Cybersecurity analysts have recently uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations. The researchers say that Kimsuky, active since at least 2012, primarily targets South Korean think tanks and government entities, though its reach extends to the US, the UK, and other European nations.

Researchers at Oligo Security have discovered an 18-year-old vulnerability that affects all major web browsers. According to Oligo Security researcher Avi Lumelsky, the critical vulnerability reveals a fundamental flaw in the handling of network requests by browsers, which could enable malicious actors to access sensitive services running on local devices. The company noted that the vulnerability has far-reaching implications. It is caused by inconsistent implementation of security mechanisms as well as a lack of standardization across different browsers.

AppOmni analyzed 230 billion Software-as-a-Service (SaaS) audit log events from its telemetry to gain insight into the behavior of bad actors that gain access to SaaS apps. They looked at a dataset compiled from over 20 SaaS platforms, focusing on alert sequences that would be less obvious to organizations able to examine only one platform's logs. They found that the MITRE ATT&CK kill chain is hardly relevant or heavily abbreviated for most SaaS security incidents, as many attacks were found to be simple smash-and-grab activities lasting 30 minutes to an hour.

The US State Department has identified at least six Iranian government hackers that were allegedly behind a series of attacks on US water utilities last fall. The six are Iranian security officials allegedly linked to malicious cyber activities performed by Iran's Islamic Revolutionary Guard Corps (IRGC) hacking groups. The State Department is offering a reward of up to $10 million for information on their whereabouts. This article continues to discuss the CyberAv3ngers water utility attacks and the US offering $10 million for information on the leaders behind them.

Researchers from the CISPA Helmholtz Center for Information Security in Germany have detailed a RISC-V CPU vulnerability dubbed "GhostWrite." RISC-V is an open source Instruction Set Architecture (ISA) designed for developing custom processors for different applications, including embedded systems, microcontrollers, and more. The team found the vulnerability in the XuanTie C910 CPU made by the Chinese chip company T-Head. GhostWrite enables attackers with limited privileges to read and write from and to physical memory, which could allow them to gain full access to the targeted device.

Bitdefender researchers discovered serious vulnerabilities in widely used solar power systems that could allow attackers to cause blackouts. The researchers analyzed photovoltaic system management platforms from the Chinese companies Solarman and Deye. According to Bitdefender, these platforms are used to operate millions of solar installations worldwide, making up about 20 percent of the global solar power production. This article continues to discuss the vulnerabilities found in solar power systems that could have been exploited by hackers to cause disruption and possibly blackouts.

According to researchers at Aqua Security, Amazon Web Services (AWS) has patched critical vulnerabilities that could have been used to take over accounts. The security flaws could have enabled arbitrary code execution and AWS account takeovers, under certain conditions. The exploitation of the flaws could have also exposed sensitive data and caused Denial-of-Service (DoS) attacks, data exfiltration, and Artificial Intelligence (AI) model manipulation. This article continues to discuss the recently patched critical AWS vulnerabilities.  

Censys found more than 40,000 Internet-exposed Industrial Control Systems (ICS) in the US. Over half of these systems are likely for building control and automation, and around 18,000 are used to control industrial systems. This article continues to discuss the exposure of Internet-exposed ICS devices.

SecurityWeek reports "Over 40,000 Internet-Exposed ICS Devices Found in US: Censys"

Submitted by grigby1

Mozilla and Google recently updated their web browsers, and the latest versions patch several potentially serious vulnerabilities. Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. The remaining issues have been assigned a "high severity" rating. Google noted that one of them, which earned the reporting researchers $11,000, has been described as a use-after-free in the Sharing component.

SafeBreach Labs researcher Alon Leviev has highlighted significant gaps in Microsoft's Windows Update architecture, warning that hackers can execute software downgrade attacks and render "fully patched" meaningless on any Windows machine. In a Black Hat conference presentation, he took over the Windows Update process to craft custom downgrades on critical OS components, elevate privileges, and more. He made a fully patched Windows machine susceptible to thousands of past vulnerabilities, thus turning vulnerabilities that have been fixed into zero-days.