State of (in)security - Week 51, 2023
Take action: A cloud provider is just somebody else's bunch of computers - vulnerable to the same issues as yours. Keep multi-location and multi cloud redundancy in your system design so you can survive if your cloud provider suffers a catastrophic failure.
Learn More
In the week between Dec. 18, 2023, midnight and Dec. 25, 2023, midnight we witnessed a total of:
- 7 advisory/vulnerability events
- 29 incident/data breach events
Week over Week comparison of week 51 vs week 50 is about much more devastating impact.
- Advisories have reduced, from 12 in week 50 to 9 in week 51. Incidents show a slight increase, from 25 in week 50 to 29 in week 51.
- The number of known impacted individuals is an epic disaster - from 1,3 million in week 50 to over 40 million in week 51.
We also shared 2 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 40,005,855 impacted individuals across 6 incidents, with the largest breach being the Xfinity reports data breach via unpatched Citrix server hack incident exposing 35,879,455 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 9 |
| third party breach | 5 |
| email account breach | 2 |
| malware | 1 |
| server misconfiguration | 1 |
| sql injection | 1 |
| third party breach, ransomware | 1 |
| unpatched software vulnerability | 1 |
| account breach | 1 |
| web application exposing too much data | 1 |
| database configuration error, exposed w/o password online | 1 |
| human error | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Healthcare | 7 |
| IT/Software/Technology | 4 |
| Government | 3 |
| Telecommunications | 3 |
| Education | 2 |
| Pharmaceuticals | 2 |
| Aviation | 1 |
| Utilities | 1 |
| Consulting/Professional Services | 1 |
| Finance | 1 |
| Manufacturing | 1 |
| Retail | 1 |
| Transport/Logistics | 1 |
Read the Event Details of the Week
Knowledge
- active attack | 8220 Hacker Group exploiting WebLogic and Log4J issues to attack Web servers
- active exploit | Phishing attacks use six years old MS Office flaw to spread malware
Vulnerabilities
- critical vulnerability | EFACEC reports critical issues in their BCU 500 product
- critical vulnerability | Microsoft Outlook Zero-Click vulnerability can be attacked by an audio file
- critical vulnerability | Ivanti patches 13 critical RCE vulnerabilities in Avalanche MDM
- critical vulnerability | Unexpected updates for iOS and MacOS released by Apple
- critical vulnerability | Google releases patch for another actively hacked Chrome flaw
- critical vulnerability | ESET patches vulnerability that causes web browsers to trust untrusted sites
- critical vulnerability | Critical vulnerability in OpenSSH could expose Remote Code Execution
Incidents
- critical vulnerability | Xfinity reports data breach via unpatched Citrix server hack
- critical vulnerability | Crypto exchange OKX fixes flaw in their iOS app, urges users to update
- data breach | KLM and AirFrance passenger data accessible through guessable URL
- data breach | Sabah, Malasya government website breached, documents leaked
- data breach | BSNL India telecom operator victim of data breach, user data sold on dark web
- data breach | ESO Solutions healthcare software provider reports data breach impacting 2.7 million people
- data breach | College of the Canyons reports third-party data breach
- data breach | Blink Mobility car sharing service exposes customers via data leak
- data breach | Donald W. Wyatt Detention Facility reports data breach impacting inmates, staff
- data breach | St Vincent's Health network reports data breach after cyber attack
- data breach | OptumRx reports MOVEit related data breach
- data breach | Ubisoft investigating suspected security breach
- data breach | Xybion Corporation reports data breach exposing customer SSNs
- data breach | Mint Mobile virtual operator reports data breach exposing customer data
- data breach | Enbridge Gas reports third-party data breach
- data breach | Organ transplant nonprofit UNOS exposes 1.2M records via test systems
- data breach | Neurosurgeons of New Jersey reports data breach after cyber attack
- data breach | Zoll Medical reports email phishing attack, suspected data breach
- data breach | Trinity Health System reports MOVEit related data breach
- ransomware | Medusa crime group claims attack on BioMatrix, demands ransom
- ransomware | VF Corp reports data breach and order issues after cyberattack
- ransomware | University of Buenos Aires partially recovers after ransomware attack
- ransomware | First American Financial Corporation shuts down IT systems due to cyberattack
- ransomware | Manatee Memorial Hospital reports third party ransomware attack and data breach
- ransomware | Clay County, Minnesota reports data breach after ransomware attack
- ransomware | Italian cloud provider Westpole impacted by ransomware attack, failing public services
- ransomware | LockBit gang claims responsibility for Xeinadin breach
- ransomware | HCLTech reports ransomware incident, claims no major impact
- ransomware | Valley Health System Las Vegas reports third party data breach
