admin/maintenance/manage_department.php, where manipulation of the argument id can lead to SQL injection. The exploit is publicly known and can be initiated remotely. Source: CVE-2024-9315
2. CVE-2024-9320 - SourceCodester Online Timesheet App Vulnerability: A problematic vulnerability was found in SourceCodester Online Timesheet App 1.0. The vulnerability affects the file /endpoint/add-timesheet.php, where manipulation of the argument day/task can lead to cross-site scripting. The exploit is publicly known and can be initiated remotely. Source: CVE-2024-9320
3. CVE-2024-9319 - SourceCodester Online Timesheet App SQL Injection Vulnerability: A critical vulnerability was found in SourceCodester Online Timesheet App 1.0. The flaw lies in the file /endpoint/delete-timesheet.php, where manipulation of the argument timesheet can lead to SQL injection. The exploit is publicly known and can be initiated remotely. Source: CVE-2024-9319
4. CVE-2024-9317 - SourceCodester Online Eyewear Shop SQL Injection Vulnerability: A critical vulnerability was discovered in SourceCodester Online Eyewear Shop 1.0. The flaw lies in the function delete_category of the file /classes/Master.php?f=delete_category, where manipulation of the argument id can lead to SQL injection. The exploit is publicly known and can be initiated remotely. Source: CVE-2024-9317
5. CVE-2024-9318 - SourceCodester Advocate Office Management System SQL Injection Vulnerability: A critical vulnerability was discovered in SourceCodester Advocate Office Management System 1.0. The flaw lies in the file /control/activate.php, where manipulation of the argument id can lead to SQL injection. The exploit is publicly known and can be initiated remotely. Source: CVE-2024-9318

Final Words

That's a wrap for this week's edition of the Secret CISO newsletter. We've covered a lot of ground, from the latest Trojan malware infecting Android devices, to the massive MC2 data breach affecting millions of Americans, and even the recent cyberattack on Kuwait's Health Ministry. In this digital age, data breaches are becoming increasingly common, and protecting your personal information has never been more crucial. We hope that our newsletter has provided you with valuable insights and updates to help you stay ahead of these threats.

Remember, knowledge is power. The more we know, the better we can protect ourselves and our organizations. So, if you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.