Critical Vulnerability Found in Canon Printer Drivers

source: securityweek.com  |  image: pixabay.com

Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. 

According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. Continue reading “Critical Vulnerability Found in Canon Printer Drivers”

A New Era of Attacks on Encryption Is Starting to Heat Up

source: wired.com  |  image: pixabay.com

 

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

OVER THE PAST decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption. Continue reading “A New Era of Attacks on Encryption Is Starting to Heat Up”

Cybersecurity officials warn against potentially costly Medusa ransomware attacks

source: apnews.com  |  image: pexels.com

 

LOS ANGELES (AP) — The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme.

In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people. Medusa uses phishing campaigns as its main method for stealing victims’ credentials, according to CISA. Continue reading “Cybersecurity officials warn…”

Clickfix:  How to Infect Your PC in 3 Easy Steps

source: krebsonsecurity.com  |  image: pexels.com

 

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Continue reading “ClickFix: How to Infect Your PC in Three Easy Steps”

The cyber threats to watch in 2025, and other cybersecurity news to know this month

source: weforum.org  |  image: pexels.com

 

1. Global Cybersecurity Outlook 2025: Navigating complexity

The cyber threat landscape in 2025 will be shaped by increasingly sophisticated attacks, with ransomware, social engineering and AI-powered cybercrime remaining top concerns, according to the World Economic Forum’s latest Global Cybersecurity Outlook.

Data breaches continued at historic levels in 2024, with 3,158 data compromises tracked by the Identity Theft Resource Center – on par with the previous record-breaking year. However, victim notices surged 211% to 1.3 billion, but this was largely due to five mega-breaches, each triggering over 100 million notices.

The US Is Considering a TP-Link Router Ban—Should You Worry?

source: wired.com  |  image: pexels.com

 

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

TP-Link is one of the most popular routermanufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, though no evidence of deliberate wrongdoing has yet emerged.

“We are a US company,” Jeff Barney, president of TP-Link told WIRED, “We have no affiliation with TP-Link Tech, which focuses on mainland China, and we can prove our separateness.” Continue reading “The US Is Considering a TP-Link Router Ban—Should You Worry?”

We’re In for a Rude Awakening on Cybersecurity

source: city-journal.org (contributed by FAN, Steve Page)  |  image: pexels.com

America remains ill-prepared for Chinese hackers targeting critical infrastructure.

It’s a crisis that almost no one is talking about. The Chinese Communist Party is now the world’s preeminent practitioner of cyber warfare. Once notoriously loud and clumsy, the CCP’s hackers have become stealthy and sophisticated. They’re intercepting the calls and texts of our leaders and infiltrating servers at our ports, power plants, and water-treatment facilities. Yet hardly anyone seems to care. When Congress held hearings on cybersecurity late last year, only a handful of journalists bothered to cover them. Continue reading “We’re In for a Rude Awakening on Cybersecurity”

Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs

source: reuters.com (contributed by Steve Page)  |  image: fbi.gov

 

WASHINGTON, Jan 16 (Reuters) – The U.S. Commerce Department and FBI are both investigating a little-known telecoms hardware firm founded by senior Huawei veterans in China over possible security risks, sources and documents show.
Founded in 2014, Baicells Technologies opened a North American business the next year in Wisconsin and has since provided telecoms equipment for 700 commercial mobile networks across every U.S. state, according to its website.
The Commerce Department is investigating Baicells on national security grounds and has sent subpoenas to the company, four people said. The U.S. telecoms regulator, the Federal Communications Commission (FCC), is advising it on its review, two of the people said.
The FBI’s interest in its equipment and Chinese origins dates back to at least 2019.

Continue reading “Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs”

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

source: tomshardware.com (contributed by Steve Page)  |  image: pexels.com 

 

As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

source: wired.com (contributed by FAN, Steve Page)  |  image: unsplash.com

 

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

IN RECENT YEARS, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. At the same time, though, it has been difficult to check devices for infection, leading individuals to navigate an ad hoc array of academic institutions and NGOs that have been on the front lines of developing forensic techniques to detect mobile spyware. On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company’s customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus. Continue reading “Phone Scanner That Detects Spyware”