UK electoral agency cyberattack prompted by security failings

31 July 2024

UK’s Electoral Commission had its Microsoft Exchange servers compromised in a cyberattack by Chinese state-backed threat operation APT31 three years ago that exposed almost 40 million individuals’ data due to its failure to remediate ProxyShell vulnerabilities, tracked as CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523, according to The Record, a news site by cybersecurity firm Recorded Future. Aside from not applying the fixes for the ProxyShell flaws, the Electoral Commission also had its servers impacted by eight other security issues, which could have been leveraged in additional compromise, a report from the UK’s Information Commissioner’s Office revealed.

Source: SC Magazine

Date:

31 July 2024

Categorie(s):

NEWS

Tag(s):

IT, News, UK

Despite massive security spending, 44% of CISOs fail to detect breaches18 October 2024
Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began18 October 2024
What to do if your iPhone or Android smartphone gets stolen?18 October 2024
Cybercrime’s constant rise is becoming everyone’s problem18 October 2024
New infosec products of the week: October 18, 202418 October 2024