State of (in)security - Week 41
published: Oct. 16, 2023
Take action: Don't try to advertise a vulnerability finding as a big deal ahead of an advisory. After several massively exploited 10/10 vulnerabilities in the last months, pumping up the public for a critical advisory is counterproductive. Deliver a clear and easy to consume advisory, with clear impact assessment and research.
Learn More
In the week between Oct. 9, 2023, midnight and Oct. 16, 2023, midnight we witnessed a total of:
- 11 advisory/vulnerability events
- 23 incident/data breach events
Week over Week comparison of week 41 vs week 40 is a slight deterioration:
- The advisories and incidents are slightly decreasing - 11 advisories versus the previous 8, and 23 incidents verus the previous 19.
- The known impacted individuals from data breaches in week 41 has slighly increased to around 1,100,000 from the previous 900,000 in week 40.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 1,112,330 impacted individuals across 8 incidents, with the largest breach being the French gaming platform Shadow reports data breach of customer data incident exposing 530,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 8 |
| third party breach | 2 |
| social engineering, ransomware | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 5 |
| Government | 3 |
| IT/Software/Technology | 3 |
| Education | 3 |
| Manufacturing | 2 |
| Construction | 2 |
| Transport/Logistics | 1 |
| Consulting/Professional Services | 1 |
| Energy | 1 |
| Entertainment/Leisure | 1 |
| Aviation | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Atlassian Confluence vulnerability exploited in active hacks by nation state groups
- critical vulnerability | Walkthrough in the newly discovered HTTP/2 DoS Rapid Reset Vulnerability
- active exploit | Active credential harvesting attack on unpatched Citrix NetScaler
Vulnerabilities
- critical vulnerability | D-Link WiFi range extender vulnerability exposes DoS and command injection
- critical vulnerability | Siemens Issues Patches for 41 flaws, three of them critical
- critical vulnerability | ConnectedIO's 3G/4G Routers vulnerable to remote code execution
- critical vulnerability | Critical vulnerability in old CD playing library in Linux GNOME Desktop
- critical vulnerability | Another Citrix NetScaler flaw gives access to sensitive data
- critical vulnerability | TagDiv Plugin vulnerability used in hacking campaign on WordPress sites
- critical vulnerability | SAP issues October 2023 advisories for their products
- critical vulnerability | Microsoft October 2023 patch fixes 3 actively hacked vulnerabilities, 12 critical, total over 100 issues
- critical vulnerability | Chrome releases version 118 Patches 20 flaws, one critical
- critical vulnerability | Curl tool fixes Heap Overflow Vulnerability
- critical vulnerability | Industrial routers Yifan vulnerable to 10 zero-day flaws
Incidents
- data breach | Edmonds School District reports data breach exposing 91k individuals
- data breach | Property platform PEXA investigating incident and data breach
- data breach | Stars Arena blockchain social platform hacked, nearly $3 Million US stolen
- data breach | UK based Volex PLC impacted by cyberattack
- data breach | Cook County Health and Hospitals System reports data breach of third party supplier
- data breach | Accounting company Frazier & Deeter reports data breach
- data breach | Website of House of Representatives hacked
- data breach | BriansClub.cm card black market hacked, card data reported to banks
- data breach | Air Europa reports breached credit card payment system
- data breach | West Texas Gas reports data breach, exposing 56k
- data breach | De La Salle University, Phillipines reports cyberattack
- data breach | OrthoAlaska reports data breach, impacts over 150k individuals
- data breach | Philippine Statistics Authority reports data breach, claims impact to one system
- data breach | University of Virginia subcontractor breach puts student data at risk
- data breach | Connecticut hursing and rehabilitation centers report data breach
- data breach | Basketball team ASVEL suffers data breach
- data breach | French gaming platform Shadow reports data breach of customer data
- data breach | Morrison Community Hospital hacked by AlphV ransomware gang
- data breach | Community First Medical Center impacted by data breach, 200k patients exposed
- ransomware | ALPHV ransomware gang claims breach of Florida court
- ransomware | Simpson Manufacturing stops production due to cyberattack
- ransomware | Metro Transit of St. Louis suffers data breach
- ransomware | NoEscape ransomware gang claims breach of Seattle Housing Authority
