What events occurred between Oct. 9, 2023, and Oct. 16, 2023?

During that week, there were 11 advisory/vulnerability events and 23 incident/data breach events.

How did week 41 compare to week 40 in terms of advisories and incidents?

In week 41, there were 11 advisories and 23 incidents, which is a slight deterioration compared to the previous week with 8 advisories and 19 incidents.

How many individuals were impacted by these events?

Approximately 1,112,330 individuals were impacted across 8 incidents, with the largest breach being the French gaming platform Shadow, which exposed data of 530,000 individuals. It's important to note that not all incidents reported the number of impacted individuals, so the actual number is likely higher.

What were the main causes of these incidents?

The incidents had various causes, including 8 ransomware incidents, 2 third-party breaches, and 1 incident involving social engineering and ransomware.

Which industries were affected by these incidents?

Multiple industries were impacted, with the healthcare industry experiencing the most incidents (5), followed by government (3), IT/software/technology (3), education (3), manufacturing (2), construction (2), transport/logistics (1), consulting/professional services (1), energy (1), entertainment/leisure (1), and aviation (1).

Knowledge

State of (in)security - Week 41, 2023

published: Oct. 16, 2023

Take action: Don't try to advertise a vulnerability finding as a big deal ahead of an advisory. After several massively exploited 10/10 vulnerabilities in the last months, pumping up the public for a critical advisory is counterproductive. Deliver a clear and easy to consume advisory, with clear impact assessment and research.

Learn More

In the week between Oct. 9, 2023, midnight and Oct. 16, 2023, midnight we witnessed a total of:

11 advisory/vulnerability events
23 incident/data breach events

Week over Week comparison of week 41 vs week 40 is a slight deterioration:

We also shared 3 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 1,112,330 impacted individuals across 8 incidents, with the largest breach being the French gaming platform Shadow reports data breach of customer data incident exposing 530,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
ransomware	8
third party breach	2
social engineering, ransomware	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	5
Government	3
IT/Software/Technology	3
Education	3
Manufacturing	2
Construction	2
Transport/Logistics	1
Consulting/Professional Services	1
Energy	1
Entertainment/Leisure	1
Aviation	1

Read the Event Details of the Week

Knowledge

active attack | Atlassian Confluence vulnerability exploited in active hacks by nation state groups
critical vulnerability | Walkthrough in the newly discovered HTTP/2 DoS Rapid Reset Vulnerability
active exploit | Active credential harvesting attack on unpatched Citrix NetScaler

Vulnerabilities

critical vulnerability | D-Link WiFi range extender vulnerability exposes DoS and command injection
critical vulnerability | Siemens Issues Patches for 41 flaws, three of them critical
critical vulnerability | ConnectedIO's 3G/4G Routers vulnerable to remote code execution
critical vulnerability | Critical vulnerability in old CD playing library in Linux GNOME Desktop
critical vulnerability | Another Citrix NetScaler flaw gives access to sensitive data
critical vulnerability | TagDiv Plugin vulnerability used in hacking campaign on WordPress sites
critical vulnerability | SAP issues October 2023 advisories for their products
critical vulnerability | Microsoft October 2023 patch fixes 3 actively hacked vulnerabilities, 12 critical, total over 100 issues
critical vulnerability | Chrome releases version 118 Patches 20 flaws, one critical
critical vulnerability | Curl tool fixes Heap Overflow Vulnerability
critical vulnerability | Industrial routers Yifan vulnerable to 10 zero-day flaws

Incidents

data breach | Edmonds School District reports data breach exposing 91k individuals
data breach | Property platform PEXA investigating incident and data breach
data breach | Stars Arena blockchain social platform hacked, nearly $3 Million US stolen
data breach | UK based Volex PLC impacted by cyberattack
data breach | Cook County Health and Hospitals System reports data breach of third party supplier
data breach | Accounting company Frazier & Deeter reports data breach
data breach | Website of House of Representatives hacked
data breach | BriansClub.cm card black market hacked, card data reported to banks
data breach | Air Europa reports breached credit card payment system
data breach | West Texas Gas reports data breach, exposing 56k
data breach | De La Salle University, Phillipines reports cyberattack
data breach | OrthoAlaska reports data breach, impacts over 150k individuals
data breach | Philippine Statistics Authority reports data breach, claims impact to one system
data breach | University of Virginia subcontractor breach puts student data at risk
data breach | Connecticut hursing and rehabilitation centers report data breach
data breach | Basketball team ASVEL suffers data breach
data breach | French gaming platform Shadow reports data breach of customer data
data breach | Morrison Community Hospital hacked by AlphV ransomware gang
data breach | Community First Medical Center impacted by data breach, 200k patients exposed
ransomware | ALPHV ransomware gang claims breach of Florida court
ransomware | Simpson Manufacturing stops production due to cyberattack
ransomware | Metro Transit of St. Louis suffers data breach
ransomware | NoEscape ransomware gang claims breach of Seattle Housing Authority

Read More
State of (in)security - Week 48, 2025
State of (in)security - Week 34, 2023
State of (in)security - Week 25, 2024
State of (in)security - Week 24, 2025
State of (in)security - Week 42, 2024