State of (in)security - Week 48, 2023
Take action: Running a legacy version of an internet connected software is a guaranteed recipe for a disaster. You are not saving money by running these systems - you spend a lot of money on hardware, people and you will pay massively more when you get hacked.
Learn More
In the week between Nov. 27, 2023, midnight and Dec. 4, 2023, midnight we witnessed a total of:
- 7 advisory/vulnerability events
- 36 incident/data breach events
- Significant increase in number of advisories, from 2 up to 7. The number of incidents is also significantly increased, from 27 to 36.
- The number of known impacted individuals from data breaches is decreased, from 10.5 million in week 47 down to 6 million in week 48.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 6,043,367 impacted individuals across 14 incidents, with the largest breach being the Dollar Tree reports third-party data breach, exposing 2 million individuals incident exposing 2,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 11 |
| third party breach | 9 |
| unpatched software vulnerability | 2 |
| human error | 1 |
| hacked computer | 1 |
| third party breach, email account breach | 1 |
| third party breach, ransomware | 1 |
| email account breach | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 13 |
| Finance | 4 |
| Education | 4 |
| Automotive | 3 |
| IT/Software/Technology | 3 |
| Utilities | 3 |
| Retail | 2 |
| Aviation | 1 |
| Insurance | 1 |
| Energy | 1 |
| Government | 1 |
Read the Event Details of the Week
Knowledge
- active attack | OwnCloud critical vulnerabilities already activelly attacked
- active attack | Ransomware is exploiting Qlik Sense BI platform bugs to breach networks
- bleeping_comp | How legacy software will kill you - 20,000 legacy Microsoft Exchange servers are active globally
Vulnerabilities
- critical vulnerability | Severe Vulnerabilities reported in in Ray Open Source Framework for AI/ML
- critical vulnerability | Arcserve Unified Data Protection reports three critical issues, exploit PoCs released
- critical vulnerability | Google fixes Chrome vulnerability exploited by hackers - update now
- critical vulnerability | Zyxel reports multiple critical vulnerabilities in their NAS devices
- critical vulnerability | Apple releases emergency updates for two new WebKit vulnerabilities exploited by hackers
- talkwalker | Critical Splunk Enterprise Vulnerability reported, PoC already available
- critical vulnerability | VMware releases patch for critical Cloud Director authentication bypass
Incidents
- bleeping_comp | Capital Health Hospitals reports IT outages, caused by cyberattack
- critical vulnerability | Japan space agency impacted by cyberattack
- critical vulnerability | First official war effort hack: Ukranian intelligence services claim hack on Rosaviatsia
- critical vulnerability | Pennsylvania Water Utility control systems hijacked by hackers
- data breach | Affinity Legacy, Inc. reports MOVEit related data breach
- data breach | Fordham University Email account data leaked in data breach
- data breach | KyberSwap cryptocurrency reports attack, theft of $54.7 million user cryptocurrency
- data breach | Japanese LY Corp exposes 440,000 personal records in data breach
- data breach | Southwestern Vermont Medical Center reports MOVEit related data breach, 19k patients exposed
- data breach | Texas Wesleyan University reports data breach
- data breach | Premier Health patients impacted by MOVEit related incident at Welltok
- data breach | ZeroedIn Technologies reports data breach, exposes 1.9 Million customers
- data breach | Proliance Surgeons reports data breach, exposes patient data
- data breach | Robeson Health Care Corporation reports data breach exposing 60k individuals
- data breach | Okta admits hackers accessed the data of all customers during the October breach
- data breach | Berglund Management Group car dealership reports data breach exposing over 50K people
- data breach | K&K Glass (Auto Glass Now) Reports data breach, exposing SSNs
- data breach | Blue Shield of California reports MOVEit related data breach, exposing patient data
- data breach | Securities America, Inc. reports data breach at third party supplier McCord LLC exposing SSNs
- data breach | Deer Oaks mental health care provider impacted by cyberattack and data breach
- data breach | Top Health Doctors Brisbane medical group reports data breach
- data breach | Data leak of student bursary amounts at Cambridge's Clare College
- data breach | Fred Hutchinson Cancer Center reports cyberattack during Thanksgiving week
- data breach | Staples reports that cyberattack has caused outages and delivery issues
- data breach | Dollar Tree reports third-party data breach, exposing 2 million individuals
- data breach | Corewell Health reports MOVEit related data breach
- data breach | Coldwater Board of Public Utilities reports data breach of Plume Wi-FI App Users
- databreaches | Pacific Cataract and Laser Institute reports cyberattack by LockBit hacker group
- databreaches | Great Valley School District impacted by ransomware attack by Medusa gang
- ransomware | AlphV/Black Cat crime group extorting fintech Tipalti, threatening to leak client data
- ransomware | Delaware Life Insurance Company reports data breach after ransomware attack
- ransomware | Ardent Health hospital ERs offline in 6 states after ransomware attack
- ransomware | North Texas Municipal Water District report ransomware cyberattack
- ransomware | Qilin ransomware group claims responsibility for cyberattack on Yanfeng automotive
- ransomware | Cloud provider impacted by ransomware causes outages at 60 credit unions
- ransomware | Slovenia's energy company Holding Slovenske Elektrarne sufferes ransomware attack
