State of (in)security - Week 46
published: Nov. 20, 2023
Take action: If your organization is faced with an incident, don't try to hide it. The cat is out of the bag, process it and report it. That's the best way not to be extorted nor suffer penalties. And it still shows a better level of trustworthiness than playing dumb. And pentest your AI/ML systems, they may be vulnerable because they are running on regular servers with standard and often unpatched base software.
Learn More
In the week between Nov. 13, 2023, midnight and Nov. 20, 2023, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 30 incident/data breach events
Week over Week comparison of week 46 vs week 45 is no major changes:
- Almost the same number of incidents, from 29 up to 30 and an increase in advisories, from 4 down to 10.
- The number of known impacted individuals from data breaches is reducing, from just above 4 million in week 45 down to 2.7 miliion in week 46.
We also shared 4 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 2,730,218 impacted individuals across 5 incidents, with the largest breach being the Truepill pharmacy provider reports data breach, exposes 2.3 million persons incident exposing 2,300,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 11 |
| third party breach | 3 |
| database configuration error, exposed w/o password online | 2 |
| malicious third party software | 1 |
| account breach | 1 |
| unpatched software vulnerability | 1 |
| compromised support account | 1 |
| leaked cloud credentials | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Finance | 7 |
| Government | 5 |
| Healthcare | 4 |
| Education | 4 |
| IT/Software/Technology | 2 |
| Entertainment/Leisure | 2 |
| Utilities | 1 |
| Aviation | 1 |
| Other | 1 |
| Pharmaceuticals | 1 |
| Automotive | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Zimbra XSS vulnerability exploited by hackers to to steal government emails
- awareness | Respect Incident Reporting to regulators - hackers are pressuring victims by reporting them to SEC
- active attack | A new stealth backdoor into vulnerable Confluence persists after patching
- awareness | Time to start pentesting your AI models, because there are a bunch of issues
Vulnerabilities
- critical vulnerability | Vulnerability reported in Solana's Saga phone, Solana refutes
- critical vulnerability | Aruba Networks fixes 14 vulnerabilities in access point OS, three are critical
- critical vulnerability | Microsoft patch release for November 2023, fixes 5 actively exploited issues, 58 flaws
- critical vulnerability | Microsoft fixes Azure CLI critical vulnerability that exposes credentials in logs
- critical vulnerability | Intel patch release fixes over 100 issues including multiple high and critical flaws
- critical vulnerability | Fortinet reports critical command injection vulnerability in FortiSIEM
- critical vulnerability | VMware issues critical warning of their Cloud Director product
- critical vulnerability | Adobe releases patches for critical issues in Acrobat, Reader, ColdFusion
- critical vulnerability | SAP November 2023 patch fixes critical severity flaw of SAP Business One, other issues
- critical vulnerability | Exploit proof of concept released for CrushFTP, patch ASAP
Incidents
- critical vulnerability | MESVision reports MOVEit related data breach
- data breach | Samsung reports data breach impacting UK customers
- data breach | Truepill pharmacy provider reports data breach, exposes 2.3 million persons
- data breach | Pacific Union College reports data breach, exposes 56k individuals
- data breach | West Central Health District report data breach
- data breach | Hackers claim responsibility for breaching Plume - Smart WiFi Provider
- data breach | Beaverton School District reports data breach
- data breach | Strendus online casino leaks customer data due to unprotected logs
- data breach | Salem Regional Hospital report data breach after provider PJ&A hacked
- data breach | National Telecommunication Monitoring Center leaks data of Bangladeshi citizens
- data breach | Rivers Casino, Illinois reports data breach, exposes customer data
- data breach | Stanley Steemer reports data breach, exposes 67K customers
- data breach | Yamaha Motor reports ransomware attack on Philippines subsidiary
- data breach | Canadian public service, police and military members' data exposed in data breach
- data breach | Trader Joe decentralized exchange reports breach, asks users to act fast
- data breach | Kronos Research reports loss of $26 Million due to security breach
- data breach | Egyptian fintech Fawry denies breach even though listed on Lockbit gang breach site
- data breach | Republic Bank of Chicago reports data breach, exposing over 7k individuals
- data breach | Recology, a waste management company reports cyber attack
- data breach | Hackers apparently stole data of 300k customers of Coin Cloud, a bankrupt crypto ATM service
- ransomware | Bladen County impacted by cyberattack, possibly data theft
- ransomware | North Carolina Central University suspends online curriculum after cyberattack
- ransomware | City of Huber Heights services impacetd by ransomware
- ransomware | WellLife Network reports cyber attack, data breach
- ransomware | Mt. Graham Regional Medical Center reports data breach
- ransomware | Moneris Solutions impacted by Medusa ransomware, claims no 'critical' data exposed
- ransomware | LockBit claims responsibility for attack on aerospace company Sabena Engineering
- ransomware | Hellenic Public Properties Company impacted by ransomware
- ransomware | British Library digital services offline after cyberattack
- ransomware | Toyota Financial Services confirms data breach
