State of (in)security - Week 28, 2024
Take action: Simple and mostly effective ransomware practices: Offline backups that can't be deleted by the ransomware on the servers, updated antivirus, patched browsers and OS deleting all data you no longer need and ongoing employee awareness about phishing. It's wise to harden all internet facing systems but also to patch internal systems. Because hackers eventually find them by hacking something else. Or just have $25 million to pay the hackers.
Learn More
In the week between July 8, 2024, midnight and July 15, 2024, midnight we witnessed a total of:
- 11 advisory/vulnerability events
- 19 incident/data breach events
Week over Week comparison of week 28 2024 vs week 27 2024:
- Advisories have increased and incidents have decreased. Advisories are up from 8 in week 27 to 11 in week 28. Incidents are down from 31 in week 27 to 19 in week 28.
- The number of known impacted individuals has increased dramatically - from 36 million in week 27 to over 110 million in week 28.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 111,761,561 impacted individuals across 6 incidents, with the largest breach being the AT&T reports third party data breach exposing over 110 million customers incident exposing 110,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 9 |
| Human bad security behaviour | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 3 |
| Entertainment/Leisure | 2 |
| Finance | 2 |
| Telecommunications | 2 |
| Healthcare | 2 |
| IT/Software/Technology | 2 |
| Other | 2 |
| Consulting/Professional Services | 1 |
| Education | 1 |
| Pharmaceuticals | 1 |
| Retail | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Automotive SaaS provider CDK paid $25 million ransom to hackers
- active attack | EstateRansomware gang exploits vulnerability in Veeam backup software
- active exploit | Security researchers warn of actively exploited Ghostcript RCE flaws
Vulnerabilities
- critical vulnerability | Apache Software Foundation fixes source code disclosure flaw in Apache HTTP server
- critical vulnerability | Cisco is warning of multiple products vulnerable to regreSSHion
- critical vulnerability | Citrix reports critical NetScaler flaw exposing sensitive information to attackers
- critical vulnerability | Critical vulnerabilities in Gogs open-source Git service
- critical vulnerability | GitLab releases patch for critical vulnerability enabling unauthorised running of pipeline jobs
- critical vulnerability | Microsoft releases massive July patch addressing 142 flaws, including critical and actively exploited
- critical vulnerability | Multiple Citrix products reported vulnerable to regreSSHion flaw
- critical vulnerability | Network operators are warned about a RADIUS protocol flaw
- critical vulnerability | Palo Alto Networks releases patches for critical flaw in Expedition Tool
- critical vulnerability | Rockwell Automation patches critical flaws in ThinManager ThinServer
- critical vulnerability | Second OpenSSH flaw discovered similar to regreSSHion but with lower impact
Incidents
- data breach | Fellowship Village reports data breach exposing SSNs
- data breach | Hacker claims breach of Angel One, company claims it's data from old leak
- data breach | UAE Lulu Hypermarket reportedly hit by a data breach
- data breach | mSpy spyware support platform breached, millions of customers exposed
- data breach | AT&T reports third party data breach exposing over 110 million customers
- data breach | Loretto Management Corporation reports cyberattack, data breach
- data breach | Conditioned Air reports data breach exposung customer SSNs
- data breach | Medibase Group reports data breach exposing Staten Island University Hospital patient data
- data breach | Iseto Corp hit with ransomware attack data breach
- data breach | Jersey Islands finance regulator reports another data breach in 6 months
- data breach | Rite Aid reports data breach and ransomware attack, a year after the previous data breach
- data breach | Hacktivist group NullBulge claims Disney slack infrastructure data breach
- ransomware | Richland-Bean Blossom community school corporation data breach
- ransomware | Clay County, Indiana hit by cyberattack, possibly ransomware
- ransomware | Victorian landscaping firm Super Gardens data leaked by ransomware group DragonForce
- ransomware | STORMOUS Ransomware Group claims responsibility on Vietnamese HITC telecom
- ransomware | BlackSuit Ransomware gang attacks Monroe County
- ransomware | Pakistani card processor TPS Worldwide hit by ransomware attack
- ransomware | MEDUSA ransomware gang claims attack on American Golf Corporation
