Researchers at Akamai have found that the Common UNIX Printing System (CUPS) could be abused for large Distributed Denial-of-Service (DDoS) attacks following researcher Simone Margaritelli's warning regarding the system being vulnerable to unauthenticated Remote Code Execution (RCE). CUPS is an open source printing system based on the Internet Printing Protocol (IPP). It is mainly for Linux and UNIX-like operating systems. Margaritelli recently disclosed several unpatched CUPS vulnerabilities that, when chained together, can lead to RCE.

The Australian Cyber Security Centre (ACSC) has released a new guide titled "Principles of Operational Technology Cybersecurity" in collaboration with US Cybersecurity and Infrastructure Security Agency (CISA) and international partners. The guide contains information for organizations looking to secure their Operational Technology (OT) environments in the critical infrastructure sectors. It delves into fundamental principles such as safety, data protection, network segmentation, and others to help organizations manage risks and protect against cyber threats their OT systems face.

According to security researchers at Symantec, despite a recent indictment, the North Korean Stonefly group, also known by aliases such as APT45 and Silent Chollima, has been observed continuing its financially motivated cyberattacks against US organizations.  The researchers noted that the group, linked to North Korea’s Reconnaissance General Bureau, has shifted its focus from espionage to targeting private companies in sectors with little intelligence value.

DrayTek has recently released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10.  DrayTek noted that the flaws impact actively supported and models that have reached end-of-life.  Due to the severity, DrayTek has provided fixes for routers in both categories.  According to Vedere Labs, 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with 704,500 having their web interface exposed to the internet.

Cloudflare recently mitigated another record-breaking DDoS attack.  The company says the attack peaked at 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps).  The attack was aimed at an unidentified customer of an unnamed hosting provider that uses Cloudflare services.  The previous volumetric DDoS record was set in late 2021 when Microsoft saw an attack that peaked at 3.47 Tbps and a packet rate of 340 million Pps.

According to security researchers at Black Kite, the manufacturing sector is at high risk of cyberattacks, with 80% of companies having critical vulnerabilities (with a CVSS score of 8 and above).  The researchers noted that over two-thirds (67%) of manufacturing organizations had at least one vulnerability from the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog, which details flaws that have been exploited in the wild.

A British hacker accused of orchestrating a $3.75m insider trading scheme has recently been charged in the US.  Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information.  According to the Department of Justice (DoJ), between January 2019 and May 2020, Westbrook hacked into the Microsoft Office 365 accounts of executives at five US companies.

Japan's Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting ransomware attacks. Their tips are based on entries in Windows Event Logs, supporting timely detection of attacks. According to JPCERT/CC, the technique can be useful when responding to ransomware attacks, as identifying the attack vector is critical for timely mitigation. JPCERT/CC's investigation strategy includes four types of Windows Event Logs: application, security, system, and setup logs.

According to Der Spiegel, the North Korea-linked Advanced Persistent Threat (APT) "Kimsuky" infiltrated Diehl Defence, a German company that makes Iris-T air defense systems. They did so through a phishing campaign involving fake job offers and advanced social engineering methods. The Kimsuky APT used booby-trapped PDF files and spear-phishing lures to offer Diehl Defence employees jobs with American defense contractors. This article continues to discuss the targeting of Diehl Defence by Kimsuky hackers.

Researchers at Embry-Riddle Aeronautical University are developing systems to detect cyberattacks on drones and other networks by imitating how ants locate intruders in their colonies. Dr. Bryan Watson and his team at Embry-Riddle Aeronautical University's Biologically Inspired Design-for-Resilience Lab (BID4R) are creating mathematical models of ant behavior for use in networked systems, such as those including drones and household appliances. This article continues to discuss the study on ant behavior to inform network protection.