Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report

May 23, 2024 at 07:22AM Zero-day attacks and supply chain mass compromise events are on the rise, with inadequate use of MFA, according to Rapid7’s 2024 Attack Intelligence Report. The report highlights a growing number of zero-day exploits and mass compromise events, driven by growing sophistication of cybercriminals and potential non-disclosure of vulnerabilities by vendors. … Read more

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

April 2, 2024 at 09:39AM A supply chain compromise in the open-source library XZ Utils has led to a backdoor being inserted, facilitating remote code execution, with the perpetrator deliberately working to gain maintainership. The sophisticated attack, spanning years, has potentially compromised numerous systems. This discovery highlights the risks posed by reliance on open-source software … Read more

Hacked Iraqi Voter Information Found For Sale Online

February 20, 2024 at 11:49AM Researchers uncovered voter data sale following a breach against Iraq’s Independent High Electoral Commission. The 21.58 GB database contains Iraqi voter info and a custom software client. Election cyber threats surged to 26% in 2022, jeopardizing democratic processes worldwide. Resecurity confirmed the leak and highlighted election threats from various actors … Read more

Danish Energy Attacks Portend Targeting More Critical Infrastructure

November 14, 2023 at 05:49PM In May, Danish energy sector organizations were targeted in a series of attacks, possibly linked to the Russian Sandworm APT. Attackers exploited vulnerabilities in Zyxel firewall devices, including two zero-days, to gain access to industrial machinery and isolate some targets from the national grid. Cybercriminal groups are also increasingly targeting … Read more