State of (in)security - Week 35, 2023
Take action: Stop the recycling of passwords and use MFA everywhere. Just as important, work hard not to store secrets, API keys and tokens in code, since they will eventually leak and your systems will be compromised.
Learn More
In the week between Aug. 28, 2023, midnight and Sept. 4, 2023, midnight we witnessed a total of:
- 6 advisory/vulnerability events
- 29 incident/data breach events
We also shared 5 practical knowledge items
Week over Week comparison of week 35 vs week 34 is more or less the same:
- There is a one more advisory in week 35, but one less incident than in week 34.
- The known impacted individuals from data breaches in week 35 is at just above 5 million compared to the 10 million of the previous week.
Total impacted individuals via the events of the week
There were a total of 5,478,525 impacted individuals across 11 incidents, with the largest breach being the Eversource energy provider reports Data Breach exposing Massachusetts customers incident exposing 1,800,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| third party breach | 11 |
| ransomware | 3 |
| protocol design issue | 1 |
| secrets in source code | 1 |
| unpatched software vulnerability | 1 |
| cloud misconfiguration | 1 |
| weak default password | 1 |
| email account breach | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Education | 4 |
| IT/Software/Technology | 4 |
| Finance | 3 |
| Other | 2 |
| Government | 2 |
| Healthcare | 2 |
| Insurance | 2 |
| Food and Beverage | 2 |
| Retail | 2 |
| Entertainment/Leisure | 2 |
| Utilities | 1 |
| Energy | 1 |
| Transport/Logistics | 1 |
| Consulting/Professional Services | 1 |
Read the Event Details of the Week
Knowledge
- awareness | APIs in Zombieland: How abandoned Microsoft Azure URL Allowed Exposed Unauthorized Access
- live exploit | Unpatched Citrix NetScaler Systems Targeted
- active exploit | Juniper J-Web Junos OS Vulnerabilities Combined in Cybercrime Attacks
- active attack | DreamBus Botnet exploits Apache RocketMQ Vulnerability to mine Cryptocurrency
- attack | Cisco VPNs not secured with MFA targeted by Akira ransomware gang
Vulnerabilities
- critical vulnerability | Critical Vulnerabilities in ZIP libraries of Swift and Flutter
- critical vulnerability | PTC Codebeamer Application Lifecycle Management severe vulnerability
- critical vulnerability | VMware addresses critical vulnerabilities in Aria Operations for Networks
- critical vulnerability | ClamAV Vulnerable to WinRAR critical vulnerability
- critical vulnerability | Qlik Sense Enterprise BI platform for Windows carry critical vulnerabilities
- data breach | All-in-One WP Migration vulnerable to unauthenticated access
Incidents
- attack | Hospital Sisters Health System and Prevea Health report system outage, possible cyberattack
- attack | University of Michigan "severs it's ties to the internet" after impacted by cyberattack
- critical vulnerability | DeFI Exchange Balancer Vulnerability Exploited - Almost $1M US lost
- data breach | Sourcegraph reports Data Breach due to Admin Access Token in source code
- data breach | Roundpoint clients exposed due to MOVEit related data breach
- data breach | UnitedHealthcare reports data breach impacting residents in multiple states
- data breach | Drake University students, alumni exposed by MOVEit related data breach
- data breach | Trading Paints Sim Racing Livery Platform exposes credentials of 270,000 users
- data breach | AZ Blue reports Data Breach through a third party vendor compromise
- data breach | Fashion Retailer Forever 21 reports Data Breach
- data breach | Ransomware group attacks electrical grid wiring agency of Montreal (CSEM)
- data breach | Alogent Holdings report MOVEit related Data Breach, exposes over 400,000 individuals
- data breach | University of Louisville Health reports MOVEit related data breach, downplays impact
- data breach | Manfacturer of ‘smart’ chastity device leaks users’ data
- data breach | Online recycling community Freecycle reports data breach, asks users to reset passwords
- data breach | Hackers claim to have stolen data of 1 million customers of Pizza Hut Australia
- data breach | University of Sydney reports third-party data breach
- data breach | PurFoods' Data Breach Exposes Personal Information of 1.2 Million Individuals
- data breach | Eversource energy provider reports Data Breach exposing Massachusetts customers
- data breach | CLEAResult reports MOVEit related data breach
- data breach | Paramount reports data breach, personal data exposed
- data breach | Golf gear brand Callaway reports data breach, 1 million persons impacted
- data breach | Indiana Medicaid members exposed by a MOVEit related breach in third party CareSource
- data breach | Cognizant / TMG Health reports Data Breach, exposes 192,000 people
- data breach | Minneapolis Public Schools reports ransomware caused data breach
- infiltration | Polish intelligence investigates cyber-attack on railroad infrastructure
- infiltration | Japan National Center for Incident Readiness And Strategy for Cybersecurity infiltrated by hackers
- PennyMac Loan Services, LLC Impacted by MOVEit Data Breach at Sovos Compliance | PennyMac reports MOVEit related data breach of third party
- ransomware | LogicMonitor customers impacted by ransomware deployed through LogicMonitor agents
