1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

State of (in)security - Week 44
published: Nov. 6, 2023
During the week of October 30 to November 6, 2023, there were 6 cybersecurity advisories and 22 data breach events, including a record-breaking incident affecting over 815 million individuals, marking a slight statistical improvement from the previous week but revealing a concerning trend with the magnitude of individuals impacted by data breaches.
Take action: When you are handed huge amounts of data of individuals, you are handed huge responsibility. It's not easy to secure such a data set, so communicate risks and be pessimistic. Because we saw from the lastpass breach that if someone sees value in breaching your data, they will invest a lot of time and money.
State of (in)security - Week 43
published: Oct. 30, 2023
Between Oct. 23 and 30, 2023, there were 7 advisories and 24 incidents/data breaches, marking a decrease from the previous week with impacted individuals dropping to over 2.92 million from over 5 million. The largest breach involved Redcliffe Labs, affecting 2.5 million individuals. Industries affected ranged from IT to Aviation, with various causes such as ransomware and third-party breaches.
Take action: Track Repeat Incidents to establish trends of wrong behavior. One-off incidents can occur to anyone, but multiple similar incidents indicate deeper systemic issues. Monitoring the frequency and nature of incidents is crucial - especially for third-party providers. Don't be afraid to change a provider if they are not behaving properly. It costs much less than being impacted by their incidents.
Okta security incident history - let's learn from other's mishaps
published: Oct. 27, 2023
On Friday, October 20, the identity management platform Okta said it suffered an intrusion in its customer support system.
Take action: One incident can happen to anyone. Multiple incidents, especially of a similar kind indicate a systemic problem. Follow the metric of incidents at your third party providers and be very critical when evaluating them. If you are a third party provider, be ready for radical and painful changes after an incident - to prevent a repeat of the incident.
State of (in)security - Week 42
published: Oct. 23, 2023
In the week between October 16, 2023, and October 23, 2023, there were 7 advisory/vulnerability events and 32 incident/data breach events, marking a concerning increase in incidents compared to the previous week, with over 5,000,000 individuals impacted across various industries due to factors such as ransomware attacks, third-party breaches, and critical software vulnerabilities, including actively exploited ones like WinRAR, Citrix Netscaler, and JetBrains TeamCity.
Take action: Procrastination in security fixes doesn't make things easier. Hackers are activelly attacking old vulnerabilities that too many people have just ignored or not updated.
State of (in)security - Week 41
published: Oct. 16, 2023
Between October 9, 2023, and October 16, 2023, there were 11 advisory/vulnerability events and 23 incident/data breach events, with a slight increase in impacted individuals to approximately 1,100,000, compared to the previous week's 900,000, and notable incidents included a data breach of 530,000 individuals on the French gaming platform Shadow.
Take action: Don't try to advertise a vulnerability finding as a big deal ahead of an advisory. After several massively exploited 10/10 vulnerabilities in the last months, pumping up the public for a critical advisory is counterproductive. Deliver a clear and easy to consume advisory, with clear impact assessment and research.
Walkthrough in the newly discovered HTTP/2 DoS Rapid Reset Vulnerability
published: Oct. 10, 2023
Cloudflare, alongside Google and Amazon AWS, unveiled a significant "HTTP/2 Rapid Reset" zero-day vulnerability that enabled attackers to launch unprecedented DDoS attacks. Cloudflare and other cloud providers has since taken proactive measures, collaborating with industry peers and urging entities to update systems and consider additional protections.
Take action: Check your web server or web application exposed to the internet for new versions that will implement patches to the Rapid Reset vulnerability. Also, check with your cloud provider whether they have implemented fixes for Rapid Reset. As a last resort, disable HTTP/2 protocol for the time being and keep monitoring.
State of (in)security - Week 40
published: Oct. 9, 2023
Between Oct. 2 and Oct. 9, 2023, there were 8 advisory/vulnerability events and 19 incident/data breach events, with a notable decrease from the previous week, impacting approximately 900,000 individuals, with the most significant breach affecting 600,000 people due to the RansomedVC's theft of voter data from the DC Board of Elections.
Take action: Building secure systems is much harder than breaking them. A dangerous hacker group has exposed their own systems by misconfiguring a fairly trivial security action on their own systems. Invest in building your systems security, and in reviewing it persistently
State of (in)security - Week 39
published: Oct. 2, 2023
During the week between September 25, 2023, midnight and October 2, 2023, midnight, there were a total of 11 advisory/vulnerability events and 20 incident/data breach events, with 3 practical knowledge items shared. In comparison to the previous week, advisories and incidents remained in a similar range, with a significant increase in the number of known impacted individuals from data breaches reaching over 47 million. The incidents were primarily caused by ransomware, third-party breaches, and denial of service attacks, affecting various industries including finance, healthcare, entertainment, education, and others.
Take action: Another week of patch fatigue. Many critical advisories that impact a massive number of programs and libraries. It's very easy to be optimistic and say "this won't happen". But for your long term reduced stress, it's good to plan and execute the research of how vulnerable you are and possibly patch.
Data source with billions of previously leaked credentials exposed once again
published: Sept. 28, 2023
A massive data exposure occurred as digital risk protection company DarkBeam left a database containing over 3.8 billion user records, sourced from prior breaches, unprotected, raising concerns about data security practices and the potential for cybercriminals to exploit this well-aggregated data in future attacks.
Take action: Trusting a vendor with is about discipline the little things - if you are showing lack of discipline in securing one set of data that you have gathered, what does that say about your discipline and ability to secure more sensitive data? And should customers give you the trust to handle more sensitive data? Never treat a data set like "it's fine". It's not fine.
State of (in)security - Week 38
published: Sept. 25, 2023
In the week between September 18, 2023, midnight, and September 25, 2023, midnight, there were 10 advisory/vulnerability events, 22 incident/data breach events, and 3 shared practical knowledge items. This is a minor week-over-week improvement with increased advisories but reduced incidents compared to the previous week. The incidents are reported to impact a total of 26,336 individuals across various industries with major causes remaining ransomware and third party breaches.
Take action: A lot of active attacks exploiting patch fatigue - especially in large organizations that haven't patched key systems exposed on the internet. Unfortunately as long as we use technology we are not going to avoid the need for security patches.