State of (in)security - Week 27, 2023

In the week between July 3, 2023, midnight and July 10, 2023, midnight we witnessed a total of:

• 8 advisory/vulnerability events
• 31 incident/data breach events

Total impacted individuals via the events of the week

There were a total of 105,223,569 impacted individuals across 13 incidents, with the largest breach being the Bangladesh e-government website exposes personal data incident exposing 50,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Industry breakdown of incidents

Read the Event Details of the Week

Vulnerabilities

• critical vulnerability | Critical vulnerability discovered in IBM i Systems (AS/400) software
• critical vulnerability | The embarrassment of the MOVEit Transfer critical vulnerabilities won't stop
• critical vulnerability | Android security updates fix three actively exploited vulerabilities
• critical vulnerability | Contec Solar Power Product Vulnerability Exploited and exposing Energy Organizations
• critical vulnerability | Cisco reports vulnerability in Nexus switch that exposes encrypted traffic, no patch available
• critical vulnerability | Warning of Malware Exploiting unpatched Netwrix Auditor
• critical vulnerability | StackRot Linux Kernel Bug Patched, Exploit Code being built
• critical vulnerability | Mastodon releases fix for critical “TootRoot” vulnerability allowing node hijacking

Incidents

• data breach | Hacker claims to have breached data of 34 million Indonesian passports
• data breach | NIH Federal Credit Union reports Data Breach to 14706 Members
• data breach | Western University Students exposed in USC PurpleCare Data breach
• data breach | North Carolina Veteran Affairs medical center reports email breach
• data breach | Mount Desert Island Hospital exposes 24,00 patients in data breach
• data breach | Suspected Nickelodeon animation department Data Leak exposes 500gb of Shows and Scripts
• data breach | ARx Patient Solutions reports Data Breach
• data breach | University of Utah reports being impacted by MOVEit Vendor Data Breach
• data breach | JumpCloud Security Incident - company Resets customer's API Keys
• data breach | Unsecured Cloud Storage Exposes Right Wing Publisher's Strategies
• data breach | MCNA possibly impacted by a second Data Breach this year
• data breach | Canadian-based gold mining company is impacted by MOVEit caused data breach
• data breach | Sun Life members' information exposed through MOVEit vulnerability hack
• data breach | Australian equestrian organizations impacted by third party hack
• data breach | Microsoft claims that Anonymous Sudan DDoS didn't cause data breach, hackers disagree
• data breach | Crypto Exchange Huobi remedies Data Breach
• data breach | The Vitality Group reports MOVEit related data breach to Brookfield Employees
• data breach | Pepsi Bottling Ventures reports of data breach exposing staff data
• data breach | Bangladesh e-government website exposes personal data
• data breach | Lansing Community College reports Data Breach
• data breach | Instagram, TikTok and Yahoo leaking account data in Hundreds of GB and Millions of Accounts
• data breach | Nucor Corporation impacted by data breach, exposing nearly 9,000 people
• data breach | Imagine360 health plan impacted in data breach of two file-sharing platforms
• data breach | Advanced Medical Management Reports Data Breach
• ransomware | Townsquare Media Hit By Ransomware Attack
• ransomware | Port of Nagoya - Japan's largest port operations crippled by ransomware attack
• ransomware | Luigi Vanvitelli hospital impacted by ransomware
• ransomware | Dole issues info on recent cyberattack
• ransomware | More than 42,000 individuals impacted by ransomware on Law Foundation of Silicon Valley
• ransomware | Roys of Wroxham retail chain impacted by ransomware
• theft | Decentralized Finance Multichain Network Suspended After Potential Hack