Officials for several of the world’s largest printer manufacturers have begun pushing out patches to customers that are meant to resolve a bug that has affected devices since 2005, and could allow an attacker to gain admin rights. Through these compromised devices, an attacker would have nearly full access to the connected network and with admin rights, they could circumvent security and easily run additional malicious payloads. Both HP and Xerox have been working together to create the patches for consumer and business customers, and are quickly distributing them along with a message to install them as soon as possible.
Android apps full of security flaws
A recent report on over 3,000 apps found in the Google Play store has disclosed a stunning number of vulnerabilities in both paid and free apps. On average, each app had 39 security flaws, combining to 3,137 unique vulnerabilities. More worrying is that 73% of these flaws had been identified upwards of two years ago, and yet were still unpatched and in active use, leaving users in a compromising position when installing anything from free games to highly sensitive banking apps.
IoT devices see massive attack increase in 2020
A study done on the security of IoT devices throughout the pandemic revealed a 700% increase in attacks that were directed specifically at smart devices located in mostly empty office buildings. With over 70% of these devices transmitting in plain text, rather than using encrypted messaging, they are leaving thousands of businesses at risk of being compromised. The main attacks on the IoT devices were based around multiple botnet malware groups, capable of adding the device to their distribution network and focused mainly on victims in Ireland, the US, and China.
Saudi Aramco data for sale on dark web
Following a security incident at Saudi Aramco, one of the largest gas and petrol producers in the world, a significant amount of highly sensitive stolen data has been posted with a $5 million price tag on a dark web marketplace. While it is still unclear on exactly how the attackers accessed the data, they do claim to have used a zero-day exploit to steal roughly 1TB of data, with Saudi Aramco stating that the attack was on a third-party vendor rather than their internal systems.
Major corporate law firm announces ransomware attack
A law firm responsible for dozens of corporate clients, Campbell Conroy & O’Niel, P.C., has just announced a data breach that was the result of a ransomware attack that struck the firm’s network back in February. During the attack, the hackers accessed a database containing a massive quantity of personally identifiable information on thousands of customers, many of whom are employees of some of the world’s largest corporations like Ford, Exxon, and Boeing.