State of (in)security - Week 3, 2024
Take action: Emphasize the importance of disabling old accounts and enforcing Multi-Factor Authentication (MFA) on all accounts to prevent unauthorized access.
Learn More
In the week between Jan. 15, 2024, midnight and Jan. 22, 2024, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 27 incident/data breach events
Week over Week comparison of week 2 2024 vs week 3 2024 is: getting better.
- Advisories and incidents are somewhat reduced increased. Advisories have dropped from 15 in week 2 to 10 in week 3 and incidents have dropped from 29 in week 2 to 27 in week 3.
- The number of known impacted individuals is massively down, from 155 million to 643 thousand.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 643,200 impacted individuals across 5 incidents, with the largest breach being the GEICO data apparently breached, data sold on the dark web incident exposing 552,900 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 10 |
| third party breach | 3 |
| compromised account | 2 |
| unpatched software vulnerability | 1 |
| email account breach | 1 |
| database configuration error, exposed w/o password online | 1 |
| DDoS attack | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 6 |
| IT/Software/Technology | 5 |
| Education | 3 |
| Finance | 3 |
| Transport/Logistics | 2 |
| Retail | 2 |
| Insurance | 1 |
| Entertainment/Leisure | 1 |
| Military/Defense | 1 |
| Automotive | 1 |
| Food and Beverage | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Thousands of SonicWall firewalls have an unpatched management interface exposed on the internet
- awareness | LeftoverLocals vulnerability leak LLM responses to other users on same GPUs
- active attack | Apache Hadoop and Flink misconfigurations used to install cryptominers
- active attack | CISA warns of active explitation of Ivanti EPMM max severity bug
- active attack | VMware and Mandiant warn of vCenter Server flaw actively exploited by hackers
Vulnerabilities
- ransomware | Google releases fix for actively exploited Chrome vulnerability
- ransomware | Citrix patches actively exploited issues in Netscaler ADC and Gateway
- critical vulnerability | Preboot Execution Environment vulnerabilities dubbed PixieFail expose risks for enterprise computers
- critical vulnerability | Nvidia releases patches for DGX A100 system
- critical vulnerability | Atlassian reports another critical vulnerability in Confluence
- critical vulnerability | VMware alerts customers to critical issues in Aria Automation
- critical vulnerability | Oracle issues 389 patches with January 2024 update
- critical vulnerability | GitHub rotates cloud credentials, user actions may be needed
- critical vulnerability | Four maximum severity issues reported in MLFlow
- critical vulnerability | MS Outlook could leak password via calendar invites, patch it!
Incidents
- data breach | Milectria finnish military contractor reports cyberattack, data breach
- data breach | Crace Medical Centre in Canberra impacted by cyberattack
- data breach | SoftwareProjects affiliate platform leaks 200GB of data
- data breach | Hacker group claims attack on Indonesia national railway company PT KAI
- data breach | LockBit claims attack on Tura Scandinavia AB
- data breach | Space NK cosmetics reports data breach
- data breach | U.S. Virgin Islands Lottery suspends operations due to data breach
- data breach | Kansas State University reports cybersecurity incident
- data breach | Carnegie Mellon University reports cyberattack, data breach impacting 7,300 individuals
- data breach | Trezor crypto wallet vendor reports third party breach, exposing 66k people
- data breach | Bungee Exchange Socket.Tech protocol attacked, funds stolen
- data breach | Hackers compromise senior leadership email accounts of Microsoft via forgotten account
- data breach | GEICO data apparently breached, data sold on the dark web
- data breach | HealthAlliance reports data breach
- data breach | Hawaii Medical Service Administration reports third party data breach
- ransomware | LockBit ransomware gang claims responsibility for hacking fast food chain Subway
- ransomware | Foxsemicon Integrated Technology Inc. (FITI) hacked by Lockbit ransomware gang
- ransomware | Multiple organizations in Lithuania attacked by NoName gang
- ransomware | Cactus ransomware gang hacks Asbury Automotive Group
- ransomware | BianLian ransomware group claims hacking of Republic Shipping Consolidators
- ransomware | Memorial University Grenfell Campus delays classes due to ransomware attack
- ransomware | Republika Srpska Integrated Health Information System recovers 17 days after ransomware attack
- ransomware | Tilbury District Family Health Team reports third party data breach
- ransomware | National Bank of Angola hit by cyberattack, claims minimal impact
- ransomware | Hackers get into University of California Irvine Discord, post violent videos
- ransomware | Money Message ransomware gang claims attack on Anna Jaques Hospital
- ransomware | Tietoevry data centre impacted by ransomware, multiple customers hit
