State of (in)security - Week 20, 2023

In the week between May 15, 2023, midnight and May 22, 2023, midnight we witnessed a total of:

• 11 advisory/vulnerability events
• 26 incident/data breach events

Total impacted individuals via the events of the week

There were a total of 400,709 impacted individuals across 7 incidents, with the largest breach being the Data breach of Credit Control Corporation may impact several Virginia hospitals and medical practices incident exposing 286,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Industry breakdown of incidents

Read the Event Details of the Week

Vulnerabilities

• critical vulnerability | Trend Micro discloses vulnerabilities in their enterprise products
• critical vulnerability | Cisco alerts of critical switch bugs with public exploit
• critical vulnerability | Synology Issues Critical Alert for Router VPN Software
• critical vulnerability | KeePass Password Safe vulnerability enables master password theft
• critical vulnerability | Security Fix in WordPress 6.2.1 breaks sites
• critical vulnerability | Teltonika Industrial Routers and Remote Management Vulnerabilities
• critical vulnerability | Apple Issues New OS and Broser versions with Patches for 3 New Zero-Day Vulnerabilities
• critical vulnerability | Mitel MiVoice Connect - multiple vulnerabilities, including critical ones
• critical vulnerability | Google Chrome users issued critical vulnerability warning, update now.
• critical vulnerability | Old Oracle WebLogic vulnerability currently used in cryptomining attacks
• critical vulnerability | Mozilla Firefox reports high severity vulnerabilities

Incidents

• data breach | Study abroad platform Leverage Edu denies data breach although students data is public
• data breach | The Heritage Group informs of Data Breach
• data breach | Fertility Specialists Medical Group reports Data Breach after Cybersecurity Incident
• data breach | Cybersecurity attack against Amazon-owned pharmacy PillPack using reused passwords
• data breach | Data breach of Credit Control Corporation may impact several Virginia hospitals and medical practices
• data breach | MU Health Care reveals data breach of 700 patients
• data breach | Airline technical error exposes small amount of passenger info
• data breach | Renewal by Andersen Notifies 13464 individuals About Data Breach
• data breach | Methodist Family Health exposed patient information in data breach
• data breach | BNY Mellon reports Data Breach including Clients' Social Security Numbers
• data breach | Whitworth University Notifies 65593 Students of SSNs exposed in Data Breach
• data breach | Gentex reports data breach caused by Dunghill ransomware gang
• data breach | Retirement Clearinghouse Notifies 10509 Account Holders of Data Breach
• data breach | Data breaches reported by New Mexico health department exposed health data of 49,000 deceased individuals
• data breach | Third-Party Data Breach at NCB Management Services Affects 15549 TB Bank Customers
• data breach | YouBike Taiwan hacked, 21000 people exposed
• data breach | Luxottica confirms 2021 data breach after info of 70M leaks online
• data breach | Indonesia's biggest Islamic bank says customer data safe during data breach
• data breach | Ransomware attack behind ScanSource outages
• data breach | Rainbow Grocery reports Data Breach via a card skimmer
• data breach | Academy Mortgage attacked by ransomware group
• data breach | Peachtree Orthopedics suffers third cyberattack in seven years
• ransomware | Philadelphia Inquirer Hit With Cyberattack
• ransomware | Hospital falls prey to ransomware attack, hackers demand $70000
• ransomware | Potential hack at defense contractor L3Harris with impact to defence data
• secrets in code | Detailed attack flow: Unpatched Ferrari Website Plugin Exposes Database Credentials