State of (in)security - Week 38, 2024
Take action: Allowing users to inject code into a product and then intermixing the code or keeping it centrally is very very dangerous and a lot of costly testing is needed all the time. Otherwise you may find yourself hacked by user code you explicitly allowed on your platform. Consider whether you really want such a feature, and whether you have the bandwidth to secure it. And never leave hardcoded credentials in your applications.
Learn More
In the week between Sept. 16, 2024, midnight and Sept. 23, 2024, midnight we witnessed a total of:
- 14 advisory/vulnerability events
- 24 incident/data breach events
Week over Week comparison of week 38 2024 vs week 37 2024:
- Advisories remain the same, incidents have increased. Advisories are up from 13 in week 37 to 14 in week 38. Incidents are down from 26 in week 37 to 24 in week 38.
- The number of known impacted individuals has decreased - From over 114 million in week 37 to 39 million in week 38.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 39,083,121 impacted individuals across 7 incidents, with the largest breach being the Star Health hit by data breach, data of 31 million customers distributed on Telegram incident exposing 31,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 5 |
| Unauthorized access | 3 |
| Social Engineering and Phishing | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 5 |
| Retail | 3 |
| Hospitality/Events | 3 |
| Consulting/Professional Services | 2 |
| Healthcare | 2 |
| Education | 2 |
| Finance | 2 |
| Other | 2 |
| Government | 1 |
| Food and Beverage | 1 |
| Insurance | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Phishing campaign abuses GitHub notifications to get users install malware themselves
- awareness | Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction
Vulnerabilities
- critical vulnerability | Apple releases iOS 18 over 30 security updates, two critical
- critical vulnerability | Arc browser patches critical vulnerability allowing users to inject malicious javascript
- critical vulnerability | Broadcom patches critical VMware vCenter Server remote code execution flaw
- critical vulnerability | Chrome releases version 129 patching 6 flaws, one high severity
- critical vulnerability | CISA reports two old Oracle product flaws actively exploited, time to patch or refactor
- critical vulnerability | Cisco releases patches for two critical flaws in Smart Licensing Utility
- critical vulnerability | Critical MediaTek flaw exposes phones and Wi-Fi routers to attack
- critical vulnerability | D-Link patches critical vulnerabilities in popular wireless routers
- critical vulnerability | GitLab releases patches to fix a critical SAML authentication bypass in Gitlab Community and Enterprise
- critical vulnerability | Google patches remote code execution (RCE) flaw in its Cloud Composer
- critical vulnerability | Ivanti reports of another actively exploited Cloud Services Appliance (CSA) flaw
- critical vulnerability | MegaSys Computer Technologies reports critical flaw in its Telenium Online Web Application
- critical vulnerability | One Identity reports critical flaw and patch in Safeguard for Privileged Passwords
- critical vulnerability | Rockwell Automation patches two critical vulnerabilities in Pavilion8
Incidents
- data breach | Star Health hit by data breach, data of 31 million customers distributed on Telegram
- data breach | Harvey Nichols reports cyberattack, data breach
- data breach | BingX cryptocurrency exchange hit by security breach, $20 million stolen
- data breach | Fireworks Software reports data breach, exposing 27k Individuals
- data breach | Hacker claims breach of Dell employee database, leaks 10k records
- data breach | Mt. Carmel Behavioral Healthcare reports data breach caused by phishing attack
- data breach | LA Financial Federal Credit Union reports data breach
- data breach | Villar Group investigates claimed data breach
- data breach | Dr.Web reports cyber attack and security breach, disconnects all servers
- data breach | Hacker IntelBroker claims breach of Deloitte internal messages
- data breach | Hackers claim second breach of Dell data within a week
- data breach | IntelBroker hacker claims breach of Experience Engine, sells data on dark web
- data breach | Total Tools reports data breach exposing thousands of customers
- data breach | Stillwater Mining Company reports data breach after ransomware attack
- data breach | Indonesia authorities investigate data breach of unknown origin
- data breach | Express Services reports data breach exposing SSNs
- data breach | Atrium Health reports data breach after phishing attack
- data breach | David's Bridal reports data breach
- data breach | Aramark reports data breach of their payroll site
- ransomware | Ransomware gang Hunters International claims breach of German Youth Hostel Association
- ransomware | Philadelphia Mastery School hit by cyber incident
- ransomware | Providence public schools struggling with system outages after 'irregular activity'
- ransomware | LockBit claims attack and compromise on online tax-filing platform eFile
- ransomware | Sydney-based Compass Group reports ransomware attack
