How many cybersecurity advisories and incidents were reported between Oct. 28 and Nov. 4, 2024?

Between October 28, 2024, and November 4, 2024, a total of 13 advisory/vulnerability events and 20 incident/data breach events were reported.

How did the number of cybersecurity events in week 44 compare to week 43 of 2024?

Both advisories and incidents increased from week 43 to week 44 of 2024. Advisories rose from 7 to 13, and incidents rose from 18 to 20. However, the number of impacted individuals significantly decreased from over 350 million in week 43 to over 22 million in week 44.

How many individuals were impacted by incidents reported in the week ending November 4, 2024?

A total of 22,523,267 individuals were known to be impacted across six incidents, with the largest breach being at France's second-largest ISP, Free, which affected approximately 19,200,000 individuals.

What were the primary causes of the cybersecurity incidents reported in week 44?

The primary causes of incidents included malware and ransomware attacks (6 incidents), third-party compromises (2 incidents), system misconfiguration exploits (1 incident), and unauthorized access (1 incident).

Which industries were most affected by cybersecurity incidents in week 44 of 2024?

The industries most affected included healthcare (5 incidents), government (4 incidents), IT/software/technology (3 incidents), education (2 incidents), and other sectors including manufacturing, telecommunications, pharmaceuticals, and finance with one incident each.

What practical knowledge items were shared during the week ending November 4, 2024?

Two practical knowledge items were shared: an active attack attempting to exploit zero-day flaws in PTZOptics cameras and an active exploit involving a massive ransomware attack targeting 22,000 CyberPanel instances.

What critical vulnerabilities were addressed in the week ending November 4, 2024?

Several critical vulnerabilities were patched, including issues in qBittorrent, Delta Electronics InfraSuite Device Master, Google Chrome, IBM's Business Automation Workflow and Power Systems Flexible Service Processor, open-source AI and ML models, Okta, QNAP, Rockwell Automation's FactoryTalk ThinManager, Synology products, ServiceNow's Now Platform, VMware's Tanzu Spring Security, and NetIQ iManager (with potential for Remote Code Execution).

What were some notable incidents reported in the week ending November 4, 2024?

Notable incidents included a data breach at France's ISP Free affecting 19 million people, Peru's Interbank breach impacting 3 million customers, a breach at TEAM Software, data breaches affecting Chicago’s Saint Xavier University and Mystic Valley Elder Services, and ransomware attacks on entities like Bucharest’s District 5 City Hall, Rumpke Waste and Recycling, and Germany’s AEP Pharma.

What advice was provided to users regarding third-party extensions in Opera's 'CrossBarking' vulnerability?

Users were advised to update their Opera browser, use Opera's Add-ons Store for extensions, and avoid downloading extensions from third-party sources like the Chrome Web Store to prevent similar vulnerabilities from malicious extensions.

Knowledge

State of (in)security - Week 44, 2024

published: Nov. 4, 2024

Take action: Never use hardcoded credentials. It's a ticking time bomb.

Learn More

In the week between Oct. 28, 2024, midnight and Nov. 4, 2024, midnight we witnessed a total of:

13 advisory/vulnerability events
20 incident/data breach events

Week over Week comparison of week 44 2024 vs week 43 2024:

Advisories and incidents are up. Advisories are up from 7 in week 43 to 13 in week 44. Incidents are up from 18 in week 43 to 20 in week 44.
The number of known impacted individuals is signifcantly down - from over 350 million in week 43 to over 22 million in week 44.

We also shared 2 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 22,523,267 impacted individuals across 6 incidents, with the largest breach being the France's second largest ISP - Free reports data breach exposing 19 million incident exposing 19,200,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	6
Third Party Compromise	2
System Misconfiguration Exploits	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	5
Government	4
IT/Software/Technology	3
Education	2
Other	2
Manufacturing	1
Telecommunications	1
Pharmaceuticals	1
Finance	1

Read the Event Details of the Week

Knowledge

active attack | Hackers attempt to exploit zero-day flaws in PTZOptics cameras
active exploit | Massive ransomware attack targets 22K CyberPanel instances

Vulnerabilities

critical vulnerability | Critical security vulnerability patched in qBittorrent
critical vulnerability | Delta Electronics fixes a critical flaw in its InfraSuite Device Master
critical vulnerability | Google releases update for Chrome, patches critical flaw
critical vulnerability | IBM addresses long-standing critical flaw in Business Automation Workflow
critical vulnerability | IBM fixes a critical security flaw in Power Systems Flexible Service Processor
critical vulnerability | Multiple flaws, three critical reported in Open-Source AI and ML Models
critical vulnerability | Okta reports authentication bypass flaw for some long usernames
ransomware | QNAP patches critical SQLi flaw
critical vulnerability | Rockwell Automation fixes two vulnerabilities FactoryTalk ThinManager, one critical
ransomware | Security researcher reports critical zero-click flaws in Synology products
critical vulnerability | ServiceNow fixes vulnerabilities in Now Platform
critical vulnerability | VMware patches critical flaw in Tanzu Spring Security
critical vulnerability | Yahoo researchers chain exploits in NetIQ iManager to allow Remote Code Execution

Incidents

data breach | France's second largest ISP - Free reports data breach exposing 19 million
data breach | TEAM Software reports July 2024 data breach
data breach | Peru's Interbank reports data breach exposing 3M customers
data breach | Hacker claims unconfirmed breach of IBM employee records
data breach | Mystic Valley Elder Services reports data breach
data breach | Soliant Health reports data breach caused by compromised email account
data breach | France Ministry of Labor and Employment reports data breach at third party provider
data breach | Chicago based Saint Xavier University reports data breach
data breach | Advanced Recovery Equipment and Supplies reports data breach
data breach | Dallas-based Parkland Health reports data breach exposing 6,500 patients
data breach | Hackers claim breach and demand ransom of India-based NoBroker real estate marketplace
data breach | Housing Authority of City of Los Angeles (HACLA) reports ransomware attack, data breach
data breach | Brazillian driving school exposes data of 400K via an unsecured Google Cloud Storage
data breach | Art Gallery of Ontario reports cyberattack, data breach
ransomware | Bucharest’s District 5 City Hall report ransomware attack
ransomware | Hackers claim breach of Australian Nursing Home Foundation, 1.5TB allegedly stolen
ransomware | Rumpke Waste and Recycling hit by ransomware attack
ransomware | Memorial Hospital and Manor reports randomware attack
ransomware | German pharma wholesaler AEP hit by ransomware attack
ransomware | San Joaquin County Superior Court suffering tech outage after cyberattack

Read More
State of (in)security - Week 51, 2025
State of (in)security - Week 43, 2024
State of (in)security - Week 2, 2024
State of (in)security - Week 51, 2024
State of (in)security - Week 40, 2025