Security News

Print management software provider PaperCut said that it has "Evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC," it further added.

Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information. Core routers are the backbone of a large network as they connect all other network devices.

Eurocontrol confirmed on Friday its website has been "Under attack" since April 19, and said "Pro-Russian hackers" had claimed responsibility for the disruption. "The attack is causing interruptions to the website and web availability," a spokesperson told The Register.

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "Software supply chain attack lead to another software supply chain attack."

A new Lazarus campaign considered part of "Operation DreamJob" has been discovered targeting Linux users with malware for the first time. Lazarus' Operation DreamJob, also known as Nukesped, is an ongoing operation targeting people who work in software or DeFi platforms with fake job offers on LinkedIn or other social media and communication platforms.

London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.On March 31, 2023, Capita disclosed an IT issue that impacted its services.

The United Kingdom's NCSC is warning of a heightened risk from attacks by state-aligned Russian hacktivists, urging all organizations in the country to apply recommended security measures. "Over the past 18 months, a new class of Russian cyber adversary has emerged," reads the NCSC's alert.

Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers. Today, the software developer updated its March 2023 security bulletin to warn customers that the vulnerabilities are now actively exploited by hackers.

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting attacks in various Ukrainian government websites to redirect users to phishing domains and capture their credentials.

The Pakistan-based advanced persistent threat actor known as Transparent Tribe used a two-factor authentication tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. Transparent Tribe is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, and has a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities.