Security News

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers."Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest," Microsoft shared.

Hats off to PaperCut in this case, because the company really is trying to make sure that all its customers know about the importance of two vulnerabilities in its products that it patched last month, to the point that it's put a green-striped shield at the top of its main web page that says, "Urgent security message for all NG/MF customers." We've seen companies that have admitted to unpatched zero-day vulnerabilities and data breaches in a less obvious fashion than this, which is why we're saying "Good job" to the Papercut team for what cybersecurity jargon would probably praise with the orotund phrase an abundance of caution.

Google and The Center for Internet Security, Inc., launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. Google Cloud said it will bring members and services from its Google Cybersecurity Action Team, including insights from its Threat Horizons reports and Mandiant web intelligence division to weigh in on on "Securing the broader technology ecosystem - especially as it relates to cloud posture and overall cybersecurity practices," according to a joint statement.

Ransomware attacks have spiked, according to the NCC Group's Global Threat Intelligence Team. In its monthly threat report, NCC Group reported a 91% increase in ransomware attacks in March versus February and a 62% increase versus the month last year - the highest number of monthly ransomware attacks the group has ever measured.

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The development comes as tech news site Ars Technica disclosed late last month that Android apps digitally signed by China's e-commerce company Pinduoduo weaponized the flaw to seize control of the devices and steal sensitive data, citing analysis from mobile security firm Lookout.

Two vulnerabilities affecting various QNAP operating systems have been uncovered by Sternum.These vulnerabilities enable authenticated remote users to access secret values, requiring owners to take immediate action by updating their operating system(s).

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. CVE-2022-46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code.

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group has revealed. Upon clicking, the URLs redirected the recipients to web pages hosting exploits for Android or iOS, before they were redirected again to legitimate news or shipment-tracking websites.

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images.