State of (in)security - Week 46

published: Nov. 20, 2023

Take action: If your organization is faced with an incident, don't try to hide it. The cat is out of the bag, process it and report it. That's the best way not to be extorted nor suffer penalties. And it still shows a better level of trustworthiness than playing dumb. And pentest your AI/ML systems, they may be vulnerable because they are running on regular servers with standard and often unpatched base software.

Learn More

In the week between Nov. 13, 2023, midnight and Nov. 20, 2023, midnight we witnessed a total of:
  • 10 advisory/vulnerability events
  • 30 incident/data breach events

Week over Week comparison of week 46 vs week 45 is no major changes:

We also shared 4 practical knowledge items
Total impacted individuals via the events of the week

There were a total of 2,730,218 impacted individuals across 5 incidents, with the largest breach being the Truepill pharmacy provider reports data breach, exposes 2.3 million persons incident exposing 2,300,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents
Cause Number of incidents
ransomware 11
third party breach 3
database configuration error, exposed w/o password online 2
malicious third party software 1
account breach 1
unpatched software vulnerability 1
compromised support account 1
leaked cloud credentials 1
Industry breakdown of incidents
Industry Number of incidents
Finance 7
Government 5
Healthcare 4
Education 4
IT/Software/Technology 2
Entertainment/Leisure 2
Utilities 1
Aviation 1
Other 1
Pharmaceuticals 1
Automotive 1

Read the Event Details of the Week




State of (in)security - Week 46