What events were witnessed during the week between Sept. 11, 2023, and Sept. 18, 2023?

During that week, there were 7 advisory/vulnerability events, 31 incident/data breach events, and 1 shared practical knowledge item.

What was the week-over-week comparison in terms of advisories and incidents?

Compared to the previous week, there was an improvement with 7 advisories in week 37 (down from 14 in week 36) and a consistent number of incidents (31 in week 37 compared to 29 in the previous week).

How many individuals were impacted by the events of the week?

A total of 134,374 individuals were impacted by the events of the week, with the largest breach exposing 58,505 individuals.

What were the main causes of the incidents during that week?

The incidents were primarily caused by ransomware (10 incidents) and third-party breaches (10 incidents).

Which industries were primarily affected by the incidents?

The industries primarily affected were healthcare (6 incidents), government (4 incidents), IT/Software/Technology (3 incidents), finance (3 incidents), and education (2 incidents), among others.

What knowledge and vulnerabilities were shared during that week?

One practical knowledge item titled 'Death by a thousand cuts - How Chinese hackers compromise Microsoft's cloud' was shared. Additionally, several critical vulnerabilities were identified, including those in Windows Kubernetes endpoints, Firefox, Thunderbird, Siemens CodeMeter, Microsoft products, Google Chrome, Adobe Acrobat and Reader, and SAP products.

What were the notable data breaches reported during the week?

Several notable data breaches were reported, including those involving Monument Health, Baylor College of Medicine, Casino giant Caesars, Vodafone, SouthCoast Medical Group, Airbus, Virginia Tech, Shell, Sanford Health, Nuance, CardX brand of Siam Commercial Bank X group, CoinEx crypto exchange, TransUnion, Community Trust Bank, St. Paul Public Schools, Bloom Health Centers, Texas Medical Liability Trust, Brady Martz & Associates PC, and a data breach on a bug tracking platform Rollbar, impacting a significant number of individuals.

Were there any reported ransomware attacks during the week?

Yes, there were several reported ransomware attacks during the week, impacting various organizations and institutions, including the US-Canada International Joint Commission, Singapore Academy of Medicine, Australian federal police officers, Auckland Transport, LockBit gang targeting Korean conglomerate Hanwha, St Augustine Academy school, Colombia court system, New York State hospitals, NGO Save the Children, and exposing Manchester Police officers and Electronic Logging Device software for trucking.

Knowledge

State of (in)security - Week 37, 2023

published: Sept. 18, 2023

Take action: Security breaches are never one big event. They are always a series of small compromises, in the spirit of "efficiency", "speed", "success" or something else, because we are always optimistic that "this won't happen to us". A great example was the single pirated software on a computer in Turkey being used to steal credentials for Airbus systems, and then gain access because of no MFA.

Learn More

In the week between Sept. 11, 2023, midnight and Sept. 18, 2023, midnight we witnessed a total of:

7 advisory/vulnerability events
31 incident/data breach events

We also shared 1 practical knowledge items

Week over Week comparison of week 37 vs week 36 is an improvement:

Total impacted individuals via the events of the week

There were a total of 134,374 impacted individuals across 6 incidents, with the largest breach being the TransUnion data of over 58,000 persons leaked on the dark web incident exposing 58,505 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
ransomware	10
third party breach	10
compromised service account	1
social engineering	1
email account breach	1
account breach	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	6
Government	4
IT/Software/Technology	3
Finance	3
Education	2
Manufacturing	1
Other	1
Telecommunications	1
Aviation	1
Transport/Logistics	1
Consulting/Professional Services	1
Entertainment/Leisure	1
Gas/Oil	1
Insurance	1

Read the Event Details of the Week

Knowledge

awareness | Death by a thousand cuts - How Chinese hackers compromise Microsoft's cloud

Vulnerabilities

critical vulnerability | Privilege escalation vulnerability in Windows Kubernetes endpoints
critical vulnerability | Mozilla releases patches for Firefox, Thunderbird to fix actively exploited vulnerabilities
critical vulnerability | Siemens releses patch for critical CodeMeter Vulnerability
critical vulnerability | Microsoft Patches multiple remote execution flaws, five critical bugs
critical vulnerability | Google patches another Chrome vulnerability exploited by hackers
critical vulnerability | Adobe fixes vulnerability exploited by hackers in Acrobat and Reader
critical vulnerability | SAP Patches multiple critical and high severity issues in their products

Incidents

data breach | Monument Health reports data breach, impacting 2,500 patients
data breach | Baylor College of Medicine reports MOVEit related data breach
data breach | Casino giant Caesars reports data breach
data breach | Vodafone has their Twitter accounts hacked, suspects data breach
data breach | SouthCoast Medical Group reports Data Breach
data breach | Airbus reports data leak exposing third party suppliers
data breach | Virginia Tech reports data breach, exposed data of students and staff
data breach | Shell reports their Australia unit impacted by MOVEit data breach
data breach | Sanford Health patients data at risk in data breach
data breach | Nuance, a healthcare tech company reports MOVEit breach, data of multiple hospitals impacted
data breach | CardX brand of Siam Commercial Bank X group reports data breach
data breach | CoinEx crypto exchange lost over US$70 million to theft, Lazarus hacker Group suspected
data breach | TransUnion data of over 58,000 persons leaked on the dark web
data breach | Community Trust Bank reports MOVEit related data breach
data breach | St. Paul Public Schools report ransomware data breach
data breach | Bloom Health Centers report data breach, exposes data of 1,500 patients
data breach | Texas Medical Liability Trust reports Data Breach, exposes 60k individuals
data breach | Brady Martz & Associates PC reports Data Breach
data breach | Bug tracking platform Rollbar reports data breach
ransomware | Ransomware Gang claims attack on US-Canada International Joint Commission
ransomware | Singapore Academy of Medicine doctor data leaked on dark web
ransomware | Details of Australian federal police officers leaked after HWL Ebsworth breach
ransomware | Auckland Transport suspected ramsomware attack
ransomware | LockBit gang threatens to leak data of Korean conglomerate Hanwha
ransomware | St Augustine Academy school impacted by ransomware
ransomware | Colombia court system offline due to cyber attack on hosting provider
ransomware | New York State hospitals attacked by ransomware
ransomware | NGO Save the Children possibly hacked by BianLian ransomware
ransomware | Third party supplier ransomware exposes Manchester Police officers
ransomware | Electronic Logging Device software for trucking reports ransomware
ransomware | MGM Las Vegas report cyberattack, breaks systems including Slot Machines, Room Keys

Read More
Broken cryptography example - MalCare, Blogvault, and WPRemote …
State of (in)security - Week 47, 2024
Attackers compromise accounts of admins, inject malicious code …
Windows Shortcut exploit abused in active hacker and …
State of (in)security - Week 14, 2025