How many security events occurred between Oct. 7, 2024, and Oct. 14, 2024?

There were a total of 45 events: 20 advisory/vulnerability events and 25 incident/data breach events.

How does the number of incidents compare between week 41 and week 40 of 2024?

Advisories and incidents increased in week 41. Advisories rose from 9 in week 40 to 20 in week 41, and incidents increased from 18 to 25. The number of known impacted individuals also increased significantly, from just over 1 million in week 40 to over 31 million in week 41.

What was the largest data breach in week 41 of 2024?

The largest breach was the Internet Archive hack, where an authentication database was compromised, exposing the personal information of 31 million users.

What were the main causes of incidents in week 41 of 2024?

The primary causes were Malware, Ransomware, and Related Attacks (7 incidents), Software Vulnerability and SDLC Exploits (4 incidents), Unauthorized Access (3 incidents), and Social Engineering and Phishing (2 incidents).

Which industries were most affected by security incidents in week 41 of 2024?

The industries most affected were IT/Software/Technology (6 incidents), Government (5 incidents), Healthcare (3 incidents), Consulting/Professional Services (2 incidents), and Finance (2 incidents). Other affected industries include Food and Beverage, Entertainment/Leisure, Education, Manufacturing, Retail, Transport/Logistics, and Utilities.

Knowledge

State of (in)security - Week 41, 2024

published: Oct. 14, 2024

Take action: When using any cloud service, submit only things about you that you accept to be leaked on the internet. And don't trust random startups with your data - they are racing to make a profitable product, not a secure one. In the meantime - don't delay patching for months - you WILL be hacked. Hackers will not stop using flaws because they are old.

Learn More

In the week between Oct. 7, 2024, midnight and Oct. 14, 2024, midnight we witnessed a total of:

20 advisory/vulnerability events
25 incident/data breach events

Week over Week comparison of week 41 2024 vs week 40 2024:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 31,182,448 impacted individuals across 8 incidents, with the largest breach being the The Internet Archive hacked, authentication database compromised exposing 31M users incident exposing 31,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	7
Software Vulnerability and SDLC Exploits	4
Unauthorized access	3
Social Engineering and Phishing	2

Industry breakdown of incidents

Industry	Number of incidents
IT/Software/Technology	6
Government	5
Healthcare	3
Consulting/Professional Services	2
Finance	2
Food and Beverage	1
Entertainment/Leisure	1
Education	1
Manufacturing	1
Retail	1
Transport/Logistics	1
Utilities	1

Read the Event Details of the Week

Knowledge

active attack | CISA warns of critical Fortinet RCE actively exploited
active attack | Ivanti warns of three new actively Exploited flaws in Cloud Service Application
active exploit | Sophos warns of Akira and Fog ransomware gangs exploiting critical Veeam RCE flaw

Vulnerabilities

critical vulnerability | Adobe releases October 2024 patches for flaws in multiple products, including critical
critical vulnerability | Apache Avro SDK reports arbitrary code execution flaw
critical vulnerability | GitLab releases patch for critical flaw enabling arbitrary branch pipeline execution
critical vulnerability | Google releases Chrome security update, patches two high severity flaws
critical vulnerability | Google releases October 2024 Android patches, fixes 26 flaws
critical vulnerability | Microsoft releases October 2024 Patch, fixes 118 flaws including 5 zero day and 3 critical
critical vulnerability | Mozilla patches actively exploited flaw in Firefox
critical vulnerability | Okta patches critical vulnerabilities in its Classic product enabling Sign-On Policy bypass
critical vulnerability | Palo Alto Patches critical flaws in Expedition tool exposing firewall credentials
critical vulnerability | Qualcomm patches actively exploited flaw in DSP Service in their chipsets
critical vulnerability | Researchers investigate Industrial MMS Protocol Libraries, find old flaws
critical vulnerability | Rockwell Automation reports multiple flaws vulnerabilities in DataMosaix Private Cloud
critical vulnerability | Samsung releases October 2024 update, patching multiple flaws including 5 critical
critical vulnerability | SAP October 2024 Patch releases six new Security Notes, updates seven previous
critical vulnerability | Siemens reports a critical vulnerability in HiMed Cockpit
critical vulnerability | Siemens reports critical flaw in SENTRON 7KM PAC3200 power measuring device
critical vulnerability | Siemens reports critical flaw in Sentron Powercenter 1000
critical vulnerability | Siemens reports multiple flaws in PSS SINCAL
critical vulnerability | Siemens reports vulnerabilities in SINEC Security Monitor, including two critical
critical vulnerability | Worldfence reports critical flaws in LatePoint WordPress plugin

Incidents

critical vulnerability | American Water Works Company reports cyberattack, claims no facilities affected
data breach | Game Freak game studio suffer data breach that leaks info about new games
data breach | Ireland’s debt collection agency Cabot Financial hit by cyberattack, data breach
data breach | The Hawaii State Judiciary reports data breach exposing current and former employees
data breach | Casio reports cybersecurity breach leading to IT systems failures
data breach | The Internet Archive hacked, authentication database compromised exposing 31M users
data breach | Accounting firm Dohman, Akerlund & Eddy, LLC reports data breach
data breach | Muah.ai AI girlfriend site breached exposing sexual fantasies and interactions
data breach | Seven Counties Services reports data breach caused by phishing attack
data breach | Omni Family Health reports data breach of current and former patients data
data breach | Shoe Show footwear retailer reports data breach exposing about 12K people
data breach | True World Holdings group reports data breach
data breach | Fidelity Investments reports data breach exposing personal data of 77K customers
data breach | CreditRiskMonitor SaaS credit monitoring platform reports data breach
data breach | Universal Music Group reports data breach
data breach | Tidal Basin Holdco reports data breach
data breach | Home security/alarm company ADT reports second data breach in two months
data breach | Hennepin County reports data breach affecting 2 public health programs
ransomware | Australian company Road Distribution Services hit by ransomware as part of larger breach
ransomware | Agency for Administrative Modernisation in Portugal hit by ransomware
ransomware | Axis Health System hit by cyberattack impacting operations
ransomware | Sonoma County Superior Court reports data breach, Meow ransomware gang claims responsibility
ransomware | C.R. Laurence reports ransomware attack
ransomware | Massachusetts payroll system attacked via phishing campaign
ransomware | Calgary Public Library closes all locations due to cybersecurity breach

Read More
State of (in)security - Week 33, 2023
State of (in)security - Week 14, 2024
State of (in)security - Week 29, 2025
State of (in)security - Week 12, 2024
State of (in)security - Week 26, 2023