State of (in)security - Week 39, 2024
Take action: Spamming MFA prompts is a thing - an attacker that has guessed your password will repeat attempts to request MFA access from you. If you are using a mobile app where you need to just click yes, it's very easy not to pay attention and click yes. Especially during the night, when the prompt wakes you up. If you receive unexpected MFA requests, don't accept and immediately reset your password. And check your Linux for CUPS service, disable cups-browserd and update everything.
Learn More
In the week between Sept. 23, 2024, midnight and Sept. 30, 2024, midnight we witnessed a total of:
- 13 advisory/vulnerability events
- 27 incident/data breach events
Week over Week comparison of week 39 2024 vs week 38 2024:
- Advisories rare slightly down, incidents are slightly up. Advisories are down from 14 in week 38 to 13 in week 39. Incidents are up from 24 in week 38 to 27 in week 39.
- The number of known impacted individuals is back to over a hundred million in a week - From 39 million in week 38 to just over 100 million in week 39.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 100,256,443 impacted individuals across 7 incidents, with the largest breach being the Background check company MC2 Data leaks info of 100M people incident exposing 100,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 11 |
| Unauthorized access | 5 |
| Human bad security behaviour | 2 |
| Third Party Compromise | 2 |
| Software Vulnerability and SDLC Exploits | 1 |
| System Misconfiguration Exploits | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| Government | 4 |
| Consulting/Professional Services | 4 |
| Education | 4 |
| Finance | 2 |
| Retail | 1 |
| Telecommunications | 1 |
| Automotive | 1 |
| Utilities | 1 |
| Insurance | 1 |
| IT/Software/Technology | 1 |
| Non-profit/Charity | 1 |
| Other | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Critical Ivanti vTM flaw now actively exploited
- awareness | Proton warns that data of thousands politicians leaked on the dark web
Vulnerabilities
- critical vulnerability | Checkmk monitoring tool reports critical flaw enabling 2FA bypass
- critical vulnerability | Critical flaw reported in Microchip Advanced Software Framework
- critical vulnerability | Critical vulnerabilities reported and fixed in Expat XML parsing C library
- critical vulnerability | Critical vulnerability reported in FreeBSD bhyve hypervisor
- critical vulnerability | HPE patches three critical flaws in Aruba access points
- critical vulnerability | Multiple critical vulnerabilities reported in Automatic Tank Gauge systems used in fuel storage tanks
- critical vulnerability | Multiple flaws reported in Linux Common UNIX Printing System (CUPS) that enable remote code execution
- critical vulnerability | Multiple flaws reported in OpenPLC, one critical RCE
- critical vulnerability | Nvidia reports critical flaw in Container Toolkit allowing attackers to escape containers
- critical vulnerability | PHP releases versions 8.1.30, 8.3.12 and 8.2.24, fixes multiple flaws
- critical vulnerability | TeamViewer reports two nearly critical flaws in Windows version
- critical vulnerability | VLC Player warns of flaw allowing hackers to execute code
- critical vulnerability | WhatsUp Gold reports another round of critical flaws
Incidents
- critical vulnerability | Arkansas City water treatment facility hit by cyberattack
- data breach | Background check company MC2 Data leaks info of 100M people
- data breach | Wells Fargo reports customer data breached by former employee
- data breach | Metropolitan Life Insurance Company reports data breach caused by third party compromise
- data breach | Twilio confirms data breach exposing over 11k calls
- data breach | Michigan Medicine reports second data breach of the year, 58K patients exposed
- data breach | One Point HR Solutions reports data breach
- data breach | OpenAI press account on Twitter hacked, used to promote phishing scam
- data breach | Delta Health System reports data breach exposing patient data
- data breach | Nationwide Recovery Service reports data breach
- data breach | Richland County, WI reports a year old data breach exposing 76K people
- data breach | Elitecare Emergency Hospital reports data breach exposing 24k patients
- data breach | I-MED medical imaging provider reports data breach
- data breach | Naperville Central High School leaks student information
- data breach | Wright, Moore, DeHart, Dupuis & Hutchinson reports data breach
- data breach | Dutch police impacted by cyberattack, contact details of 65k police officers stolen
- ransomware | Richmond Community Schools report ransomware, student data breach
- ransomware | Lancashire schools hit by ransomware attack
- ransomware | Cincinnati Public Schools hit by ransomware attack
- ransomware | Delaware Libraries reports ransomware attack by RansomHub gang
- ransomware | German Occupational Health and Safety Association VBG reports ransomware attack
- ransomware | Bob's Discount Furniture systems down, suspected cyberattack
- ransomware | Global fintech MoneyGram offline for over three days due to 'cybersecurity issue'
- ransomware | AutoCanada reports ransomware attack, possible data breach
- ransomware | University Medical Center (UMC) in Lubbock hit by ransomware attack
- ransomware | Franklin County, Kansas hit by ransomware attack, exposes 30K people
- ransomware | Kuwait’s Ministry of Health reports cyberattack
