State of (in)security - Week 23, 2023
Take action: Never assume your vulnerable component is secured by something or someone else - more often than not, others assume you are securing them. Prioritize patching for critical vulnerabilities in Browsers and Network systems exposed to the internet. Terrible things happen via unsecured and forgotten data stores (S3 buckets, databases without passwords etc).
Learn More
In the week between June 5, 2023, midnight and June 12, 2023, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 35 incident/data breach events
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 86,128,373 impacted individuals across 12 incidents, with the largest breach being the Website exposes searchable data of 85 million Turkish residents incident exposing 85,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| healthcare | 9 |
| government | 7 |
| education | 5 |
| finance | 3 |
| transportation | 3 |
| retail | 3 |
| call centers | 1 |
| energy, oil and gas | 1 |
| manufacturing | 1 |
| entertainment | 1 |
| talent management | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Step by Step: How SQL Injection created the MOVEit zero-day vulnerability for data breach
- awareness | Step by Step - Understanding the Credit Card Charge Scam
- awareness | India Institute of Medical Science successfuly repels malware attack
Vulnerabilities
- critical vulnerability | Second patch issued for more MOVEit Transfer critical flaws - patch now
- critical vulnerability | Cisco fixes AnyConnect Windows bug exposing SYSTEM privileges
- critical vulnerability | ZyXel NAS devices can be targeted by dangerous malware exploit
- critical vulnerability | Third Chrome Zero-Day Patch this Year - Patch now!
- critical vulnerability | June 2023 Security Update for Android fixes bug used by spyware
- critical vulnerability | Critical Vulnerabilities Discovered in Game Dev Tool RenderDoc
- critical vulnerability | VMware patches critical vulnerability in vRealize tool
- data breach | Honda e-commerce API flaws exposed customer and internal data
- critical vulnerability | Cisco patches critical vulnerability in Express and TelePresence products
- critical vulnerability | Fix for Critical Remote Code Execution in Fortigate SSL-VPN, Patch now
Incidents
- data breach | The University of Manchester impacted by cyber security data breach
- data breach | Gateway First Bank reports Data Breach via Employee Email
- data breach | Minnesota Department of Education reports 95000 students data exposed in MOVEit caused breach
- data breach | Pearland Independent School District Exposes Over 55k Individuals in Data Breach
- data breach | HomecareGPS Reports Data Breach Affecting information of Over 31000 Individuals
- data breach | Mayberry clients asked to act fast to protect themselves after cyberattack
- data breach | Sheffield schools report data leak as part of the Capita breach
- data breach | Ascension Seton investigating data breach
- data breach | Website exposes searchable data of 85 million Turkish residents
- data breach | JamaicaEye CCTV Surveillance website hit by cyber attack
- data breach | Personal information of 7000 retired teachers stolen in cyber attack
- data breach | Scrubs & Beyond Leaks 400GB of PII and Card Data
- data breach | Canopy Children's Solutions Reports Cyberattack
- data breach | Utah Department of Health and Human data leak - Medicaid letters sent to wrong addresses
- data breach | Petaluma Health Center informs patients of data breach
- data breach | British Airways and BBC staff data stolen in MOVEit related cyber breach
- data breach | Showmax users at risk due to data breach, urged to act fast
- data breach | Recruitment platform Pflegia exposed CVs of hundreds of thousands candidates
- data breach | SEC drops 42 cases after staff mess up data protection controls
- data breach | London school closed after devastating cyber attack
- data breach | Personal details of Australia Capital Territory government information potentially exposed in security breach
- data breach | 3,200 medical doctors impacted by potential data breach
- data breach | Benefit Management, informs Patients of Data Breach through compromised email
- data breach | Tasmanian Government caught up in another data breach
- data breach | Data breach exposes EV drivers who recharged at Shell
- data breach | US medical data breach caused by the Fortra GoAnywhere vulnerability
- ransomware | Ransomware gang using MOVEit vulnerability to steal data of Aer Lingus
- ransomware | RansomHouse steals data from California hospital
- ransomware | Alvaria Confirms Ransomware Attack by Hive Ransomware group
- ransomware | State of Illinois victim of MOVEit vulnerability attack
- ransomware | Rapid Transit Line In Malaysia Reportedly Affected By Ransomware
- ransomware | Pharmaceutical Giant Eisai Hit by Ransomware
- ransomware | Global Zipper Maker suffers LockBit attack
- ransomware | Hacker steals Cortina Watch data, customer details, publishes on dark web
- ransomware | Globalcaja Bank reports ransomware attack
