Welcome to this week’s CyberNews. Quickly catch up on last week’s cybersecurity news, including updates we haven’t covered in depth.
There is a recent increase in zero-day exploits, with Google researchers observing a 50% rise in 2023 to 97 cases.
Vulnerabilities are being exploited by hackers before they’re detected and patched. Notably, groups like FIN11 and state-backed hackers, particularly those linked to Beijing, are increasingly using these exploits for espionage or financial gain.
The early months of 2024 brings little good news and are shaping up to be even more challenging for cybersecurity than last year.
Threat intelligence firm Flashpoint reports significant rises in all key threat metrics compared to 2023. Last year’s 6,077 data breaches and over 17 billion compromised records already marked a notable increase from 2022, but the start of 2024 has seen these numbers soar by 429%.
Recent updates have revealed that Fedora Linux 40 beta contains two vulnerable versions of xz libraries, though the system has not yet been compromised by malware exploits.
Red Hat teams discovered malicious code in “xz” tools and libraries versions 5.6.0 and 5.6.1, potentially allowing unauthorized access, prompting an urgent advisory for Fedora Rawhide users to halt usage and revert to safer xz versions. While Fedora Linux 40 seems unaffected, users are advised to downgrade to xz version 5.4.x as a precaution.
Activision is currently investigating a hacking operation aimed at stealing player credentials.
The exact method of malware distribution remains uncertain, with suspicions pointing towards the involvement of third-party applications. More than 3 million accounts were affected!