What events were witnessed during the week of Sept. 25, 2023, to Oct. 2, 2023?

During that week, there were a total of 11 advisory/vulnerability events and 20 incident/data breach events. Additionally, 3 practical knowledge items were shared.

How did the events of week 39 compare to week 38?

In the comparison between week 39 and week 38, the number of advisories and incidents remained in a similar range. Week 39 had 11 advisories (compared to the previous 10) and 20 incidents (compared to the previous 22). However, the known impacted individuals from data breaches in week 39 saw a massive increase, totaling over 47 million.

What was the total number of impacted individuals from the events of the week?

A total of 47,265,050 individuals were impacted across 8 incidents. The largest breach was the Progressive Leasing cyberattack, potentially exposing 40,000,000 individuals. It's important to note that not all incidents reported the number of impacted individuals, so the actual number is likely higher.

What were the causes of the incidents?

The incidents were primarily caused by ransomware (9 incidents), third-party breaches (5 incidents), and denial of service attacks (2 incidents).

Which industries were most affected by the incidents?

The affected industries included Finance (5 incidents), Healthcare (4 incidents), Entertainment/Leisure (2 incidents), Education (2 incidents), and various other industries with 1 incident each, such as Aviation, Retail, Government, Hospitality/Events, and Manufacturing.

What knowledge items were shared during the week?

Three knowledge items were shared during the week, including information about an active exploit injecting spyware into vulnerable iOS and Android Devices through Man-In-The-Middle Attacks, a data leak exposing a data source with billions of previously leaked credentials, and an active attack where hackers attempted to inject password stealing code into GitHub by posing as Dependabot automated updates.

What critical vulnerabilities were identified during the week?

Several critical vulnerabilities were identified, including those in Cisco Catalyst SD-WAN, LibreOffice (WebP vulnerability), Google libwebp impacting a massive number of applications, JetBrains TeamCity CI/CD, Atlassian server instances, Simple Membership WordPress Plugin (vulnerable to account creation and account takeover), WS_FTP Server, Google Chrome, MS SharePoint Server, Exim mail (exposing 300k globally), and Mozilla Firefox (critical flaw in video codec).

What were the major incidents reported during the week?

Several major incidents were reported during the week, including data breaches impacting various organizations such as Financial Institution Service Corp., Ontario child registry BORN, PHH Mortgage Corp., Survey company (exposing major UK charities and their supporters), Ransomed.VC (significant data breach on Sony), LCS Financial Services debt collectors, California Oak Valley Hospital District, Motel One hotel chain, Tahoe Forest Hospital District, Mixin Network Platform, and ransomware attacks on organizations including Johnson Controls, Hong Kong Laureate Forum, McLaren HealthCare, Pinal County school districts, Baruch College, and a potential data breach reported by Progressive Leasing.

Knowledge

State of (in)security - Week 39, 2023

published: Oct. 2, 2023

Take action: Another week of patch fatigue. Many critical advisories that impact a massive number of programs and libraries. It's very easy to be optimistic and say "this won't happen". But for your long term reduced stress, it's good to plan and execute the research of how vulnerable you are and possibly patch.

Learn More

In the week between Sept. 25, 2023, midnight and Oct. 2, 2023, midnight we witnessed a total of:

11 advisory/vulnerability events
20 incident/data breach events

We also shared 3 practical knowledge items

Week over Week comparison of week 39 vs week 38 is a massive dissapointment:

Total impacted individuals via the events of the week

There were a total of 47,265,050 impacted individuals across 8 incidents, with the largest breach being the Progressive Leasing reports cyberattack and potential data breach incident exposing 40,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
ransomware	9
third party breach	5
denial of service	2

Industry breakdown of incidents

Industry	Number of incidents
Finance	5
Healthcare	4
Entertainment/Leisure	2
Education	2
Other	1
Aviation	1
Retail	1
Government	1
Hospitality/Events	1
Manufacturing	1

Read the Event Details of the Week

Knowledge

active exploit | Spyware injected into vulnerable iOS and Android Devices through Man-In-The-Middle Attacks
data leak | Data source with billions of previously leaked credentials exposed once again
active attack | Hackers try to inject password stealing code in GitHub by posing as Dependabot automated updates

Vulnerabilities

critical vulnerability | Cisco patches critical and high severity issues in Catalyst SD-WAN
critical vulnerability | LibreOffice releases patches for WebP vulnerability
critical vulnerability | Google libwebp critical vulnerability impacts massive number of applications - start checking
critical vulnerability | JetBrains TeamCity CI/CD fixes critical vulnerabilites
critical vulnerability | Atlassian releases security updates for server instances
critical vulnerability | Simple Membership WordPress Plugin vulnerable to account creation, account takeover
critical vulnerability | Here we go again: Progress reports maximum severity vulnerability in WS_FTP Server
critical vulnerability | Patch Chrome, one more time: Google fixes another actively exploited flaw
critical vulnerability | Combining MS SharePoint Server flaws achieve Remote Code Execution
critical vulnerability | Critical vulnerabilities expose 300k Exim mail globally, patching is terrible
critical vulnerability | Mozilla fixes Firefox critical flaw in video codec

Incidents

data breach | Financial Institution Service Corp. repots MOVEit related data breach
data breach | Ontario child registry BORN reports MOVEit related data breach, impacting 3.4 million people
data breach | PHH Mortgage Corp reports data breach, exposing SSNs
data breach | Survey company data breach expose major UK charities and their supporters
data breach | Crime group Ransomed.VC claims significant data breach on Sony
data breach | LCS Financial Services debt collectors report data breach
data breach | California Oak Valley Hospital District reports data breach
data breach | Motel One hotel chain listed on ALPHV hack site
data breach | Tahoe Forest Hospital District reports data breach
data breach | Mixin Network Platform suffers security breach and theft, Suspends Deposits, Withdrawals
denial of service | Leonardo flight booking system impacted by DDoS attack
denial of service | UK Royal Family official site hit by Denial of Service attack
ransomware | Johnson Controls reports data breach after severe ransomware attack
ransomware | Hong Kong Laureate Forum impacted by ransomware
ransomware | McLaren HealthCare reports ransomware attack
ransomware | Let the bickering begin: Second hacker team claims responsibility for Sony breach
ransomware | Pinal County school districts report ransomware attack, exposes employees
ransomware | Progressive Leasing reports cyberattack and potential data breach
ransomware | Baruch College impacted by malware, systems shutdown
ransomware | Ransomware gang claims a hack on Leekes - Welsh furniture chain

Read More
State of (in)security - Week 6, 2024
State of (in)security - Week 38, 2023
State of (in)security - Week 11, 2025
State of (in)security - Week 42, 2024
State of (in)security - Week 26, 2025