State of (in)security - Week 14, 2024
Take action: Isolate critical systems from the internet and ensure management interfaces are accessible only from trusted networks. This reduces the attack surface and protects against unauthorized access.
Learn More
In the week between April 1, 2024, midnight and April 8, 2024, midnight we witnessed a total of:
- 7 advisory/vulnerability events
- 31 incident/data breach events
Week over Week comparison of week 14 2024 vs week 13 2024 is: so many data breaches
- Advisories are increased by one from 6 to 7. Incidents are noticably increased, from 24 in week 13 to 31 in week 14.
- The number of known impacted individuals has jumped significantly, from is dropping agai, from 46,000 in week 13 to over 15 million in week 14.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 15,331,698 impacted individuals across 14 incidents, with the largest breach being the boAt Lifestyle hit by cyberattack, data of 7.5M customers leaked incident exposing 7,550,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Software Vulnerability and SDLC Exploits | 4 |
| Third Party Compromise | 2 |
| Unauthorized access | 2 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 7 |
| Healthcare | 7 |
| IT/Software/Technology | 5 |
| Manufacturing | 2 |
| Food and Beverage | 1 |
| Gas/Oil | 1 |
| Hospitality/Events | 1 |
| Insurance | 1 |
| Pharmaceuticals | 1 |
| Consulting/Professional Services | 1 |
| Retail | 1 |
| Education | 1 |
| Entertainment/Leisure | 1 |
| Finance | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Sansec security researchers report Magento flaw actively exploited by hackers
- active attack | Two Google Pixel Android flaws actively exploited
Vulnerabilities
- critical vulnerability | Imperva Web Application Firewall vulnerable to bypass of WAF rules
- critical vulnerability | Ivanti patches four flaws allowing DoS and possibly RCE attacks
- critical vulnerability | JumpServer carries critical vulnerabilities in it's Ansible, patch ASAP!
- critical vulnerability | LayerSlider WordPress Plugin patches a critical flaw
- critical vulnerability | Google releases April 2024 patch for Android, including fixing critical flaw for Qualcomm chips
- critical vulnerability | Progress fixes critical vulnerability in Flowmon network monitoring product
- ransomware | End-of-life D-Link NAS devices have a backdoor account, over 90k exposed and vulnerable
Incidents
- critical vulnerability | CISA reports a breach of their Chemical Security Assessment Tool exposing over 100K people
- data breach | Florida Pediatric Associates reports third party data breach
- data breach | OWASP foundation reports data breach caused by wiki misconfiguration
- data breach | Battle Mountain General Hospital reports data breach impacting 3K patients
- data breach | Israel Justice Ministry reviewing cyber incident after hackers claim breach
- data breach | IntelBroker breaches The Home Depot, exposing 10k eployee data
- data breach | University of Winnipeg hit by cyberattack, data breach
- data breach | Pacific Guardian Life Insurance reports data breach, impacting 160k
- data breach | Philippine Bureau of Jail Management denies exposure of sensitve data after cyberattack
- data breach | Kaspersky Fan Club forum 57K user data leaked after third party hosting breached
- data breach | boAt Lifestyle hit by cyberattack, data of 7.5M customers leaked
- data breach | Shopping platform PandaBuy hit by data breach, exposes 1.3 million users
- data breach | Ernest Health rehabilitation hospitals report data breach
- data breach | SouthState reports data breach
- data breach | SurveyLama exposes 4.4 million users in a data breach
- data breach | Detroit Symphony Orchestra reports data breach
- data breach | Kootenai Health reports data breach
- data breach | Andor Labs reports data breach
- data breach | Philippine Department of Science and Technology hit by cyberattack, 2 TB of data stolen
- data breach | Designed Receivable Solutions debt collections report data breach
- data breach | Cancer center City of Hope reports data breach exposing 827k patients
- data breach | Over 700k Estonian Apotheka pharmacy users exposed in attack on IT vendor
- data breach | Diabetes Western Australia reports data breach
- data breach | Philippine National Home Mortgage Finance Corporation reports security incident, possible breach
- ransomware | Jackson County shuts down systems, suspected ransomware attack
- ransomware | PetroVietnam Oil Corporation hit by ransomware attack
- ransomware | Japanese optics company Hoya reports cyberattack, impacts production
- ransomware | Panera Bread hit by ransomware attack, systems down for a week
- ransomware | Chilean hosting provider hit by ransomware targeting VMware ESXi servers
- ransomware | Omni Hotels hit by major IT outage, reminiscent of the MGM ransomware attack
- ransomware | INC ransom group claims attack and data theft from Leicester City Council
