Earlier this month, the District of Columbia Board of Elections (DCBOE) warned that a threat actor may have gained access to the personal information of their registered voters. This would include personally identifiable information (PII) such as contact details, partial social security numbers, dates of birth, and driver’s license numbers. In an X post on Friday 20th October, the agency was keen to stress that it was only a possibility the voter roll had been accessed.

New data from Outpost24 reveals that IT administrators could be just as predictable as end-users when it comes to passwords. An analysis of just over 1.8 million passwords ranks ‘admin’ as the most popular password with over 40,000 entries, with additional findings pointing to a continued acceptance of default passwords.

Cisco has issued a warning regarding a critical security vulnerability (CVE-2023-20198) affecting its IOS XE software. With a severity rating of 10.0 on the CVSS scoring system, the vulnerability grants remote attackers full administrator privileges on affected devices without authentication.

On October 4, 2023, the curl project maintainers sent out a pre-notification that curl version 8.4.0, expected to be released on October 11 (around 06:00 UTC), will address what they denote as the most serious vulnerability in recent years. Curl is a de-facto standard in the software business when it comes to web requests, and supports a wide range of communication protocols. Depending on the vulnerability, it could have far reaching implications.

The infostealer malware Rhadamanthys was discovered in the last quarter of 2022. Its capabilities showed a special interest in crypto currency wallets, targeting both wallet clients installed in the victim’s machine and browser extensions. The main distribution methods observed for this threat are fake software websites promoted through Google Ads, and phishing emails, without discriminating by region or vertical.