State of (in)security - Week 29

In the week between July 17, 2023, midnight and July 24, 2023, midnight we witnessed a total of:

• 10 advisory/vulnerability events
• 24 incident/data breach events

We also shared 2 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 3,709,686 impacted individuals across 8 incidents, with the largest breach being the Dating Apps Expose PII and Photos of through unprotected database incident exposing 2,300,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Industry breakdown of incidents

Read the Event Details of the Week

Knowledge

• awareness | Learning from the Microsoft key breach - Logs, Authentication Pentests, Key Protection
• awareness | Design consideration example: Google Cloud Build vulnerability to malicious code injection

Vulnerabilities

• critical vulnerability | Adobe Issues a Third set of Patches in a week for Actively Exploited ColdFusion Issues
• critical vulnerability | OpenSSH Remote Code Execution vulnerability reported, PoC published
• critical vulnerability | Worm attacks exposed Redis Instances using CVE-2022-0543 Lua Library exploit
• critical vulnerability | Critical AMI Baseboard management vulnerabilities can brick servers
• critical vulnerability | WooCommerce vulnerability used in WordPress targeted attacks
• critical vulnerability | Another Critical Adobe ColdFusion flaw reported in a week
• critical vulnerability | Foxit Reader high severity vulnerability allows code execution
• critical vulnerability | Exploited Critical Vulnerabilities Identified in Citrix NetScaler ADC and Gateway Products
• critical vulnerability | Non-urgent patch - Chrome 115 without critical vulnerabilities
• data breach | Oracle Critical Patch Update provides 508 security patches (yes, you read that right)

Incidents

• critical vulnerability | Sunflower Bank reports MOVEit vulnerability data breach
• data breach | UnitedHealthcare reports data breach caused by MOVEit vulnerability
• data breach | Belize PlusTV's Email services Hacked
• data breach | Buckingham County Public Schools reports data leak of 86 students
• data breach | UT Southwestern Medical Center impacted by MOVEit vulnerability breach, patient data stolen
• data breach | Queensland government confirms breach caused by the HWL Ebsworth attack
• data breach | Roblox leaks data of 4,000 conference attending developers
• data breach | Dating Apps Expose PII and Photos of through unprotected database
• data breach | Lancaster Orthopedic Group reports data breach exposing more than 500 patients' data
• data breach | Accreditation Commission for Education in Nursing reports data breach
• data breach | Odessa, Texas handling data breach from former employee
• data breach | Rite Aid drugstores reports data breach, potentially compromising customers
• data breach | VirusTotal leaks user details, inlcuding intelligence agencies employees
• data breach | AMC Movie Theaters reports Data Breach
• data breach | Henry Ford Health reports data breach exposing 168,000 patients
• data breach | Idea Financial reports Data Breach exposing 37,000 individuals
• data breach | Fortescue Metals reports data breach, Cl0p hacker group suspected
• data breach | Tampa General Hospital reports patient data breach
• data breach | Estee Lauder Reports Data Breach
• data breach | Phoenician Medical Center reports 162,500 patients impacted by data breach
• data breach | Quorum Federal Credit Union reports MOVEit related Data Breach
• ransomware | Russian Medical lab incapacitated due to ransomware attack
• ransomware | DHL reporting MOVEit related data breach
• ransomware | Franklin Mutual Insurance Group reports Data Breach