Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned against a critical flaw discovered in PaperCut software, which has now been linked to a series of ransomware attacks. The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cyber-criminals to remotely execute malicious code without requiring any authentication credentials.  Consequently, these

by Naked Security writer This wasn’t your typical cyberextortion situation. More precisely, it followed what you might think of as a well-worn path, so in that sense it came across as “typical” (if you will pardon the use of the word typical in the context of a serious cybercrime), but it didn’t happen in the

The number of ransomware victims appearing on data leak sites surged by 27% year-on-year (YoY) in April to 354, with manufacturing the most impacted industry, according to GuidePoint Security. The security vendor’s latest monthly GRIT Ransomware Report was published on Thursday, ahead of Interpol’s awareness-raising initiative “Anti-Ransomware Day” today. Read more on Anti-Ransomware Day: Interpol

by Paul Ducklin “PRIVATE KEY”: THE HINT IS IN THE NAME No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop

Keeping a cyber-incident quiet makes other attacks more likely and makes everyone less secure, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have warned. In a rare joint blog post, the two authorities came together today in an attempt to dispel some of the common myths around incident reporting and break the cycle

by Paul Ducklin About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. […] MSI urges users

The share of ransomware victims whose data was encrypted by their extorters grew to 76% over the past year, the highest since Sophos began recording these trends, the vendor claimed today. The Sophos State of Ransomware 2023 report was compiled from interviews with 3000 cybersecurity/IT leaders carried out in the first quarter of 2023. Responding

by Paul Ducklin Microsoft’s May 2023 Patch Tuesday updates comprise just the sort of mixture you probably expected. If you go by numbers, there are 38 vulnerabilities, of which seven are considered critical: six in Windows itself, and one in SharePoint. Apparently, three of the 38 holes are zero-days, because they’re already publicly known, and

EU plans to force tech companies to scan the private messages of their customers for child abuse (CSEA) content are likely to be struck down by the courts, the bloc’s legal advisors have reportedly warned. Proposed “chat control” regulations are similar in nature to the controversial Clause 110 of the UK’s Online Safety Bill. Providers

Several harmful Python .whl files containing a new type of malware called “Kekw” have been discovered on PyPI (Python Package Index). According to new data by Cyble Research and Intelligence Labs (CRIL), Kekw malware can steal sensitive information from infected systems and perform clipper activities that can hijack cryptocurrency transactions. “Following our investigation, we found that

The North Korean state-sponsored APT group known as Kimsuky has been observed using a new malware component called ReconShark. According to an advisory published by SentinelOne security researchers on Thursday, ReconShark is distributed through targeted spear-phishing emails, which contain OneDrive links that lead to downloading documents and activating harmful macros. “The spear-phishing emails are made

by Paul Ducklin World Password Day is always hard to write tips for, because the primary advice you’ll hear has been the same for many years. That’s because the “passwordless future” that we’ve all been promised is still some time away, even if some services already support it. Simply put, we’re stuck with the old,

The City of Dallas in Texas, US, has confirmed a ransomware attack took down essential services, including some 911 dispatch systems.  “Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment,” the City wrote in a press release. “Subsequently, the City has

by Paul Ducklin We’ve written about PHP’s Packagist ecosystem before. Like PyPI for Pythonistas, Gems for Ruby fans, NPM for JavaScript programmers, or LuaRocks for Luaphiles, Packagist is a repository where community contributors can publish details of PHP packages they’ve created. This makes it easy for fellow PHP coders to get hold of library code

European police have arrested scores of suspects and seized thousands of stolen artefacts after a joint physical and cyber operation last year, according to Europol. Operation Pandora VII involved police from Austria, Bulgaria, the Czech Republic, Croatia, Cyprus, Greece, Ireland, Italy, Poland, Portugal, Romania, Spain, Sweden and Bosnia and Herzegovina. As with previous iterations, the

by Paul Ducklin SILENT SECURITY! (IS THAT A GOOD THING?) No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the

A leading consumer rights group has called on the UK’s high street banks to enhance their account security in order to tackle mobile device fraud. Which? claimed that attackers could shoulder surf users to obtain PINs that consumers often share between the phone lock screen and banking app. If they then steal the device, this knowledge

by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals

Most global organizations anticipate suffering a data breach or cyber-attack in the next 12 months, despite cyber-risk levels falling overall, according to Trend Micro. The security vendor’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3729 global organizations. The index itself is based on a numerical scale of -10 to 10, with -10

T-Mobile USA has begun notifying customers impacted by yet another breach at the firm, which may have resulted in a significant volume of compromised personal and account data. The telco giant said in a breach notification letter that its own systems flagged the unauthorized intrusion in March. A malicious actor had access to hundreds of

by Paul Ducklin We’ve written about the uncertainty of Apple’s security update process many times before. We’ve had urgent updates accompanied by email notifications that warned us of zero-day bugs that needed fixing right away, because crooks were already onto them… …but without even the vaguest description of what sort of criminals, and what they

Multiple Android applications have been observed not invalidating or revalidating session cookies during app data transfer from one device to another. The technique would enable attackers with a highly privileged device migration tool to move applications to a new Android device, causing migration issues, according to a new advisory by CloudSEK researchers. “This means if

Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Point’s latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an

by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to

A UK secondary school has confirmed it was hit by a cyber-incident affecting its IT network. Hardenhuish School in Chippenham, Wiltshire, confirmed the attack on Thursday, saying hackers gained access to network infrastructure and then demanded a ransom for restoring access. At the time of writing, it is unclear whether the school paid the ransom,

by Naked Security writer A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google. Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected

An Ohio man has been sentenced to four years and three months behind bars after stealing 712 bitcoin ($21m), which were seized by investigators following the arrest of his brother. Gary James Harmon, 31, of Cleveland, stole the cryptocurrency, which was the subject of “pending criminal forfeiture proceedings” in the case of his sibling, Larry

by Paul Ducklin 2FA, HACKING, AND PATCHING No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our

Microsoft has claimed that recent attacks exploiting two vulnerabilities in the PaperCut print management software are likely the result of a Clop ransomware affiliate. The two bugs in question are CVE-2023–27350 – a critical unauthenticated remote code execution flaw – and CVE-2023–27351 – a high severity unauthenticated information disclosure flaw. The former has a CVSS

by Paul Ducklin The Google Authenticator 2FA app has featured strongly in cybersecurity news stories lately, with Google adding a feature to let you backup your 2FA data into the cloud and then restore it onto other devices. To explain, a 2FA (two-factor authentication) app is one of those programs that you run on your