AppOmni analyzed 230 billion Software-as-a-Service (SaaS) audit log events from its telemetry to gain insight into the behavior of bad actors that gain access to SaaS apps. They looked at a dataset compiled from over 20 SaaS platforms, focusing on alert sequences that would be less obvious to organizations able to examine only one platform's logs. They found that the MITRE ATT&CK kill chain is hardly relevant or heavily abbreviated for most SaaS security incidents, as many attacks were found to be simple smash-and-grab activities lasting 30 minutes to an hour.

The US State Department has identified at least six Iranian government hackers that were allegedly behind a series of attacks on US water utilities last fall. The six are Iranian security officials allegedly linked to malicious cyber activities performed by Iran's Islamic Revolutionary Guard Corps (IRGC) hacking groups. The State Department is offering a reward of up to $10 million for information on their whereabouts. This article continues to discuss the CyberAv3ngers water utility attacks and the US offering $10 million for information on the leaders behind them.

Researchers from the CISPA Helmholtz Center for Information Security in Germany have detailed a RISC-V CPU vulnerability dubbed "GhostWrite." RISC-V is an open source Instruction Set Architecture (ISA) designed for developing custom processors for different applications, including embedded systems, microcontrollers, and more. The team found the vulnerability in the XuanTie C910 CPU made by the Chinese chip company T-Head. GhostWrite enables attackers with limited privileges to read and write from and to physical memory, which could allow them to gain full access to the targeted device.

Bitdefender researchers discovered serious vulnerabilities in widely used solar power systems that could allow attackers to cause blackouts. The researchers analyzed photovoltaic system management platforms from the Chinese companies Solarman and Deye. According to Bitdefender, these platforms are used to operate millions of solar installations worldwide, making up about 20 percent of the global solar power production. This article continues to discuss the vulnerabilities found in solar power systems that could have been exploited by hackers to cause disruption and possibly blackouts.

According to researchers at Aqua Security, Amazon Web Services (AWS) has patched critical vulnerabilities that could have been used to take over accounts. The security flaws could have enabled arbitrary code execution and AWS account takeovers, under certain conditions. The exploitation of the flaws could have also exposed sensitive data and caused Denial-of-Service (DoS) attacks, data exfiltration, and Artificial Intelligence (AI) model manipulation. This article continues to discuss the recently patched critical AWS vulnerabilities.  

Censys found more than 40,000 Internet-exposed Industrial Control Systems (ICS) in the US. Over half of these systems are likely for building control and automation, and around 18,000 are used to control industrial systems. This article continues to discuss the exposure of Internet-exposed ICS devices.

SecurityWeek reports "Over 40,000 Internet-Exposed ICS Devices Found in US: Censys"

Submitted by grigby1

Mozilla and Google recently updated their web browsers, and the latest versions patch several potentially serious vulnerabilities. Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. The remaining issues have been assigned a "high severity" rating. Google noted that one of them, which earned the reporting researchers $11,000, has been described as a use-after-free in the Sharing component.

SafeBreach Labs researcher Alon Leviev has highlighted significant gaps in Microsoft's Windows Update architecture, warning that hackers can execute software downgrade attacks and render "fully patched" meaningless on any Windows machine. In a Black Hat conference presentation, he took over the Windows Update process to craft custom downgrades on critical OS components, elevate privileges, and more. He made a fully patched Windows machine susceptible to thousands of past vulnerabilities, thus turning vulnerabilities that have been fixed into zero-days.

Samsung recently announced that it has paid out nearly $5 million through its bug bounty program since its launch in 2017, including $828,000 in 2023.  In 2023, Samsung noted that 113 researchers got paid for responsibly disclosing vulnerabilities in Galaxy mobile devices.  The highest single reward exceeded $57,000, and it went to TASZK Security Labs.  The company also recently announced bonus rewards for high-quality vulnerability reports and informed bug bounty hunters that the maximum reward has been increased to $1 million.

Mortgage lender LoanDepot recently reported that the costs associated with a ransomware attack that occured in January 2024, have reached nearly $27 million.  The company noted that the amount includes "costs to investigate and remediate the cybersecurity incident, the costs of customer notifications and identity protection, professional fees including legal expenses, litigation settlement costs, and commission guarantees." The Alphv/BlackCat ransomware group took credit for the attack.