State of (in)security - Week 42, 2024
Take action: The time for delaying has passed - You need to patch your SolarWinds WHD and Windows ASAP - there are active attacks against both! If you are using ESET products, be very careful with emails from the vendor. The main partner of ESET in Israel has been hacked and used to distribute malware. We can expect a lot of phishing scam campaigns to follow.
Learn More
In the week between Oct. 14, 2024, midnight and Oct. 21, 2024, midnight we witnessed a total of:
- 11 advisory/vulnerability events
- 26 incident/data breach events
Week over Week comparison of week 42 2024 vs week 41 2024:
- Advisories are down, incidents are just slightly up. Advisories are down from 20 in week 41 to 11 in week 42. Incidents are up by just one from 25 in week 41 to 26 in week 42.
- The number of known impacted individuals is signifcantly up - from over 31 million in week 41 to over 273 million in week 42.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 273,959,573 impacted individuals across 9 incidents, with the largest breach being the Brazilian federal police arrests hacker responsible for a massive theft of personal data incident exposing 272,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| System Misconfiguration Exploits | 3 |
| Third Party Compromise | 3 |
| Software Vulnerability and SDLC Exploits | 2 |
| Human bad security behaviour | 1 |
| Unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 5 |
| Government | 5 |
| Healthcare | 3 |
| Consulting/Professional Services | 3 |
| Finance | 3 |
| Retail | 2 |
| Telecommunications | 1 |
| Education | 1 |
| Entertainment/Leisure | 1 |
| Non-profit/Charity | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | CISA warns that SolarWinds Web Help Desk flaw is actively exploited
- active attack | High-severity Windows flaw exploited in hacker gang attacks
- active attack | North Korean hackers exploit flaw in Microsoft Edge using Internet Explorer Mode - patch NOW.
Vulnerabilities
- critical vulnerability | Bitdefender Total Security fixes multiple flaws classified as high severity, just below critical
- critical vulnerability | Critical vulnerability reported in Java security framework pac4j
- critical vulnerability | Critical vulnerability reported in Kubernetes Image Builder
- critical vulnerability | GitHub reports critical vulnerability in its Enterprise Server
- critical vulnerability | Google releases Chrome 130, patches 17 security vulnerabilities
- critical vulnerability | Grafana Labs reports critical flaw in Grafana 11
- critical vulnerability | Jetpack WordPress plugin patches critical flaw
- critical vulnerability | Microsoft reports macOS vulnerability dubbed HM Surf that bypasses the TCC framework
- critical vulnerability | Oracle releases October 2024 Security Update, patches 334 flaws
- critical vulnerability | Splunk releases patches for Enterprise product to fix multiple flaws, one near-critical
- critical vulnerability | Trend Micro warns of critical vulnerability in Cloud Edge appliance
Incidents
- attack | Hackers breach Israel ESET partner and impersonate cyber firm ESET to target Israel companies
- data breach | Birth Choice of San Marco reports third party data breach
- data breach | TransUnion Risk and Alternative Data Solutions reports data breach
- data breach | Brazilian federal police arrests hacker responsible for a massive theft of personal data
- data breach | Intesa Sanpaolo investigates data breach caused by one of its employees
- data breach | Georgetown University leaks data of students and applicants
- data breach | Verizon Communications reports retail agent data breach
- data breach | Tri-City Medical Center reports data breach, exposing over 100k patients
- data breach | Another breach of Internet Archive - this time through stolen access tokens
- data breach | Volkswagen Group states IT infrastructure not affected after 8Base ransomware group claims breach
- data breach | Indonesia’s e-visa system leaks personal data of tourists
- data breach | Varsity Brands reports data breach, exposing almost 66,000 individuals
- data breach | Texas Department of Public Safety reports data breach exposing 115K people
- data breach | Gryphon Healthcare reports third party breach exposing over 300k people
- data breach | Central Tickets reports data breach exposing user data
- data breach | Canton Municipal Court reports data breach of Stark County court database
- data breach | Hacker IntelBroker breache of Cisco, selling code and credentials; Cisco shuts down DevHub portal
- data loss | Microsoft reports losing part of its enterprise customers' security logs due to a vulnerability
- ransomware | Uttarakhand State Data Center hit by ransomware, disrupts govt ervices
- ransomware | ION Trading UK hit by ransomware attack
- ransomware | LEGO website breached, hackers abuse it to promote fraudulent cryptocurrency
- ransomware | RRCA Accounts Management reports randsomware attack, data breach
- ransomware | Australian entertainment company Funlab reports ransomware attack
- ransomware | Central Pennsylvania Food Bank hit by ransomware
- ransomware | Boston Children’s Health Physicians targeted by BianLian ransomware group
- theft | Critical vulnerability of Radiant Capital cross-chain lending protocol leads to $50M loss
