State of (in)security - Week 21, 2023
Take action: Investing in cybersecurity discipline is a long game. There won't be immediate returns on investment, but the efforts will pay slow and long dividends. When working on the cybersecurity discipline, take into account the threat of insiders - whether malicious or just disgruntled - they are always the most dangerous threat to defend against.
Learn More
In the week between May 22, 2023, midnight and May 29, 2023, midnight we witnessed a total of:
- 9 advisory/vulnerability events
- 25 incident/data breach events
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 12,919,486 impacted individuals across 7 incidents, with the largest breach being the MCNA data breach affecting Medicaid and Childrens Health Insurance recipients in over 100 organizations incident exposing 9,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| healthcare | 5 |
| finance | 3 |
| healthcare, health insurance | 2 |
| military | 2 |
| energy | 2 |
| government | 1 |
| education | 1 |
| Saas, VPN | 1 |
| insurance | 1 |
| fashion, lingerie | 1 |
| Software development | 1 |
| electronics | 1 |
| retail | 1 |
| automotive | 1 |
| cryptocurrency | 1 |
Knowledge
- critical vulnerability | Good example: AT&T fixes critical security flaw after being reported through bug bounty
- awareness | Step by Step Example - "Hacker" sextortion scam based on your old leaked data
- Awareness | Details of hacking campaign stelathy techniques targeting military and critical infrastructure
Vulnerabilities
- critical vulnerability | Adobe Acrobat DC patches multiple vulnerabilities, including critical severity issues
- critical vulnerability | Critical Vulnerability revealed in the Celer's State Guardian Network blockchain
- critical vulnerability | D-Link fixes critical in D-View software
- critical vulnerability | Zyxel alerts of critical vulnerabilities in firewall and VPN devices
- critical vulnerability | Critical Security Vulnerability reported in IBM PowerVM Hypervisor
- critical vulnerability | Barracuda discloses critical zero-day flaw affecting ESG appliances
- critical vulnerability | GitLab reports max severity flaw - patch ASAP
- critical vulnerability | A very messy fix - Emby remotely shuts down hacked user media servers, after not fixing a vulnerability for 3 years
- critical vulnerability | Critical OAuth Vulnerability in Expo.io Framework
Incidents
- data breach | Advisor Group broker-dealers report data breach cascading from the R.R. Donneley event
- data breach | Freedom Mortgage Notifies Consumers of Data Breach
- data breach | SuperVPN reports massive Data Breach, compromising 360 million user records
- data breach | Hitachi Energy reports Data Breach dur to Fortra “GoAnywhere” Exploitation
- data breach | Data breach victims of Fortra and InvestorCOM include Empire Life
- data breach | DeTar Hospital data exposed after security incident
- data breach | Constellation Software Inc. Reports Data Breach
- data breach | Point32Health informs that after Harvard Pilgrim ransomware attack patient data stolen
- data breach | Kyocera AVX exposed as collateral ransomware victim after Fujitsu data breach in december
- data breach | Insider reports that cryptocurrency company Patricia lost funds due to security breach
- data breach | Sur La Table Confirms Data Breach Involving Employee Data
- data breach | MCNA data breach affecting Medicaid and Childrens Health Insurance recipients in over 100 organizations
- data breach | Major Data Breach At Zivame, exposing Info Of 1.5 Million Customers For Sale
- data breach | Marine Corps reports data of 39000 Marines and Sailors exposed in human error
- data breach | Tennessee Orthopaedic Clinics Informs of Patients Data Breach
- data breach | Apria reports Data Breach
- data breach | Bristol Community College Data Breach Exposes Over 56,000 People
- data breach | Illinois Morris hospital investigating network breach
- data breach | Franklin Templeton Investments Announces Data Breach stemming from the Fortra GoAnywhere vulnerability
- data breach | Multiple hospitals report data compromise after CCC Data leak
- data breach | Massive data leak in Tesla, exposing over 100GB of data, possibly including Elon Musk's SSN
- ransomware | German arms company Rheinmetall confirms Black Basta ransomware cyberattack
- ransomware | BlackByte ransomware crew reports to have attacked city of Augusta, city denies
- ransomware | When criminals want get more credit: Two ransomware groups claim responsibility for attack on Albany ENT & Allergy Services
- ransomware | Power management firm's IT system in India hit by ransomware
