State of (in)security - Week 51, 2023

published: Dec. 25, 2023

Take action: A cloud provider is just somebody else's bunch of computers - vulnerable to the same issues as yours. Keep multi-location and multi cloud redundancy in your system design so you can survive if your cloud provider suffers a catastrophic failure.


Learn More

In the week between Dec. 18, 2023, midnight and Dec. 25, 2023, midnight we witnessed a total of:
  • 7 advisory/vulnerability events
  • 29 incident/data breach events

Week over Week comparison of week 51 vs week 50 is about much more devastating impact.

We also shared 2 practical knowledge items
Total impacted individuals via the events of the week

There were a total of 40,005,855 impacted individuals across 6 incidents, with the largest breach being the Xfinity reports data breach via unpatched Citrix server hack incident exposing 35,879,455 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents
Cause Number of incidents
ransomware 9
third party breach 5
email account breach 2
malware 1
server misconfiguration 1
sql injection 1
third party breach, ransomware 1
unpatched software vulnerability 1
account breach 1
web application exposing too much data 1
database configuration error, exposed w/o password online 1
human error 1
Industry breakdown of incidents
Industry Number of incidents
Healthcare 7
IT/Software/Technology 4
Government 3
Telecommunications 3
Education 2
Pharmaceuticals 2
Aviation 1
Utilities 1
Consulting/Professional Services 1
Finance 1
Manufacturing 1
Retail 1
Transport/Logistics 1

 

Read the Event Details of the Week

Knowledge

Vulnerabilities

Incidents

State of (in)security - Week 51, 2023