State of (in)security - Week 22, 2024

In the week between May 27, 2024, midnight and June 3, 2024, midnight we witnessed a total of:

• 6 advisory/vulnerability events
• 21 incident/data breach events

Week over Week comparison of week 22 2024 vs week 21 2024:

• Advisories and incidents have reduced. Advisories are down from 8 in week 21 to 6 in week 22. Incidents are down from 26 in week 21 to 21 in week 22.
• The number of known impacted individuals has increased massively, from 503,000 in week 21 to over 563 million in week 22.

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 563,769,469 impacted individuals across 9 incidents, with the largest breach being the ShinyHunters hack Ticketmaster, theft and sale of 560M user data, confirmed incident exposing 560,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Industry breakdown of incidents

Read the Event Details of the Week

Knowledge

• active exploit | Check Point warns that hackers target local VPN accounts, patches flaw
• active exploit | CISA warns of exploited Linux kernel flaw
• active attack | Fastly reports WordPress plugina exploited to inject malware and backdoors

Vulnerabilities

• critical vulnerability | Baxter patches critical flaw in Welch Allyn Connex Spot Monitor
• critical vulnerability | Cacti Network Monitoring Tool fixes multiple vulnerabilities, two critical
• critical vulnerability | Carrier fixes flaws in LenelS2 NetBox access control/event monitoring system
• data breach | Cisco reports high-severity flaw affecting Firepower Management Center
• critical vulnerability | TP-Link releases fix for critical flaw in Archer C5400X gaming router
• critical vulnerability | Westermo reports critical flaws in EDW-100 in industrial serial to Ethernet converter

Incidents

• data breach | Hacker claims to have compromised Snowflake to steal data from Ticketmaster, Santander and many more
• data breach | University of Chicago Medicine reports data breach through compromised email accounts
• data breach | Office of the Illinois Secretary of State reports data breach impacting 50k
• data breach | BBC is investigating data breach of 25k pension scheme memnbers
• data breach | Guardian Childcare Victoria reports data breach
• data breach | Cooler Master data breach exposing 500k customers
• data breach | Sav-Rx medication benefits provider reports data breach
• data breach | TRC Staffing Services reports data breach exposing 158k people
• data breach | Truliant Federal Credit Union reports third party data breach
• data breach | Johnson & Johnson reports data breach of Patient Assistance Foundation
• data breach | WD & Associates reports data breach
• data breach | Newfoundland Broadcasting Company hit by ransomware
• data breach | Software company Everbridge reports data breach
• data breach | City of Kalamazoo reports data breach of 250 current and former employees
• data breach | ShinyHunters hack Ticketmaster, theft and sale of 560M user data, confirmed
• ransomware | Hugging Face AI platform reports breach of authentication secrets of its Spaces platform
• ransomware | ABN Amro reports possible client data breach in third party provider attack
• ransomware | Russian delivery company CDEK has it's systems down due to cyberattack
• ransomware | Sinclair Broadcast Group reports ransomware attack, TV stations affected
• ransomware | Finalsite hit by ransomware, shuts down 5,000 school websites
• ransomware | Seattle Public Library shuts down systems after ransomware attack