State of (in)security - Week 15, 2024
Take action: Smart TV (and other smart device) operating systems are not well maintained, so they shouldn't be trusted too much. If you have a smart TV, NEVER connect it to the internet directly. Make sure it's used in a local trusted network.
Learn More
In the week between April 8, 2024, midnight and April 15, 2024, midnight we witnessed a total of:
- 12 advisory/vulnerability events
- 24 incident/data breach events
Week over Week comparison of week 15 2024 vs week 14 2024 is: no changes
- Advisories have jumped to 12 from 7 in the previous week, and incidents have dropped from 31 in the previous week to 24.
- The number of known impacted individuals is almost the same, just above 15 million like the previous week.
Total impacted individuals via the events of the week
There were a total of 15,241,459 impacted individuals across 7 incidents, with the largest breach being the US Environmental Protection Agency investigates possible leak of critical infrastructure contractors incident exposing 8,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 2 |
| Human bad security behaviour | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 4 |
| Healthcare | 4 |
| Education | 3 |
| Finance | 3 |
| Government | 3 |
| Consulting/Professional Services | 2 |
| Manufacturing | 1 |
| Retail | 1 |
| Telecommunications | 1 |
| Transport/Logistics | 1 |
Read the Event Details of the Week
Vulnerabilities
- critical vulnerability | SAP April 2024 patch fixes several high severity issues
- critical vulnerability | Fortinet reports FortiClient critical flaw and issues in FortiOS and FortiProxy
- critical vulnerability | Possible RCE flaw in Telegram desktop app, company denies.
- critical vulnerability | Siemens addresses critical vulnerabilities in multiple products
- critical vulnerability | Node.js flaw on Windows exposes risk of arbitrary code execution on the system
- data breach | CISA raises alarm to customers of Sisense to reset all credentials after breach
- critical vulnerability | Palo Alto Networks alerts of critical PAN-OS firewall software zero-day used in attacks
- critical vulnerability | IBM Personal Communications flaw exposes risk of remote code execution
- critical vulnerability | Multiple flaws in CData Jerry server products enable security control bypass
- critical vulnerability | Microsoft releases April 2024 Patch fixing 150 flaws, two actively exploited, 67 RCE
- critical vulnerability | LG Smart TVs vulnerable to hacking, over 90,000 exposed to the internet
- critical vulnerability | Rust programming language on Windows vulnerable to command injection
Incidents
- data breach | Group Health Cooperative of South Central Wisconsin reports data breach, exposes 533k people
- data breach | Australian MotorCycle Holdings reports cyber attack, possible data breach
- data breach | Philippines Bureau of Customs hit by a cyber attack on cloud-based online applications.
- data breach | Microsoft leaks employee credentials and data via unprotected database
- data breach | Roku reports second data breach, this time exposing over 500k users
- data breach | Suncorp bank reports data breach, theft of customer funds
- data breach | Wells Fargo reporting data breach caused by employee
- data breach | Greylock McKinnon Associates reports data breach, exposing 300k individuals
- data breach | US Environmental Protection Agency investigates possible leak of critical infrastructure contractors
- data breach | NYC Ambulatory Surgery Center reports data breach
- data breach | Data of over 5 million citizens of El Salvador exposed for download
- data breach | CCM Health reports data breach
- data breach | University of Alabama reports data breach caused by compromised email account
- data breach | Valuation firm Herron Todd White reports data breach
- data breach | Telstra customer data of 3K users leaked on hacking forum
- data breach | Australia based BHF Couriers potential data breach exposes 19.2M records
- data breach | Irish taxi software firm iCabbi data breach exposes data of 287k customers
- ransomware | New Mexico Highlands University hit by cyberattack, cancels classes for 2 weeks
- ransomware | Oklahoma East Central University reports ransomware attack
- ransomware | German database provider Genios reports ransomware attack, system outage
- ransomware | Laptop accessory maker Targus repords cyberattack disrupting operations
- ransomware | DragonForce ransomware gang claims hack on Aussizz Group immigration consultancy
- ransomware | Chipmaker Nexperia hit by ransomware attack
- ransomware | Veterinary provider CVS Group hit by cyberattack, shuts down systems
