State of (in)security - Week 20, 2024
Take action: Massive patch fatigue is a problem. When developing programs, do the proper security testing and release patches at regular intervals. Releasing patches too frequently will either make people abandon your product or not patch it.
Learn More
In the week between May 13, 2024, midnight and May 20, 2024, midnight we witnessed a total of:
- 14 advisory/vulnerability events
- 22 incident/data breach events
Week over Week comparison of week 20 2024 vs week 19 2024:
- Advisories have increased while Incidents have reduced. Advisories are up from 10 in week 19 to 14 in week 20. Incidents are down from 25 in week 19 to 22 in week 20.
- The number of known impacted individuals has dropped massively, from 49 million in week 19 to just over 270,000 in week 20.
Total impacted individuals via the events of the week
There were a total of 279,092 impacted individuals across 5 incidents, with the largest breach being the City of Helsinki reports data breach of its educational and training departments incident exposing 120,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 6 |
| Third Party Compromise | 2 |
| Human bad security behaviour | 1 |
| Social Engineering and Phishing | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 6 |
| Government | 5 |
| IT/Software/Technology | 2 |
| Education | 2 |
| Finance | 2 |
| Retail | 1 |
| Consulting/Professional Services | 1 |
| Manufacturing | 1 |
| Non-profit/Charity | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Vulnerabilities
- critical vulnerability | Adobe releases May 2024 fixes for critical issues in Reader, Acrobat, Illustrator and other products
- critical vulnerability | CISA warns of active exploitation of legacy D-Link routers
- critical vulnerability | Critical flaw reported in Linksys EA7500 routers
- critical vulnerability | Critical vulnerability reported in llama-cpp-python can lead to remote code execution
- critical vulnerability | Git fixes critical vulnerability exposing RCE when cloning repositories with submodules
- critical vulnerability | Google patches another actively exploited Chrome vulnerability, three days after previous
- critical vulnerability | Intel publishes 41 advisories for over 90 flaws, one critical
- critical vulnerability | Microsoft releases May 2024 patch, fixes one critical issue, two zero-days, 61 flaws
- critical vulnerability | SAP releases May 2024 patch, fixes multiple critical issues
- critical vulnerability | Siemens release advisory for multiple products including 10 critical
- critical vulnerability | Telit Cinterion modems vulnerable to Remote Code Execution through SMS
- critical vulnerability | Third one in a week: Google patches another actively exploited flaw in Chrome
- critical vulnerability | Veeam reports critical flaw in its Service Provider Console tool
- critical vulnerability | VMware patches critical vulnerability in Workstation and Fusion
Incidents
- data breach | Jewellery retailer Luk Fook Holdings investigates claims of data breach
- data breach | Hacker claims data breach on City of New York
- data breach | Hacker claims attack and breach on Hosocongty Vietnamese job search platform
- data breach | City of Richland reports data breach
- data breach | CentroMed reports cyber attack and data breach
- data breach | Contra Costa Transit Authority reports data breach
- data breach | American Radio Relay League reports cyberattack that shuts down their services
- data breach | Hong Kong secondary school reports possible data breach
- data breach | City of Helsinki reports data breach of its educational and training departments
- data breach | Banco Santander reports of data breach impacting customers and employees
- data breach | Sysmex America reports data breach exposing SSNs
- data breach | Stretto legal services hit by phishing attack exposing data of customer companies
- data breach | Australian online prescription provider MediSecure hit by massive ransomware attack
- data breach | Nigerian fintech Flutterwave loses 11 billion Nigerian Naira due to security breach
- data breach | Victoria Eye/Surgery/Vision Center reports data breach
- data breach | Multnomah County Health Center reports data breach caused by stolen laptop
- data breach | Nottingham Rehab Supplies (NRS) Healthcare breach exposes data of multiple UK Concils
- ransomware | Georgia Macon-Bibb County hit by cyberattack, shuts down network
- ransomware | USA Health Providence Hospital hit by the Ascension incident
- ransomware | Nissan North America reports ransomware attack exposing 53k people
- ransomware | Hunters International ransomware gang claims Formosa Plastics attack
- ransomware | Rockford Public Schools report ransomware attack
