Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Point’s latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an
by Paul Ducklin Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically built to
Microsoft has claimed that recent attacks exploiting two vulnerabilities in the PaperCut print management software are likely the result of a Clop ransomware affiliate. The two bugs in question are CVE-2023–27350 – a critical unauthenticated remote code execution flaw – and CVE-2023–27351 – a high severity unauthenticated information disclosure flaw. The former has a CVSS
Security researchers have discovered a high-severity vulnerability in the Service Location Protocol (SLP) which could be exploited to launch among the largest DDoS amplification attacks ever seen. BitSight and Curesec said the CVSS 8.6-rated bug CVE-2023-29552 could enable attackers to launch reflective amplification attacks with a factor as high as 2200 times. SLP was created
Siloed teams, point solutions and cloud ecosystem complexity are making it more likely that software vulnerabilities slip into production, CISOs have admitted. Observability specialist Dynatrace polled 1300 global CISOs in large organizations with more than 1000 employees to compile its 2023 Global CISO Report. Over two-thirds (68%) of respondents said that vulnerability management is more
Several leading government security agencies have published new advice for smart city stakeholders designed to help them build protections into new systems from the outset. Cybersecurity Best Practices for Smart Cities was published by the UK’s National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA) and their equivalents in Canada, Australia
by Paul Ducklin We’ve said this before, but we’ll repeat it again here: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional
The “Read The Manual” (RTM) Locker group has been observed targeting corporate environments with ransomware and forcing their affiliates to follow a strict set of rules. According to an advisory published on Thursday by Trellix cybersecurity experts, the businesslike approach of the group (also observed in other threat actors, such as Conti) shows its organizational maturity.
Several cybersecurity organizations worldwide have jointly published a new series of guidelines to aid manufacturers in prioritizing cybersecurity practices while designing products. The paper was developed by the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, the UK,
The US Cybersecurity and Infrastructure Security Agency (CISA) published the second version of its Zero Trust Maturity Model on Tuesday, which incorporates recommendations from a public comment period. The updated guidelines aim to further the federal government’s progress toward a zero trust approach to cybersecurity in support of the new National Cybersecurity Strategy. Read more