State of (in)security - Week 24, 2024
Take action: Microsoft patch Tuesday us the important item this week. Make sure you patch Windows ASAP (preferred) or disable MSMQ and block access to port TCP 1801. Then focus on Microsoft Office and review the rest of patch Tuesday.
Learn More
In the week between June 10, 2024, midnight and June 17, 2024, midnight we witnessed a total of:
- 15 advisory/vulnerability events
- 31 incident/data breach events
Week over Week comparison of week 23 2024 vs week 22 2024:
- Advisories and incidents have increased. Advisories are up from 12 in week 23 to 14 in week 24. Incidents are up from 25 in week 23 to 31 in week 24.
- The number of known impacted individuals has decreased tenfold - from 382 million in week 23 to 34.4 million in week 24.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 34,463,111 impacted individuals across 8 incidents, with the largest breach being the Cylance reports data breach caused by a 'Third-Party Platform' incident exposing 34,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 11 |
| Social Engineering and Phishing | 3 |
| Third Party Compromise | 3 |
| Physical Security Breach | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 8 |
| IT/Software/Technology | 4 |
| Finance | 4 |
| Healthcare | 3 |
| Manufacturing | 3 |
| Retail | 2 |
| Consulting/Professional Services | 2 |
| Education | 2 |
| Entertainment/Leisure | 1 |
| Media | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active attack | NVIDIA and Arm advise patching of actively exploited flaws
- awareness | Snowflake attack research - data breaches are related to infostealer attacks and no MFA
- active attack | Windows vulnerability CVE-2024-26169 exploited by Black Basta ransomware gang
Vulnerabilities
- critical vulnerability | ASUS warns of critical vulnerability impacting seven router models
- critical vulnerability | CISA warns of critical issue in Intrado 911 Emergency Gateway
- critical vulnerability | Critical Vulnerabilities in Schneider Electric APC Easy UPS Online Monitoring Software
- critical vulnerability | Critical vulnerability in PyTorch distributed RPC framework
- critical vulnerability | Dokan Pro WordPress Plugin has maximum severity SQL injection vulnerability
- critical vulnerability | Firefox 127 Patch 15 vulnerabilities, including critical flaws
- critical vulnerability | Google releases Chrome 126 patching multiple high severity flaws
- critical vulnerability | Google releases Pixel June 2024 security updates
- critical vulnerability | JetBrains warns users of IntelliJ IDE flaw leaking GitHub tokens. Revoke tokens and patch!
- critical vulnerability | Kaspersky reports multiple flaws including critical inZKTeco biometric access control terminal
- critical vulnerability | Microsoft June 2024 patch fixes 51 vulnerabilities, including Message Queueing critical flaw
- critical vulnerability | Microsoft warns of Azure Service Tags misuse risk, exposing systems to unauthorized access
- critical vulnerability | Multiple critical vulnerabilities reported in Netgear routers
- critical vulnerability | New critical vulnerabilities reported in Open Source AI/ML tools
- critical vulnerability | SAP June 2024 patch day fixes multiple issues, high severity in Financial Consolidation, NetWeaver
Incidents
- critical vulnerability | Kulicke & Soffa reports data breach
- data breach | Cylance reports data breach caused by a 'Third-Party Platform'
- data breach | Aizer Health reports data breack exposing 59k patients
- data breach | My Daily Choice reports data breach exposing 89k individuals
- data breach | CU Student Choice Partners reports data breach
- data breach | Pure Storage reports data breach caused by Snowflake account hack
- data breach | Optometric Physicians of Middle Tennessee report data breach impacting 29k patients
- data breach | Financial Northeastern Companies report data breach caused by phishing attack
- data breach | City of Moreton Bay council leaks data of private ratepayers
- data breach | ALDI Reports Data Breach Due to Card-Skimming Devices
- data breach | Life360 reports data breach of Tile tracking platform
- data breach | Baw Baw Shire Council reports data breach caused by third party
- data breach | Hackers breach of Truist Bank, but claims of Snowflake breach are denied
- data breach | Nidec Corporation reports ransomware attack
- data breach | Form I-9 Compliance reports data breach exposing 28k people
- data breach | Chinese University's School of Continuing and Professional Studies reports data breach
- data breach | Datamate Bookkeeping reports data breach exposing sensitive data
- data breach | Keytronic reports data breach after ransomware gang leaks data
- data breach | L.A. County Department of Public Health reports phishing attack, data breach
- data breach | Philippine Maritime Industry Authority reports cyberattack, data breach
- data breach | SouthStar Bank reports data breach caused by phishing attack
- ransomware | Cleveland forced to shut down City Hall due to cyber incident
- ransomware | Ransomware attacks on city governments in Traverse, Michigan
- ransomware | Daixin Team claims ransomware attack on the City of Dubai
- ransomware | DragonForce ransomware gang claims attack of New Zealand platform EvoEvents
- ransomware | Newburgh city reports ransomware attack
- ransomware | Toronto district school board reports ransomware attack
- ransomware | Victorian Racing Club hit by Medusa ransomware gang, over 100GB of data exposed
- ransomware | University of California San Francisco hit by ransomware, pays $1.14 million ransom
- ransomware | Kadokawa Corporation reports ransomware attack on Dwango subsidiary
- ransomware | Findlay Auto Group reports cyber attack
