Security researchers at Akamai recently warned that an unpatched vulnerability found in CCTV cameras commonly used in critical infrastructure is being actively exploited to spread a Mirai variant malware.  The command injection vulnerability, CVE-2024-7029, is found in the brightness function of AVTECH CCTV cameras that allows for remote code execution (RCE).  The vulnerability was highlighted in a Cybersecurity and Infrastructure Security Agency (CISA) industrial control system (ICS) advisory in August 2024.

According to security researchers at Forescout, published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access.  The researchers noted that 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111 new CVEs per day.  The majority of published vulnerabilities in H1 2024 had either a medium (39%) or low (25%) severity score (CVSS), while just 9% had a critical score.

BlackByte is a ransomware-as-a-service brand believed to be an off-shoot of Conti.  It was first seen in 2021.  Security researchers at Talos have observed the BlackByte ransomware brand employing new techniques in addition to their standard TTPs.  The researchers found that BlackByte has been considerably more active than previously assumed.  The researchers stated that the group has been significantly more active than would appear from the number of victims published on its data leak site but cannot explain why only 20% to 30% of BlackByte’s victims are posted.

Google recently announced significantly boosted rewards for Chrome browser vulnerabilities reported through its Vulnerability Reward Program (VRP).  With the updated rewards, Google says security researchers may earn as much as $250,000 for a single issue or even more if specific conditions are met.  As before, the highest payouts will go to researchers who demonstrate memory corruption bugs in non-sandboxed processes.

The Play ransomware group has recently published gigabytes of data allegedly stolen from US-based semiconductor supplier Microchip Technology.  The company revealed that operations at some of its manufacturing facilities were disrupted due to the attack. Microchip provides microcontroller, mixed-signal, analog, and Flash-IP solutions to 123,000 customers across the industrial, automotive, consumer, aerospace and defense, communications, and computing sectors.

Today, the National Security Agency (NSA) released a copy of an internal lecture delivered by Rear Admiral Grace Hopper from August 19, 1982. Known as one of the most influential figures in the development of early computing technologies, Hopper’s contributions have left an indelible mark on the field of computer science, particularly in the realm of programming languages. The lecture, which Hopper delivered during her tenure at the NSA, provides a rare glimpse into the thoughts and expertise of a woman who played a pivotal role in shaping modern computing.

According to security researchers at Chainalysis, online fraudsters are rapidly adapting their activities to run more impactful scams of shorter duration.  The researchers noted that online scams are one of the largest areas of illegal activity that they monitor, with billions of dollars worth of crypto flowing to illicit accounts in the year to date (YTD).

According to security researchers at Comparitech, ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records.  The researchers noted that in 2023, the number of attacks reached a record high of 121, marking a significant increase from the 71 attacks reported in 2022. The average downtime per attack has also grown, rising from just under nine days in 2021 to 12.6 days in 2023.

By grigby1 

By krahal

The backdrop flurry of the US presidential election on 5 November comes with increasing cyber heat, for worse, and with counter measures, somewhat better.