State of (in)security - Week 1, 2024
Take action: Never forget securing your social media accounts - even if you consider them to be less important, they can be abused to impact your reputation by hackers using your social media as a vehicle for a scam.
Learn More
In the week between Jan. 1, 2024, midnight and Jan. 8, 2024, midnight we witnessed a total of:
- 6 advisory/vulnerability events
- 34 incident/data breach events
Week over Week comparison of week 1 2024 vs week 52 2023 is less people impacted with more events.
- Advisories and incidents are significantly increased. Advisories have doubled from 3 in week 52, 2023 to 6 in week 1, 2024. Incidents have gone up from 26 in week 52, 2023 to 34 in week 1, 2024.
- The number of known impacted individuals is reducing, from 21 million to 9 millioon.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 9,518,539 impacted individuals across 7 incidents, with the largest breach being the HealthEC LLC health tech reports data breach, exposing 4.5 million patients incident exposing 4,452,782 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 15 |
| third party breach | 4 |
| compromised account | 3 |
| email account breach | 2 |
| phishing | 1 |
| unpatched software vulnerability | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 11 |
| Finance | 5 |
| IT/Software/Technology | 4 |
| Government | 3 |
| Aviation | 2 |
| Transport/Logistics | 2 |
| Hospitality/Events | 1 |
| Consulting/Professional Services | 1 |
| Manufacturing | 1 |
| Military/Defense | 1 |
| Retail | 1 |
| Telecommunications | 1 |
| Education | 1 |
Read the Event Details of the Week
Knowledge
- poor design | Malasyan Central Database Hub PADU found vulnerable to insecure password reset hours after launch
- active attack | Hackers still target vulnerable Apache RocketMQ servers, 6 months after patch
- active attack | Week after repored critical issue, Apache OFBiz actively attacked
Vulnerabilities
- critical vulnerability | Chrome fixes four high-severity issues
- critical vulnerability | Ivanti fixes flaw in Endpoint Management that exposes registered devices to hijack
- critical vulnerability | Critical vulnerabilities in Google Home and Google Nest - urgent update needed
- critical vulnerability | Critical vulnerability in Apache InLong - patch now
- critical vulnerability | Rockwell Automation FactoryTalk reports critical vulnerability
- critical vulnerability | Google issues patches for flaws in Pixel Watch, including one critical
Incidents
- critical vulnerability | Orange Spain impacted with Internet outage after their RIPE Account got hacked
- data breach | Midwives of Windsor patient data breach
- data breach | Housing Authority of San Bernardino reports data breach, 19K people exposed
- data breach | CEO of Polychain Capital had his Twitter account hacked, used to promote scam
- data breach | Swiss Air Force documents exposed via cyber attack on third party
- data breach | CoinsPaid hacked, over $7m stolen
- data breach | Beirut International Airport hit by cyberattack
- data breach | Akumin radiology and oncology reports ransomware attack and data breach
- data breach | Northern Nevada Medical Center reports third party data breach
- data breach | Cross Switch payment gateways suffers data breach, exposes over 3 million individuals
- data breach | Groupe IDEA hit by LockBit ransomware gang attack and data breach
- data breach | Estes freight shipping reports ransomware and data breach, exposes 21k individuals
- data breach | Maquisistema, Peru-based financial institution impacted by data leak
- data breach | Navvis & Company reports data breach, exposes patient data of multiple healthcare institutions
- data breach | Retina Group of Washington ophtalmology reports data breach
- data breach | Orbit Chain hacked, 81 million dollars stolen but now stay unmoved
- data breach | North Kansas City Hospital reports third party data breach
- data breach | Essen Health Care reports data breach exposing patient data
- data breach | Gallery Systems reports ransomware attack, online museum collections down
- data breach | HealthEC LLC health tech reports data breach, exposing 4.5 million patients
- data breach | Cyberattack on Transformative Healthcare and Fallon Ambulance Service hits 911K people
- data breach | SSM Health reports third party data breach, potential patient data exposure
- data breach | Mandiant account on Twitter hacked, used to steal cryptocurrency
- data breach | Network180 mental health authority data breach exposes 59K people
- data breach | Cooper Aerobics reports cyberattack and data breach
- ransomware | Kenya Airways apparently hacked by Ransomexx gang
- ransomware | MPM Medical Supply attacked by CiphBit ransomware gang
- ransomware | Coop supermarket chain hit by ransomware cyberattack
- ransomware | Victoria court system hit by cyberattack, sensitive testimony recordings exposed
- ransomware | Parathon by JDA eHealth Systems reports data breach
- ransomware | University of Sherbrooke hit by ransomware, stolen data leaked online
- ransomware | CompleteCare Health Network reports data breach after October ransomware attack
- ransomware | LoanDepot hit by cyberattack, shuts down IT systems
- ransomware | Beckley, West Virginia hit by cyberattack
