State of (in)security - Week 28, 2023
Take action: The past week showed that a lot of ICS and OT systems are vulnerable to attacks. Operators of those systems strongly resist to patching them for fear of breakdowns. Unfortunately, hackers don't care about uptime of your OT and ICS systems. They will happily compromise and corrupt them, cause a breakdown and then extort you. So however painful, start educating top management about the need for a systemic patching of ICS and OT.
Learn More
In the week between July 10, 2023, midnight and July 17, 2023, midnight we witnessed a total of:
- 16 advisory/vulnerability events
- 36 incident/data breach events
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 13,745,120 impacted individuals across 12 incidents, with the largest breach being the HCA Healthcare reports data breach impacting 11 million patients incident exposing 11,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| finance | 9 |
| government | 8 |
| healthcare | 6 |
| education | 4 |
| Telecom | 2 |
| energy | 2 |
| gaming | 1 |
| entertainment | 1 |
| insurance | 1 |
| retail | 1 |
| Information Technology | 1 |
Read the Event Details of the Week
Knowledge
- awareness | How to target Security Professionals - Fake exploit POC steals data
- awareness | Broken cryptography example - MalCare, Blogvault, and WPRemote for WordPress
Vulnerabilities
- critical vulnerability | Siemens and Schneider Electric issue fixes for ICS systems
- critical vulnerability | Rockwell Automation vulnerability exploited in the wild by state sponsored attackers
- critical vulnerability | Siemens Patches Multiple Vulnerabilities In A8000 Automation Device
- critical vulnerability | Honeywell releases patch for critical vulneabilities of Experion DCS Platforms
- critical vulnerability | SAP fixes critical vulnerabilities
- critical vulnerability | PiiGAB product vulnerable to potentially critical exploits
- critical vulnerability | Microsoft July 2023 Patch Fixes 6 zero-day exploited vulnerabilities
- critical vulnerability | Critical vulnerabilities reported for Owncast and EaseProbe platforms
- critical vulnerability | Ubiquiti EdgeRouter Vulnerability has a PoC exploit which can be weaponized
- critical vulnerability | Apple issues (second) emergency fix for vulnerabilities exploited by hackers
- critical vulnerability | Adobe Patches Critical Flaws in InDesign and ColdFusion
- critical vulnerability | Zimbra Warns of Exploited Critical Flaw in their Collaboration Suite
- critical vulnerability | SonicWall alerts to critical auth bypass vulnerability, urges immediate patching
- critical vulnerability | Cisco fixes critical SD-WAN API vulnerability
- critical vulnerability | Citrix patches critical vulnerabilities that let Attackers Execute Remote Code
- critical vulnerability | Fortinet releases fixes for critical flaws in FortiOS and FortiProxy
Incidents
- critical vulnerability | Microsoft Cloud vulnerability exploited compromising US government email accounts
- data breach | Charles Schwab reports TD Ameritrade division impacted by MOVEit vulnerability breach
- data breach | Gaming team Razer Investigates Data Breach
- data breach | US Commerce Secretary account among hacked in Chinese hackers Microsoft attack
- data breach | UofL Health impacted by the MOVEit data breach
- data breach | German Banks impacted by Data Theft
- data breach | Ventura County Credit Union reports Data Breach due to email account breach
- data breach | Hillsborough County reports MOVEit related data breach, exposes 70,000
- data breach | Food Worker Card records exposed in Data breach
- data breach | Itasca County Health and Human Services reports Data Breach impacting 1,600 people
- data breach | Telekom Malaysia reports data breach of their Unifi service users
- data breach | HCA Healthcare reports data breach impacting 11 million patients
- data breach | State Bank of India employees' data exposed on Telegram
- data breach | Waltham Forest Council reports residents' data exposed by Capita third party breach
- data breach | edgeMED Healthcare reports Data Breach impacting multiple Healthcare Facilities
- data breach | Union Bank & Trust reports data breach due to MOVEit vulnerability
- data breach | Colorado State University reports data breach caused by MOVEit vulnerability
- data breach | Idaho higher education institutions exposed in MOVEit data breach
- data breach | Kotak Mahindra Life Insurance impacted by MOVEit vulnerability data breach
- data breach | Hayward's website and other services down due to cyberattack
- data breach | Pension Benefit Information impacted by MOVEit vulnerability
- data breach | Indiana University records leaked in data breach
- data breach | Fort Wayne Bank 1st Source reports data breach caused by the MOVEit vulnerability
- data breach | First Merchants Bank reports being impacted by the MOVEit vulnerability data breach
- data breach | Washington State University community members impacted by MOVEit related breach
- ransomware | Town of Cornelius preventively shuts down city services during cyberattack
- ransomware | Trinidad and Tobago suffers outages caused by cyberattack
- ransomware | Ventia - Critical Infrastructure Service Provider Shuts Down Offline Due to Cyberattack
- ransomware | Beverly Hills Plastic Surgery Patient Photos Leaked after Hack
- ransomware | Shutterfly reports impacted by MOVEit, but no customer data exposed
- ransomware | Ransomware attack on Internet Thailand (Inet) takes down 300 customers
- ransomware | Belize Electricity Limited reports Data Leak after Cyber Attack
- ransomware | Panorama Eyecare Patient Data Possibly Stolen by Ransomware Attack
- ransomware | Tampa Bay zoo targeted in ransomware cyberattack
- ransomware | Deutsche Bank confirms third party breach exposed customer data through MOVEit vulnerability
- ransomware | 8Base hacker group claims data theft from Kansas Medical Center
