State of (in)security - Week 7, 2024
Take action: Make sure your awareness and mitigation programs cover all levels of the organization, including executives and admin users. Executives can be a very serious cause of incidents by the very nature of their influence of people. Admin credentials are super-dangerouns, so keep a disciplined approach to their offboarding.
Learn More
In the week between Feb. 12, 2024, midnight and Feb. 19, 2024, midnight we witnessed a total of:
- 9 advisory/vulnerability events
- 23 incident/data breach events
Week over Week comparison of week 7 2024 vs week 6 2024 is: hopeful.
- Advisories are reduced, from 13 to 9 compared to previus week. Incidents are in the same range, from 20 to 23.
- The number of known impacted individuals is at just over 5 million, from the shocking 35 million in the previous week.
We also shared 5 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 5,130,451 impacted individuals across 7 incidents, with the largest breach being the Medusa ransomware gang claims attack on Venezuelan mobile carrier Digitel incident exposing 5,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Cause breakdown of incidents
| Cause | Number of incidents |
|---|---|
| ransomware | 10 |
| email account breach | 3 |
| third party breach | 3 |
| cloud misconfiguration | 1 |
| database configuration error, exposed w/o password online | 1 |
| employee unauthorized access | 1 |
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| Government | 7 |
| Finance | 3 |
| Healthcare | 3 |
| IT/Software/Technology | 2 |
| Non-profit/Charity | 1 |
| Other | 1 |
| Automotive | 1 |
| Telecommunications | 1 |
| Consulting/Professional Services | 1 |
| Education | 1 |
| Gas/Oil | 1 |
Read the Event Details of the Week
Knowledge
- active attack | Critical MS Exchange Server vulnerability actively attacked, one day after patch release
- awareness | Microsoft Azure environments attacked in coordinated phishing effort
- active attack | Roundcube CVE-2023-43770 webmail vulnerability actively exploited by hackers
- active attack | Akira ransomware gang is exploiting old Cisco ASA/FTD CVE-2020-3259
- awareness | A real story about US Government agency hacked via ex-employee's Admin credentials
Vulnerabilities
- critical vulnerability | Another critical Microsoft alert after the patch tuesday - Patch your Outlook NOW!
- critical vulnerability | Zoom releases patches for critical issues in Zoom Windows applications
- critical vulnerability | SAP releases February patch, addresses 16 issues, two critical
- critical vulnerability | Siemens released patches for over 270 vulnerabilities
- critical vulnerability | SolarWinds releases critical patches for Access Rights Manager
- critical vulnerability | Microsoft's February 2024 Patch Tuesday addresses 73 issues, 2 zero-day flaws
- critical vulnerability | Adobe releases February patches including critical fixes in Acrobat/Reader and Commerce/Magento
- critical vulnerability | Bricks 1.9.6.1 released to patch critical vulnerability in the Bricks WordPress plugin
- critical vulnerability | QNAP releases patches for two vulnerabilities, severity unclear. Patch if possible.
Incidents
- data breach | Clearwater Credit Union reports MOVE-IT related data breach
- data breach | Lanark County family services report data breach
- data breach | Department of Defense is reporting on the 2023 email data breach
- data breach | Car dealer JCT600 reports potential security breach
- data breach | CGM reports data breach of Affordable Connectivity and Lifeline Program users
- data breach | Bank of America reports third party data breach
- data breach | U.S. Government Accountability Office reports third party data breach
- data breach | Snatch ransomware gang claims hacking of Malabar Gold & Diamonds breach
- data breach | Liberty Hospital reports cyberattack, possible data breach
- data breach | Consulting Radiologists Ltd. possibly hit by cyberattack, stops services
- data breach | Prudential Financial reports data breach after cyberattack
- data breach | Two hackers claim breach at staffing agency Robert Half, selling data
- data breach | Health New Zealand hit by data breach leaking data of 12,000 people
- data breach | U.S. Internet Corp. exposes thousands of emails they were supposed to protect
- data breach | Williamson County, Texas hit by cyberattack, data breach
- ransomware | Romanian Health Information System hit by ransomware, at least 21 hospitals impacted
- ransomware | Medusa ransomware gang claims attack on Venezuelan mobile carrier Digitel
- ransomware | LockBit claims attack on brokerage firm Motilal Oswal
- ransomware | Colorado State Public Defender network shuts down after cyberattack
- ransomware | City of Haysville reports hacked email spreading phishing and malware links
- ransomware | AlphV/BlackCat ransomware gang claims attack on Trans-Northern Pipelines Inc.
- ransomware | Minnesota State University-Moorhead hit by ransomware, struggling to recover
- ransomware | BlackSuit ransomware gang claims attack on Tobacco-Free Kids
