State of (in)security - Week 2, 2024
Take action: Don't ignore security on social media. Four hijacks of Twitter accounts in a very short time.
Learn More
In the week between Jan. 8, 2024, midnight and Jan. 15, 2024, midnight we witnessed a total of:
- 15 advisory/vulnerability events
- 29 incident/data breach events
Week over Week comparison of week 2 vs week 1 is much much worse.
- Advisories have jumped massively, from 3 in week 1 to 15 in week 2. and incidents are slightly down, from 34 in week 1 to 29 in week 2.
- The number of known impacted individuals is massively increased from 9 million to 155 million.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 155,154,024 impacted individuals across 8 incidents, with the largest breach being the All citizens of Brazil exposed through unprotected Elasticsearch instance incident exposing 150,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 8 |
| third party breach | 3 |
| human error | 3 |
| database configuration error, exposed w/o password online | 3 |
| compromised account | 1 |
| unsecured web server | 1 |
| phishing | 1 |
| unpatched software vulnerability | 1 |
| unsecured API | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 7 |
| Healthcare | 3 |
| IT/Software/Technology | 3 |
| Consulting/Professional Services | 2 |
| Entertainment/Leisure | 2 |
| Manufacturing | 2 |
| Non-profit/Charity | 2 |
| Retail | 2 |
| Telecommunications | 2 |
| Finance | 1 |
| Transport/Logistics | 1 |
| Military/Defense | 1 |
| Travel | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns of actively attacked SharePoint Server, asks for immediate patch
- active exploit | Apache Superset default secret key issue exploited by attackers
- active exploit | Hackers exploit Windows Defender SmartScreen flaw to spread data stealer malware
- active exploit | Ivanti reports actively exploited vulnerabilities in Connect Secure (ICS) VPN and Policy Secure (IPS) access control
- active attack | Vulnerable Popup Builder Wordpress plugin attacked by malware
Vulnerabilities
- critical vulnerability | WordPress AI Engine plugin puts 50k sites at risk
- critical vulnerability | Microsoft's January 2024 Patch Tuesday addresses 49 issues, two critical
- critical vulnerability | Vulnerabilities discovered in high-power Bosch network connected torque wrenches
- critical vulnerability | Juniper Networks fixes a critical vulnerability Junos OS SRX Series and EX Series enabling remote code execution
- critical vulnerability | SQLi vulnerability in Cacti network monitoring exposes to remote code execution
- critical vulnerability | Apple Magic Keyboard receives security update, wise to update
- critical vulnerability | Siemens releases January patch, including fixes for 7 critical issues
- critical vulnerability | SAP January 2024 patches multiple issues, three critical
- critical vulnerability | CISA reports multiple vulnerabilities, including critical in Rapid SCADA
- critical vulnerability | Splunk releases patches for multiple issues in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA)
- critical vulnerability | Cisco fixes critical flaw in Unity Connection that enables attackers to get root access
- critical vulnerability | Wibu Systems license management critical but impacts multiple products
- critical vulnerability | Debian and Ubuntu release patch to fix OpenSSH vulnerabilities
- critical vulnerability | GitLab alerts of critical vulnerability, exploitable without user interaction
- critical vulnerability | Over 300,000 WordPress sites vulnerable due to POST SMTP plugin
Incidents
- data breach | UKG Payroll Services UKG reports data breach
- data breach | Raptor Technologies leaks millions school safety records
- data breach | The official Twitter account of the SEC compromised, used to promote fake bitcoin news
- data breach | Cambridge Labour Party leaks data of it's members
- data breach | Framework Computer reports third party data breach
- data breach | Web3 security firm Twitter account hijacked to spread malware
- data breach | Inspiring Vacations unprotected database leaks data of 112k travelers
- data breach | Indigo Sky Casino reports cyber attack and data breach
- data breach | Family HealthCare Center reports third party data breach
- data breach | India defense personnel pension portal SPARSH data leaked on Telegram
- data breach | Law firm Burr & Forman reports data breach
- data breach | Hacker gang Cyber Army Russia Reborn claim attack on Malbourne Book Maxi Cab, doesn't have much to show
- data breach | All citizens of Brazil exposed through unprotected Elasticsearch instance
- data breach | Online services of German guild organizations down after cyber attack
- data breach | Human error in Tameside Council causes data leak exposing 6k people
- data breach | HMG Healthcare reports cyberattack, data breach
- data breach | CellNetix Pathology and Laboratories reports data breach
- data breach | Indian ISP Hathway impacted by data breach, data available on the dark web
- data breach | Oregon Pacific Bank reports data breach
- data breach | Halara clothing brand investigates breach after data leak on dark web of 950k
- ransomware | Lush cosmetics reports cyberattack
- ransomware | Tigo Paraguay hit by ransomware, BlackHunt gang suspected
- ransomware | Water for People attacked by ransomware gang
- ransomware | Calvia local government reports cyberattack
- ransomware | Paraguayan Armed Forces IT team reports ransomware attack
- ransomware | NoName ransomware gang claims attacks on Ukraine government sites
- ransomware | Toronto Zoo reports being hit by ransomware attack
- ransomware | Rhysida ransomware gang takes responsibility for attack on World Council of Churches
- ransomware | Fincantieri Marine Group hit by ransomware, exposes data of 17,000 individuals
