State of (in)security - Week 42
published: Oct. 23, 2023
Take action: Procrastination in security fixes doesn't make things easier. Hackers are activelly attacking old vulnerabilities that too many people have just ignored or not updated.
Learn More
In the week between Oct. 16, 2023, midnight and Oct. 23, 2023, midnight we witnessed a total of:
- 7 advisory/vulnerability events
- 32 incident/data breach events
Week over Week comparison of week 42 vs week 41 is things getting worse:
- The advisories are slightly decreasing but incidents are significantly increasing - 7 advisories versus the previous 11, and 32 incidents verus the previous 23.
- The known impacted individuals from data breaches in week 42 has increased to over 5,000,000 from the previous 1,100,000 in week 41.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 5,184,594 impacted individuals across 10 incidents, with the largest breach being the Second potential data breach at 23andMe incident exposing 4,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 8 |
| third party breach | 5 |
| email guessing | 1 |
| phishing | 1 |
| server misconfiguration | 1 |
| compromised support account | 1 |
| unpatched software vulnerability | 1 |
| email account breach | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 8 |
| Finance | 5 |
| IT/Software/Technology | 5 |
| Government | 5 |
| Insurance | 2 |
| Entertainment/Leisure | 2 |
| Manufacturing | 2 |
| Retail | 1 |
| Education | 1 |
| Construction | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Not surprisingly, WinRAR vulnerability is actively exploited
- active attack | Citrix Netscaler CVE-2023-4966 actively exploited
- active exploit | JetBrains TeamCity vulnerability exploited by state sponsored hackers
Vulnerabilities
- critical vulnerability | Critical Cisco IOS vulnerability being actively hacked, no patch available
- critical vulnerability | Oracle October Update has patches for over 387 Vulnerabilities
- critical vulnerability | Adobe issues fix for critical Photoshop vulnerability
- critical vulnerability | Critical vulnerability in Schneider Electric EcoStruxure Products
- critical vulnerability | WordPress Royal Elementor plugin exploited by hackers
- critical vulnerability | CasaOS Open Source cloud software critical vulnerabilities
- critical vulnerability | SolarWinds Acces Rights tool critically vulnerable, exposes remote takeover
Incidents
- data breach | Educaton tool manufacturer Sphero possibly impacted by data breach
- data breach | Identity management firm Okta support system hacked, exposing customer session tokens
- data breach | Crum & Forster insurance report data breach, approx. 14k individuals impacted
- data breach | Lennar construction company reports data breach
- data breach | Wishbone Medical reports data breach, email account compromise blamed
- data breach | Australian retirement savings provider Super SA reports third-party data breach
- data breach | Saint Louis University reports data breach impacting students and staff
- data breach | Casio reports data breach with global impact on customers
- data breach | Second potential data breach at 23andMe
- data breach | Norfolk Redevelopment Housing Authority reports data breach
- data breach | D-Link confirms data breach caused by phishing attack on employee
- data breach | Cape Fear Valley Health reports MOVEit related third party data breach
- data breach | California-based Tri Counties Bank reports data breach
- data breach | Philadelphia city email system breached, possibly exposing personal and health info
- data breach | Trust Benefit Technologies reports data breach
- data breach | Hong Kong Post reports data breach
- data breach | Phillipines based crypto exchange Coins.ph impacted by security breach, loses $6.2 Million in XRP
- data breach | Fintech AvidXchange data leak after cybersecurity attack
- data breach | TrueUSD stablecoin issuer reports data breach of third party, customer data exposed
- data breach | Medical University of South Carolina reports third party data breach
- data breach | Henry Schein reports cybersecurity incident
- data breach | Jaime S. Schwartz plastic surgery practice impacted by ransomware
- data breach | Meadville Medical Center reports potential data breach of third party
- ransomware | Trigona hackers get hacked, ransom site taken down
- ransomware | Website of the Hong Kong Ballet attacked by ransomware
- ransomware | Cumberland County Register of Deeds online systems brought down by ransomware
- ransomware | Ampersand TV advertising provider impacted by ransomware
- ransomware | Akumin radiology delays diagnostic and clinical ops due to ransomware
- ransomware | Westchester Medical Center Network impacted by cyberattack, diverts patients
- ransomware | American Family Insurance reports cyberattack causing IT system outage
- ransomware | KwikTrip systems hit by cyberattack
- ransomware | Kansas courts possibly disrupted by ransomware
