How many security events were reported between August 12 and August 19, 2024?

Between August 12 and August 19, 2024, there were a total of 13 advisory/vulnerability events and 15 incident/data breach events reported.

How do the numbers compare week-over-week for week 33 (Aug. 12 - Aug. 19) vs. week 32 (Aug. 5 - Aug. 12) of 2024?

Advisories decreased from 15 in week 32 to 13 in week 33, and incidents dropped from 24 in week 32 to 15 in week 33. Despite the decrease, the number of impacted individuals rose significantly from 1.2 million in week 32 to 16.5 million in week 33, primarily due to the Caja Los Andes data leak.

What was the largest data breach reported during the week of August 12 to August 19, 2024?

The largest data breach reported during the week was the Chilean financial giant Caja Los Andes leak, which exposed the data of 10 million individuals.

What were the main causes of incidents reported in this period?

The main causes of incidents were malware, ransomware, and related attacks, accounting for 5 incidents, followed by a system misconfiguration exploit contributing to 1 incident.

Which industries were most impacted by security incidents between August 12 and August 19, 2024?

The healthcare sector was the most impacted, with 4 incidents, followed by consulting/professional services with 2 incidents, and various other industries such as government, finance, education, and manufacturing each reporting 1 incident.

What notable security knowledge and active attack analysis was shared during this week?

Notable knowledge items shared include an analysis of a critical flaw in the Windows IPv6 TCP/IP stack and details on an active attack exploiting the Windows AFD for WinSock vulnerability by the North Korean Lazarus Group.

What critical vulnerabilities were reported and patched during the week?

Critical vulnerabilities reported and patched include flaws in Adobe products, Ivanti's Virtual Traffic Manager and Neurons for ITSM, Google Pixel devices, Microsoft products, and more. Other notable patches included updates from SolarWinds, SAP, Palo Alto Networks, and Sonos.

Knowledge

State of (in)security - Week 33, 2024

published: Aug. 19, 2024

Take action: Don't succumb to data greed, it's too easy for the data to be leaked online and cause huge problems. Also be very mindful of your data store accessibility - nothing should be accessible on the public internet unless properly secured and locked down.

Learn More

In the week between Aug. 12, 2024, midnight and Aug. 19, 2024, midnight we witnessed a total of:

13 advisory/vulnerability events
15 incident/data breach events

Week over Week comparison of week 33 2024 vs week 32 2024:

We also shared 2 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 16,438,454 impacted individuals across 6 incidents, with the largest breach being the Chilean financial giant Caja Los Andes leaks data of 10M customers incident exposing 10,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	5
System Misconfiguration Exploits	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	4
Consulting/Professional Services	2
Government	2
Finance	1
Other	1
Education	1
Manufacturing	1
Media	1
Non-profit/Charity	1
Entertainment/Leisure	1

Read the Event Details of the Week

Knowledge

awareness | An analysis of the critical flaw in the Windows IPv6 TCP/IP stack
active attack | Windows AFD for WinSock vulnerability exploited by North Korean Lazarus Group

Vulnerabilities

critical vulnerability | Adobe releases patches for multiple products, warns of critical flaws
critical vulnerability | Bitdefender researchers reportd multiple vulnerabilities in Solarman and Deye Solar Systems
critical vulnerability | Google Pixel devices carry Android app that can be exploited to execute code
critical vulnerability | Ivanti fixes critical auth bypass flaw in with public exploit in Virtual Traffic Manager
critical vulnerability | Ivanti patches critical flaws in Neurons for IT Service Management
critical vulnerability | Microsoft patches over 80 vulnerabilities in August patch, 9 critical, 6 actively exploited
critical vulnerability | Palo Alto Networks patches Cortex XSOAR critical flaw, high severity flaws in Prisma Access Browser
critical vulnerability | Researchers from Aqua report AWS vulnerabilities
critical vulnerability | Rockwell Automation fixes critical flaw in AADvance Standalone OPC-DA Server
critical vulnerability | SAP releases August patch, fixing 17 new flaws and updating 8, including two critical
critical vulnerability | SolarWinds fixes critical flaw in all Web Help Desk versions, patch now
critical vulnerability | Sonos reports vulnerabilities in their Smart Speakers enabling code execution
critical vulnerability | Zabbix Security network monitoring tool reports critical vulnerabilities

Incidents

data breach | National Civil Service Agency of Indonesia hit by data breach
data breach | Chilean financial giant Caja Los Andes leaks data of 10M customers
data breach | Specialty Networks radiology information systems provider reports data breach
data breach | Heier Weisbrot & Bernstein accounting reports data breach
data breach | Roseland Community Hospital Association reports data breach
data breach | Oxfam Hong Kong reports data breach impacting over 470k people
data breach | Accountants Kerber, Eck & Braeckel report data breach exposing client data
data breach | East Valley Institute of Technology reports data breach, exposing 200k individuals
data breach | Australian dive store Adreno reportedly impacted by a data breach affecting over 500k customers
data breach | Alabama Cardiovascular Group reports data breach exposing client data
data breach | Idaho health system Kootenai Health reports cyberattack, data breach
ransomware | City of Flint hit by ransomware, internet, phone outages, FBI investigating
ransomware | Swiss manufacturer Schlatter disrupted in cyberattack, likely ransomware
ransomware | Rhysida ransomware gang claims attack on Washington Times Hack
ransomware | Australian gold mining company Evolution reports ransomware attack

Read More
Swiss Cheese failure mode example - Google cloud …
State of (in)security - Week 40, 2025
State of (in)security - Week 42, 2025
Blind Eagle gang targets Colombian Institutions
State of (in)security - Week 1, 2025