State of (in)security - Week 26, 2024
Take action: Multiple lessons learned this week - be very mindful of MFA push notification fatigue, never hardcode API keys in the code, enforce MFA since everyone is trying to hack passwords and be aware of possible escalation of the TeamViewer hack.
Learn More
In the week between June 24, 2024, midnight and July 1, 2024, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 34 incident/data breach events
Week over Week comparison of week 26 2024 vs week 25 2024:
- Advisories and incidents have increased. Advisories are up from 7 in week 25 to 10 in week 26. Incidents are up from 25 in week 25 to 34 in week 26.
- The number of known impacted individuals has dropped dramatically - from 12.7 million in week 25 to 319 thousand in week 26.
We also shared 4 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 319,593 impacted individuals across 5 incidents, with the largest breach being the Medical device manufacturer LivaNova USA reports data breach impacting 130k incident exposing 130,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Third Party Compromise | 5 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 2 |
| Human bad security behaviour | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 10 |
| Government | 7 |
| Finance | 3 |
| IT/Software/Technology | 3 |
| Food and Beverage | 2 |
| Other | 1 |
| Retail | 1 |
| Consulting/Professional Services | 1 |
| Telecommunications | 1 |
| Education | 1 |
| Entertainment/Leisure | 1 |
| Manufacturing | 1 |
| Non-profit/Charity | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Active attacks reported against end-of-life Zyxel NAS devices
- awareness | Be mindful of MFA push notification fatigue - it led to the LA County Health Department breach
- active attack | D-Link router DIR-859 vulnerability actively exploited by hackers
- awareness | Don't do as they do: Rabbit R1 stored hardcoded API keys in source code on the device
Vulnerabilities
- critical vulnerability | Apple releases firmware update for AirPods fixing critical Bluetooth flaw
- critical vulnerability | CISA reports critical vulnerability in SDG PnPSCADA
- critical vulnerability | CISA reports several critical vulnerabilities in TELSAT marKoni’s Markoni-D FM Transmitters
- critical vulnerability | Critical remote code execution flaw in Ollama AI Server
- critical vulnerability | Fortra FileCatalyst Workflow vulnerable to critical SQL Injection
- critical vulnerability | Gitlab reports unauthorized pipeline execution flaw, urges patching of CE and EE versions
- critical vulnerability | Johnson Controls releases patches for Illustra Essentials Gen 4 IP cameras
- critical vulnerability | Juniper Networks reports maximum severity authentication bypass vulnerability
- critical vulnerability | Progress Software reports new vulnerability MOVEit Transfer
- critical vulnerability | PTC warns of critical flaw in Creo Elements/Direct License Server
Incidents
- data breach | Prosthetic and orthotic care company Human Technology Inc reports data breach
- data breach | Class Advisors reports third party data breach
- data breach | Kairos Health Arizona reports data breach
- data breach | Luxury retailer Neiman Marcus reports Snowflake related data breach
- data breach | Au10tix leaks Administrative Credentials
- data breach | TeamViewer reports Security Incident in their internal IT environment
- data breach | Hackers claim breach of Vietnam Hong Ngoc Hospital, exposing 112k individuals
- data breach | Justice Resource Institute reports data breach
- data breach | Juniper fixes multiple critical flaws in Juniper Secure Analytics
- data breach | Hacker claims breaching Indonesian military and police systems BAIS and INAFIS, sells data
- data breach | Agropur dairy cooperative reports data breach
- data breach | Fintech Ingo Money reports data breach
- data breach | Medical device manufacturer LivaNova USA reports data breach impacting 130k
- data breach | Another claimed data breach on Traderie in-game marketplace
- data breach | HubSpot is investigating incident of hackers targeting their customers
- data breach | Pinnacle Orthopaedics & Sports Medicine Specialists reports data breach
- data breach | Clothing company Levi Strauss & Co reports data breach
- data breach | Nigerian National Identity Management Commission denies data breach, but apparently leaks data
- data breach | R&B Tea and Chicha San Chen bubble tea brands report third party data breach
- data breach | Massachusetts General Brigham hospital reports data breach
- data breach | Hacker claims breach of indonesian civil aviation authority
- data breach | Second data breach in six months at BSNL India telecom operator
- data breach | Franklin County in Washington hit by cyber attack
- data breach | Geisinger health system patient data compromised by IT vendor breach
- data breach | Agrani Bank reports data breach through stolen from staff email
- data breach | Data Breach claimed on Indian eMigrate Portal
- ransomware | Indonesia reports government data center hit by ransomware
- ransomware | Canadian Federated Co-operatives Limited hit by cyberattack
- ransomware | INC Ransomware group claims attack on Cambridge University Press & Assessment
- ransomware | Ransomware attack on South Africa National Health Laboratory during mokeypox outbreak
- ransomware | Ransomware gang attacks Maryhaven addiction and treatment centers
- ransomware | BianLian gang claims breach of Better Business Bureau
- ransomware | Evolve Bank confirms data breach by LockBit ransomware gang
- ransomware | LockBit ransomware group claims breaching systems of the US Federal Reserve
