State of (in)security - Week 47, 2024
Take action: This week focus is on Palo Alto firewalls, or anything really. Make double sure that the management interface of all Palo Alto products is enabled for access only from trusted internal IP addresses, and blocking all internet access to the management interface. Then start patching. NOW.
Learn More
In the week between Nov. 18, 2024, midnight and Nov. 25, 2024, midnight we witnessed a total of:
- 2 advisory/vulnerability events
- 22 incident/data breach events
Week over Week comparison of week 47 2024 vs week 46 2024:
- Advisories are significantly down from the previous week, incidents are slightly down. Advisories are down from 14 in week 46, to just 2 in week 47. Incidents are down from 23 in week 46 to 22 in week 47.
- The number of known impacted individuals is signifcantly down - from 122 million in week 46 to just over 6 million in week 47.
We also shared 6 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 6,150,853 impacted individuals across 7 incidents, with the largest breach being the Thai department store operator The 1 Co reports data breach exposing loyalty programme members incident exposing 5,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| Malware, Ransomware and Related Attacks | 7 |
| Unauthorized access | 3 |
| System Misconfiguration Exploits | 2 |
| Human bad security behaviour | 1 |
| Software Vulnerability and SDLC Exploits | 1 |
| Third Party Compromise | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| IT/Software/Technology | 5 |
| Government | 4 |
| Healthcare | 4 |
| Entertainment/Leisure | 2 |
| Insurance | 1 |
| Other | 1 |
| Automotive | 1 |
| Retail | 1 |
| Energy | 1 |
| Finance | 1 |
| Food and Beverage | 1 |
Read the Event Details of the Week
Knowledge
- active exploit | Apple releases iOS 18.1.1, 17.7.2 and macOS 15.1.1 fixing actively exploited flaws
- active exploit | Broadcom confirms active exploitation of two vulnerabilities in VMware vCenter Server
- active exploit | CISA warns of actively exploited critical flaws in Progress Kemp LoadMaster
- active exploit | Oracle patches actively exploited flaw in Agile PLM
- active exploit | Palo Alto reports two actively exploited flaws in PAN-OS
- active attack | Trellix researchers warn of malicious campaign that uses legitimate but outdated Avast Anti-Rootkit driver
Vulnerabilities
- critical vulnerability | Apache OfBiz patches two flaws, one critical
- critical vulnerability | D-Link warns of critical flaw in end-of-life routers, tells user to replace them
Incidents
- data breach | Forces Penpals dating / social networking service for military servicemembers leaks user data
- data breach | US counseling and health services provider Equinox reports data breach
- data breach | Numosity EV charging software firm breached, initially claimed as Tesla breach
- data breach | Rockford Gastroenterology reports data breach, exposes 147K patients
- data breach | Ministry of Justice of England and Wales reports data breach exposing sensitive prison infrastructure
- data breach | Maxar Technologies reports data breach
- data breach | Pacific Pulmonary Medical reports data breach by Everest Team ransomware gang
- data breach | International Game Technology (IGT) reports cyberattack
- data breach | Fintech Giant Finastra reports data breach
- data breach | Thai department store operator The 1 Co reports data breach exposing loyalty programme members
- data breach | RansomHub gang claims breach of Mexican government's official federal website
- data breach | The online course platform of Andrew Tate breached, data of 800k people leaked
- data breach | New York State Fishkill Correctional Facility reports data breach
- data breach | Hacker offers to sell data of 750K patients of unnamed French hospital
- data breach | Hackers claim breach of Ford customer data, company is investigating
- data breach | The US Library of Congress reports breach of email communications
- data breach | PracticeSuite reports data breach exposing data of Texan ENT Specialists, LLC
- ransomware | San Francisco Ballet Company data stolen and exposed by the Meow, INC Ransom gangs
- ransomware | Supply chain software provider Blue Yonder reports ransomware attack
- ransomware | Snow Brand Australia reports ransomware attack, data breach
- ransomware | Bangladesh based Popular Life Insurance hit by ransomware
- ransomware | German electricity provider Tibber hit by cyberattack, at least 50k people affected
