The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations about threat actors targeting improperly configured Cisco devices. Malicious hackers have been observed acquiring system configuration files through the abuse of protocols or software such as the Cisco Smart Install (SMI) feature. This feature has been exploited to take control of Cisco switches. This article continues to discuss CISA's warning about the abuse of improperly configured Cisco devices.

The "2024 Cost of Data Breach Study" by IBM and the Ponemon Institute details the financial costs of cyberattacks across different industries. In 2023, the global average cost of a data breach reached $4.45 million, up 15 percent over the previous three years. The report attributed this increase to the rising expenses of lost business and post-breach response actions. The US averaged $9.48 million per breach, the highest of any nation. As in previous years, healthcare had the highest average breach costs at $10.93 million.

With the goal of creating division, Iran is adding to Russia’s and China’s efforts to sow distrust and chaos in the upcoming US election. Iran has been using websites and social media feeds directed to both politically left and right voters. Microsoft Threat Analysis thinks the sites use artificial intelligence to pick up news from real US news sites and then give it their own fake news twists. Russia has also been creating propaganda videos to support Trump and Russian points of view and China has been posting videos made to increase pro-Palestinian university protests.

ReasonLabs researchers discovered a malware campaign that forced the installation of malicious Google Chrome and Microsoft Edge browser extensions in more than 300,000 browsers, modifying the browser's executables to take over homepages and steal browsing history. The installer and extensions, which are typically undetected by antivirus software, steal data and run commands on infected devices. ReasonLabs warns that the threat actors behind it use a variety of malvertising themes to achieve the initial infection.

Rapid7's "Ransomware Radar Report 2024" highlights key findings from the analysis of visible leak sites, ransomware code, and underground forum chatter. According to the report, 2023 was a significant year for ransomware attacks, but 2024 is expected to be even worse. Rapid7 recorded over 2,500 ransomware attacks in the first half of 2024, with over 14 publicly claimed attacks daily.

A popular Ethereum blockchain, which was the victim of the largest ever crypto-heist back in 2022, recently suffered a $12m loss but had the stolen funds returned by ethical hackers.  Ronin Network is an Ethereum Virtual Machine (EVM) blockchain designed for game developers and is owned by Vietnamese firm Sky Mavis.  Earlier this week, Ronin Network revealed that unauthorized third-party actors withdrew around 4000 Ethereum and two million USD Coin (USDC), a digital stablecoin pegged to the US dollar, a total valued at around $12m.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.  The prolific ransomware group is BlackSuit, which rebranded from Royal in July 2023.  CISA noted that the largest individual demand since the group rebranded was $60m, although the report adds that the group displays a “willingness to negotiate payment amounts,” so initial high asking prices are likely to be merely a negotiating tactic.

American building security giant ADT recently confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.  The company employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States.  The company noted that some of its databases were breached, and customer information was stolen.  The attackers obtained some customer information, including email addresses, phone numbers, and postal addresses.

Cybersecurity analysts have recently uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations. The researchers say that Kimsuky, active since at least 2012, primarily targets South Korean think tanks and government entities, though its reach extends to the US, the UK, and other European nations.

Researchers at Oligo Security have discovered an 18-year-old vulnerability that affects all major web browsers. According to Oligo Security researcher Avi Lumelsky, the critical vulnerability reveals a fundamental flaw in the handling of network requests by browsers, which could enable malicious actors to access sensitive services running on local devices. The company noted that the vulnerability has far-reaching implications. It is caused by inconsistent implementation of security mechanisms as well as a lack of standardization across different browsers.