Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks. The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials.  Consequently, these
The number of ransomware victims appearing on data leak sites surged by 27% year-on-year (YoY) in April to 354, with manufacturing the most impacted industry, according to GuidePoint Security. The security vendor’s latest monthly GRIT Ransomware Report was published on Thursday, ahead of Interpol’s awareness-raising initiative “Anti-Ransomware Day” today. Read more on Anti-Ransomware Day: Interpol
Keeping a cyber-incident quiet makes other attacks more likely and makes everyone less secure, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have warned. In a rare joint blog post, the two authorities came together today in an attempt to dispel some of the common myths around incident reporting and break the cycle
by Paul Ducklin About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. […] MSI urges users
The share of ransomware victims whose data was encrypted by their extorters grew to 76% over the past year, the highest since Sophos began recording these trends, the vendor claimed today. The Sophos State of Ransomware 2023 report was compiled from interviews with 3000 cybersecurity/IT leaders carried out in the first quarter of 2023. Responding
Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs (CRIL), Kekw malware can steal sensitive information from infected systems and perform clipper activities that can hijack cryptocurrency transactions. “Following our investigation, we found that
The North Korean state-sponsored APT group known as Kimsuky has been observed using a new malware component called ReconShark. According to an advisory published by SentinelOne security researchers on Thursday, ReconShark is distributed through targeted spear-phishing emails, which contain OneDrive links that lead to downloading documents and activating harmful macros. “The spear-phishing emails are made
by Paul Ducklin World Password Day is always hard to write tips for, because the primary advice you’ll hear has been the same for many years. That’s because the “passwordless future” that we’ve all been promised is still some time away, even if some services already support it. Simply put, we’re stuck with the old,
The City of Dallas in Texas, US, has confirmed a ransomware attack took down essential services, including some 911 dispatch systems.  “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment,” the City wrote in a press release. “Subsequently, the City has
European police have arrested scores of suspects and seized thousands of stolen artefacts after a joint physical and cyber operation last year, according to Europol. Operation Pandora VII involved police from Austria, Bulgaria, the Czech Republic, Croatia, Cyprus, Greece, Ireland, Italy, Poland, Portugal, Romania, Spain, Sweden and Bosnia and Herzegovina. As with previous iterations, the
A leading consumer rights group has called on the UK’s high street banks to enhance their account security in order to tackle mobile device fraud. Which? claimed that attackers could shoulder surf users to obtain PINs that consumers often share between the phone lock screen and banking app. If they then steal the device, this knowledge
by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals
T-Mobile USA has begun notifying customers impacted by yet another breach at the firm, which may have resulted in a significant volume of compromised personal and account data. The telco giant said in a breach notification letter that its own systems flagged the unauthorized intrusion in March. A malicious actor had access to hundreds of
by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they
Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Point’s latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an
by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to
Microsoft has claimed that recent attacks exploiting two vulnerabilities in the PaperCut print management software are likely the result of a Clop ransomware affiliate. The two bugs in question are CVE-2023–27350 – a critical unauthenticated remote code execution flaw – and CVE-2023–27351 – a high severity unauthenticated information disclosure flaw. The former has a CVSS