State of (in)security - Week 30, 2024
Take action: If you are developing any code that requires assymetric keys, NEVER use the demo key supplied with the documentation. Always create your own private/public key pair, and store the private component securely in KMS/HSM system. Never EVER hardcode the key in source code. DO NOT trust files sent via social media apps - especially if you haven't requested the file. Even if you have requested the file, be very careful about content from Social media - too many hackers and too many exploit vectors (especially Telegram).
Learn More
In the week between July 22, 2024, midnight and July 29, 2024, midnight we witnessed a total of:
- 9 advisory/vulnerability events
- 19 incident/data breach events
Week over Week comparison of week 30 2024 vs week 29 2024:
- Advisories have increased and incidents have decreased. Advisories are up from 8 in week 29 to 9 in week 30. Incidents are down from 21 in week 29 to 19 in week 30.
- The number of known impacted individuals has decreased - from 12.8 million in week 29 to over 9.5 million in week 30.
We also shared 4 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 9,501,843 impacted individuals across 8 incidents, with the largest breach being the Hackers are offering for sale data of 6.8M Vivamax subscribers incident exposing 6,800,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Third Party Compromise | 4 |
| Unauthorized access | 4 |
| Malware, Ransomware and Related Attacks | 3 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Consulting/Professional Services | 5 |
| Finance | 3 |
| Government | 3 |
| IT/Software/Technology | 2 |
| Healthcare | 2 |
| Non-profit/Charity | 1 |
| Media | 1 |
| Aviation | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Binarly warns of vulnerability allowing hackers with physical access to devices to install UEFI malware
- active attack | CISA warns of actively exploited Twilio Authy vulnerability
- awareness | GitHub CFOR "feature"- repo data is not really deleted, most of our mistakes are there to stay forever
- active attack | ServiceNow flaws actively exploited by hackers
Vulnerabilities
- critical vulnerability | Acronis alerts of active exploit of a critical flaw in its Cyber Infrastructure (ACI) platform
- critical vulnerability | Directory traversal flaw exposing critical files fixed in Bazaar revision control system
- critical vulnerability | Docker Engine, Desktop have maximum severity flaw enabling authentication bypass
- critical vulnerability | Limit your trust in Social media apps - Telegram Zero-Day Malware delivery
- critical vulnerability | Multiple critical vulnerabilities impacting LangChain generative AI framework
- critical vulnerability | Progress Telerik fixes another critical issue in Report Server
- critical vulnerability | ServiceNow IT service management platform fixes two critical flaws and other issues that can be chained to attack
- critical vulnerability | Siemens warns of vulerabilities in SICAM enabling attackers to reset the admin password
- critical vulnerability | Tenable reports possible compromise vector in Google Cloud Functions
Incidents
- data breach | Allcare Medical Management reports data breach impacting FPA Women's Health
- data breach | Gemini crypto exchange reports third party data breach
- data breach | City of Columbus hit by data breach
- data breach | Hackers are offering for sale data of 6.8M Vivamax subscribers
- data breach | Greece's Land Registry reports hundreds of hacker attacks, claims only minor data breach
- data breach | Medibase Group reports data breach impacting patients of Self Regional Healthcare
- data breach | Flexible HR Holdings reports data breach
- data breach | Compex Legal Services reports data breach
- data breach | Michigan Medicine reports data breach exposing 57k patients
- data breach | The Heritage Foundation reports data breach exposing over 500k people
- data breach | A-Line Staffing Solutions reports data breach
- data breach | Casper Network blockchain platform suspends operations after cybersecurity incident
- data breach | Squirrel peer-to-peer lending reports data breach exposing 600 customers
- data breach | Multiple Singapore lenders data breached and 128k customers exposed in third party breach
- data breach | US Spyware maker hit by major data breach
- data breach | CRM Platform Bullhorn data of 2M customers for sale, Bullhorn denies breach, claims unnamed third party at fault
- ransomware | Schneider Regional Medical Center hit by ransomware attack
- ransomware | Jefferson County clerk's offices, Kentucky, hit by ransomware attack
- ransomware | Split Airport in Croatia hit by cyberattack
