HP’s bricked printers, PyPi repository attack, Samsung security flaw
HP rushes to fix bricked printers after faulty firmware update
HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. Affected customers report that their devices display blue screens with “83C0000B” errors on the built-in touchscreen. Customers in the U.S., the U.K., Germany, the Netherlands, Australia, Poland, New Zealand, and France have been posting complaints and reports. Since the buggy update seems to install automatically onto Internet-connected printers, HP customers are advised to disable their devices’ Internet connection and wait for a firmware update to fix the bricking issue.
PyPI repository under attack: User sign-ups and package uploads temporarily halted
The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice.”The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave,” the admins said in a notice published on May 20, 2023. No additional details about the nature of the malware and threat actors involved in publishing those rogue packages to PyPI were disclosed.
New security flaw exposed in Samsung devices?
CISA is now warning of active exploitation of a medium-severity flaw affecting Samsung devices. Tracked as CVE-2023-21492 (CVSS score: 4.4), it impacts select Samsung devices running Android versions 11, 12, and 13. Samsung described the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization (ASLR) protections, a security technique designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device’s memory. Little else is known about how the flaw may be exploited, but vulnerabilities in Samsung phones have been weaponized by commercial spyware vendors in the past to deploy malicious software.
ASUS routers knocked offline worldwide by bad security update
ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity. The problem has been extensively reported on social media and discussion platforms since May 16, 2023, with people appearing puzzled by the simultaneous connectivity issues on multiple ASUS routers and others complaining about the lack of communication from the vendor’s side. The company has explained in a statement that the problem was introduced by an error in the configuration of a server settings file.
领英推荐
Thanks to this week’s episode sponsor, Sonrai Security
Food distributor Sysco says cyberattack potentially leaked 125,000 Social Security numbers
A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees. In documents filed with state regulators in Maine, the company said an incident in January leaked troves of sensitive employee information. Hackers spent nearly three months in the company’s systems before IT teams discovered the incident, and were only discovered on March 5. The Houston-based company did not say whether it was a ransomware attack or what group was involved.
Researchers tie FIN7 cybercrime family to Clop ransomware
Long-running cybercrime cartel FIN7, which has made use of ransomware variants developed by groups including REvil and Maze, has added another strain to its arsenal. Researchers from Microsoft’s security team said they saw the group deploying the Clop ransomware in April — its first ransomware campaign after a long period of inactivity that began in late 2021. Microsoft said FIN7 – which it calls Sangria Tempest in its new naming convention – was spotted deploying several different tools giving it a foothold in victim systems before moving laterally within a network and deploying the Clop ransomware.
Last week in ransomware
A busy week in ransomware saw the emergence of new ransomware groups Cactus, Akira, and RA Group operations. Another relative newcomer, named Abyss hit the defense company L3Harris. We also learned about MalasLocker, a ransomware operation that has been targeting Zimbra servers since March, with the unusual extortion tactic of demanding victims donate to an approved charity to receive a decryptor and prevent a data leak. Also last week, a joint FBI and CISA report confirmed that the BianLian ransomware operation has switched to extortion-only attacks after Avast released a decryptor. Other events of note last week: UK outsourcing company Capita has started to confirm its customers to assume that their data has been stolen in the last month’s incident, PharMerica disclosed that a Money Message ransomware attack exposed the data for 5.8 million patients. French tech company LACROIX announced getting hit by a ransomware attack on May 12th. ScanSource finally confirmed that its multi-day outage was due to a ransomware attack. LockBit ransomware claimed an attack on the pharmaceutical network Farmalink, and Dish Networks paid a ransom, as they say they confirmed the attackers deleted all stolen data from February’s attack.