State of (in)security - Week 43
published: Oct. 30, 2023
Take action: Track Repeat Incidents to establish trends of wrong behavior. One-off incidents can occur to anyone, but multiple similar incidents indicate deeper systemic issues. Monitoring the frequency and nature of incidents is crucial - especially for third-party providers. Don't be afraid to change a provider if they are not behaving properly. It costs much less than being impacted by their incidents.
Learn More
In the week between Oct. 23, 2023, midnight and Oct. 30, 2023, midnight we witnessed a total of:
- 7 advisory/vulnerability events
- 24 incident/data breach events
Week over Week comparison of week 43 vs week 42 is - sligtly better:
- Same number of weekly advisories - 7, but the incidents have dropped to 24 from 32 in the previous week.
- The known impacted individuals from data breaches in week 43 has decreased to over 2,920,000 from the previous over 5,000,000 in week 42.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 2,920,344 impacted individuals across 10 incidents, with the largest breach being the Redcliffe Labs apparently impacted by data leak, exposing 12 million records incident exposing 2,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 7 |
| third party breach | 4 |
| database configuration error, exposed w/o password online | 2 |
| account breach | 1 |
| protocol design issue | 1 |
| human error | 1 |
| DB config error, exposed w/o password | 1 |
| email account breach | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 4 |
| Finance | 4 |
| Healthcare | 4 |
| Education | 3 |
| Government | 3 |
| Telecommunications | 2 |
| Transport/Logistics | 1 |
| Energy | 1 |
| Insurance | 1 |
| Aviation | 1 |
Read the Event Details of the Week
Knowledge
- active attack | VMware reports public exploit of vRealize RCE vulnerability
- active attack | Hackers target Roundcube webmail application vulnerability, compromise EU govt servers
- awareness | Okta security incident history - let's learn from other's mishaps
Vulnerabilities
- critical vulnerability | Cisco finally releases patches for IOS XE vulneabilities
- critical vulnerability | Rockwell Automation Stratix routers vulnerable to Cisco IOS XE vulnerability
- critical vulnerability | VMware reports critical vulnerability in vCenter
- critical vulnerability | Critical vulnerability in NextGen Mirth Connect exposes data
- critical vulnerability | F5 reports critical vulnerability in their BIG-IP product
- critical vulnerability | Ubiquiti reports critical security vulnerability in the UniFi Network application
- critical vulnerability | D-LINK DAR-7000 vulnerable to critical SQL Injection
Incidents
- critical vulnerability | Andesa Services reports MOVEit related data breach
- critical vulnerability | Telegram Maestro Bot impacted by ETH contract vulnerability, stolen $500,000
- data breach | Clark County school district in Nevada hacked, student data exposed
- data breach | Redcliffe Labs apparently impacted by data leak, exposing 12 million records
- data breach | Hello Alfred app leaks user data
- data breach | NASCO reports MOVEit related data breach
- data breach | Personify Care data breach impacts more than 12k patients
- data breach | Fredericksburg Foot & Ankle Cente reports data breach half a year later
- data breach | Ben E. Keith Company reports data breach, exposes 39,000 individuals
- data breach | Bank of Canton reports MOVEit related data breach
- data breach | CCleaner reports MOVEit related data breach
- data breach | Cengild Medical reports data breach exposing patient data
- data breach | Populus Financial Group reports data breach of over 16,000 individuals
- data breach | Data leak at third party provider for National police service of Ireland exposes driver details
- data breach | CoinFlip reports data breach caused by compromised employee email
- data breach | Longhorn medical imaging center reports data breach
- data breach | Clark County, Washington suspects hacker attack
- data breach | Reeds Spring schools report data breach after cyberattack
- data breach | Orange County District Attorney reports data breach
- ransomware | Telecom Services of Trinidad and Tobago hacked, 6GB customer data exposed
- ransomware | Lockbit gang claims to have hacked Boeing
- ransomware | BHI Energy reports a data breach by Akira gang
- ransomware | Chilean telecom GTD reports ransomware attack by the Rorschach gang
- ransomware | Stanford University impacted by ransomware cyberattack
