State of (in)security - Week 50, 2023
Take action: Never ever implement a hardcoded default password. Because nobody changes the default password. And everyone will get hacked because of your hardcoded default password.
Learn More
In the week between Dec. 11, 2023, midnight and Dec. 18, 2023, midnight we witnessed a total of:
- 12 advisory/vulnerability events
- 25 incident/data breach events
Week over Week comparison of week 50 vs week 49 is keeping the same in most metrics:
- Very similar number of advisories, from 13 in week 49 to 12 in week 50. Incidents follow a similar trend, from 23 in week 49 to 25 in week 50.
- The number of known impacted individuals from data breaches is decreased, from 3.2 million in week 49 to 1,3 million in week 50.
We also shared 3 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 1,334,571 impacted individuals across 6 incidents, with the largest breach being the Major data leak exposes sensitive records of donors of multiple charities incident exposing 948,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 9 |
| abandoned not retired Website | 1 |
| database configuration error, exposed w/o password online | 1 |
| malicious third party software | 1 |
| third party breach | 1 |
| unpatched software vulnerability | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 7 |
| IT/Software/Technology | 3 |
| Education | 3 |
| Finance | 2 |
| Hospitality/Events | 1 |
| Non-profit/Charity | 1 |
| Telecommunications | 1 |
| Consulting/Professional Services | 1 |
| Transport/Logistics | 1 |
| Food and Beverage | 1 |
| Gas/Oil | 1 |
| Government | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Nation sponsored hacker team APT28 uses Israel-Hamas war related context to inject spyware
- active attack | Hackers are exploiting the public PoC to hack Apache Struts flaw
- active exploit | QNAP VioStor Network Video Recorder exploited by botnet
Vulnerabilities
- critical vulnerability | Google Cloud Dataproc clusters vulnerable to remote code execution
- critical vulnerability | Delta Electronics Monitoring InfraSuite Device Master exposed to critical flaws
- talkwalker | Google fixes critical vulnerabilities in Chromecast devices
- talkwalker | Perforce Helix Core Server fixes critical remote code execution flaw
- critical vulnerability | WordPress Backup Migration exposes sites to Remote Code Execution attacks
- critical vulnerability | Apple releases fixes for actively hacked WebKit issues to protect older devices
- critical vulnerability | pfSense opensource firewall servers exposed to attacks via chaining vulnerabilities
- critical vulnerability | Sophos fixes remote code execution on old unsupported firewalls after hacker attacks
- critical vulnerability | December 2023 Microsoft patch release addresses fixes 34 vulnerabilities, 1 actively exploited
- critical vulnerability | SAP releases multiple patches including critical ones for SAP BTP and IS-OIL
- critical vulnerability | Apple releases iOS 17.2, patches multiple critical flaws
- critical vulnerability | Unitronics Vision Series VisiLogic Software vulnerable due to default password
Incidents
- critical vulnerability | 3CX VoIP warns of DB integration vulnerability, asks customers to disable DB integrations
- critical vulnerability | Ledger ConnectKit library security flaw impacts Web3 decentralized applications
- cyber attack | District court in Switzerland reports that they were impacted by cyber attack
- data breach | Taylor University reports data breach
- data breach | CHI St. Alexius reports MOVEit related data breach
- data breach | Red Roof lodging provider reports data breach
- data breach | Mental health network Heart of Texas Behavioral Health reports data breach
- data breach | Warrior Met Coal reports data breach, exposes 20k individuals
- data breach | Major data leak exposes sensitive records of donors of multiple charities
- data breach | MongoDB reports data breach at Atlas, customer metadata exposed
- data breach | CareTree reports data breach, affecting patient and caretaker data in their platform
- data breach | Americold cold storage service reports data breach
- data breach | Citrin Cooperman Advisors reports cyberattack, data breach
- data breach | Harrisburg Medical Center reports data breach, impacting 147k individuals
- data breach | United Home Loans reports data breach
- data breach | Regional Family Medicine reports data breach after recent IT downtime
- data breach | Qlin crime gang claims responsibility for attack on Neurology Center of Nevada
- databreaches | Cactus ransomware gang claims attack on Petersen Health Care
- databreaches | Estonian genetic test company Asper Biogene data breach exposes data of 10,000 people
- downtime | Kyivstar - largest mobile provider in Ukraine is down following cyberattack
- ransomware | Insomniac Games attacked by Rhysida ransomware gang
- ransomware | Campbell County Schools impacted by ransomware, data stolen
- ransomware | Hunters International hacker group claims hacking Covenant Care, leaks data
- ransomware | Kraft Heinz Co. food company investigating claims of cyberattack
- ransomware | London, Ontario public library services shut down after cyberattack
