How many advisory/vulnerability events occurred between Sept. 2, 2024, and Sept. 9, 2024?

There were 13 advisory/vulnerability events between Sept. 2, 2024, and Sept. 9, 2024.

How many incident/data breach events occurred between Sept. 2, 2024, and Sept. 9, 2024?

There were 19 incident/data breach events between Sept. 2, 2024, and Sept. 9, 2024.

What is the week-over-week comparison of advisories and incidents for week 36 and week 35 of 2024?

In week 36 of 2024, advisories increased from 11 to 13 compared to week 35, while incidents decreased from 27 to 19. The number of impacted individuals increased significantly from 174 million in week 35 to over 393 million in week 36.

How many individuals were impacted by the incidents during the week?

A total of 393,366,448 individuals were impacted across 7 incidents, with the largest breach involving the leakage of data of 390 million individuals, claimed to be a scrape of the Russian social network 'VK'.

What was the cause breakdown of the incidents?

The incidents were caused by: Malware, Ransomware and Related Attacks (5 incidents), Third Party Compromise (2 incidents), System Misconfiguration Exploits (1 incident), Unauthorized Access (1 incident), and Unspecified causes (1 incident).

What industries were affected by the incidents?

The affected industries were Healthcare (3 incidents), Transport/Logistics (3 incidents), Non-profit/Charity (3 incidents), Finance (3 incidents), Government (2 incidents), IT/Software/Technology (2 incidents), Education (1 incident), Entertainment/Leisure (1 incident), and Consulting/Professional Services (1 incident).

What practical knowledge items were shared during the week?

Three practical knowledge items were shared: active attack on DrayTek VigorConnect flaws, active attack on GeoServer flaw, and active exploit of a critical flaw in SonicWall.

What critical vulnerabilities were reported during the week?

Multiple critical vulnerabilities were reported, including issues in Apache OFBiz Software, Baxter Connex Health Portal, LOYTEC Electronics LINX Series devices, Cisco Smart Licensing Utility, D-Link DIR-846W router, Google Chrome 128, WordPress sites via LiteSpeed Cache bug, Progress LoadMaster, older YubiKeys, Veeam products, VMware Fusion, and Zyxel devices.

What were some of the incidents and data breaches reported during the week?

Incidents included data breaches at WS Audiology, Ally Bank, Dr. Daniel J. Leeman, Transport for London, Wisconsin medical institutions, Free Russia Foundation, Metro Pacific Tollways Corporation, Irish Fota Wildlife Park, Tracelo, Avis car rental, Graham Emmanuel Baptist Church, and two US banks. Additionally, ransomware attacks affected organizations such as Albyn Housing Society, Swinburne University, and Planned Parenthood in Montana.

Knowledge

State of (in)security - Week 36, 2024

published: Sept. 9, 2024

Take action: It's terrifying that in 2024 a piece of software has hardcoded admin credentials. Never ever hardcode or default credentials - it's going to be the worst kept secret of your product in no time. Logging cookies or passwords in the application or debug log is a common mistake, and a terrible one - it exposes all credentials for exploit by at least disgruntled employees, and if the logs can leak - anyone.

Learn More

In the week between Sept. 2, 2024, midnight and Sept. 9, 2024, midnight we witnessed a total of:

13 advisory/vulnerability events
19 incident/data breach events

Week over Week comparison of week 36 2024 vs week 35 2024:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 393,366,448 impacted individuals across 7 incidents, with the largest breach being the Hacker leaks data of 390 million, claims to be scrape fo russian social network "VK" incident exposing 390,425,719 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	5
Third Party Compromise	2
System Misconfiguration Exploits	1
Unauthorized access	1
None	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	3
Transport/Logistics	3
Non-profit/Charity	3
Finance	3
Government	2
IT/Software/Technology	2
Education	1
Entertainment/Leisure	1
Consulting/Professional Services	1

Read the Event Details of the Week

Knowledge

active attack | CISA reports active exploitation of two high-severity DrayTek VigorConnect flaws
active attack | GeoServer flaw actively targeted by hackers, patch now
active exploit | SonicWall critical flaw actively exploited, patch now

Vulnerabilities

critical vulnerability | Apache fixes another remote code execution flaw in OFBiz Software
critical vulnerability | Baxter reports two critical vulnerabilities in Connex Health Portal
critical vulnerability | CISA reports multiple flaws, including critical in LOYTEC Electronics LINX Series devices
critical vulnerability | Cisco reports critical flaws in Smart Licensing Utility
critical vulnerability | D-Link reporting critical flaws in DIR-846W router, won't be fixed
critical vulnerability | Google releases Chrome 128 fixing eight high severity flaws
critical vulnerability | Google releases September 2024 patches, at least one exploited flaw
critical vulnerability | LiteSpeed Cache bug leaks cookies through debug log, exposing WordPress sites account takeover attacks
critical vulnerability | Progress LoadMaster critical vulnerability allows hackers to execute arbitrary code
critical vulnerability | Researchers report unfixable flaw in older YubiKeys enabling cloning, but exploit is very difficult
critical vulnerability | Veeam patches 18 Flaws, 5 critical in its products
critical vulnerability | VMware fixes high-severity code execution flaw in VMware Fusion
critical vulnerability | Zyxel releases patch multiple flaws, one citical enabling RCE

Incidents

data breach | WS Audiology hit by ransomware attack, patient data breached
data breach | Ally Bank reports data breach
data breach | Dr. Daniel J. Leeman reports data breach affecting patient information
data breach | Transport for London reports ongoing cyberattack
data breach | Wisconsin medical institutions report impact on Medicare users from a MOVEit related breach
data breach | Free Russia Foundation internal documents leaked, investigating cyberattack
data breach | Metro Pacific Tollways Corporation reports data breach of Easytrip platform
data breach | Irish Fota Wildlife Park reports data breach, asks customers to cancel cards
data breach | Tracelo, smartphone geolocation tracking breached, data of 1.4 million users leaked
data breach | Hacker leaks data of 390 million, claims to be scrape fo russian social network "VK"
data breach | Avis car rental reports data breach impacting customers
data breach | Graham Emmanuel Baptist Church reports data breach
data breach | Two US banks report data breaches, exposing data of 33k customers
data breach | Katz Nannis + Solomon accountants report data breach exposing customer information
ransomware | Albyn Housing Society hit by ransomware
ransomware | Iranian IT vendor Tosan allegedly paying ransom to resolve cyberattack
ransomware | Swinburne University of Technology Sarawak Campus hit by ransomware, student data breached
ransomware | Planned Parenthood clinic in Montana hit by ransomware
ransomware | Cyberattack disrupts services at Tewkesbury Borough Council near UK GCHQ headquarters

Read More
State of (in)security - Week 41, 2023
State of (in)security - Week 9, 2025
2024 New year resolution for security - One …
State of (in)security - Week 42, 2023
Broken cryptography example - MalCare, Blogvault, and WPRemote …