The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.  The prolific ransomware group is BlackSuit, which rebranded from Royal in July 2023.  CISA noted that the largest individual demand since the group rebranded was $60m, although the report adds that the group displays a “willingness to negotiate payment amounts,” so initial high asking prices are likely to be merely a negotiating tactic.

American building security giant ADT recently confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.  The company employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States.  The company noted that some of its databases were breached, and customer information was stolen.  The attackers obtained some customer information, including email addresses, phone numbers, and postal addresses.

Cybersecurity analysts have recently uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations. The researchers say that Kimsuky, active since at least 2012, primarily targets South Korean think tanks and government entities, though its reach extends to the US, the UK, and other European nations.

Researchers at Oligo Security have discovered an 18-year-old vulnerability that affects all major web browsers. According to Oligo Security researcher Avi Lumelsky, the critical vulnerability reveals a fundamental flaw in the handling of network requests by browsers, which could enable malicious actors to access sensitive services running on local devices. The company noted that the vulnerability has far-reaching implications. It is caused by inconsistent implementation of security mechanisms as well as a lack of standardization across different browsers.

AppOmni analyzed 230 billion Software-as-a-Service (SaaS) audit log events from its telemetry to gain insight into the behavior of bad actors that gain access to SaaS apps. They looked at a dataset compiled from over 20 SaaS platforms, focusing on alert sequences that would be less obvious to organizations able to examine only one platform's logs. They found that the MITRE ATT&CK kill chain is hardly relevant or heavily abbreviated for most SaaS security incidents, as many attacks were found to be simple smash-and-grab activities lasting 30 minutes to an hour.

The US State Department has identified at least six Iranian government hackers that were allegedly behind a series of attacks on US water utilities last fall. The six are Iranian security officials allegedly linked to malicious cyber activities performed by Iran's Islamic Revolutionary Guard Corps (IRGC) hacking groups. The State Department is offering a reward of up to $10 million for information on their whereabouts. This article continues to discuss the CyberAv3ngers water utility attacks and the US offering $10 million for information on the leaders behind them.

Researchers from the CISPA Helmholtz Center for Information Security in Germany have detailed a RISC-V CPU vulnerability dubbed "GhostWrite." RISC-V is an open source Instruction Set Architecture (ISA) designed for developing custom processors for different applications, including embedded systems, microcontrollers, and more. The team found the vulnerability in the XuanTie C910 CPU made by the Chinese chip company T-Head. GhostWrite enables attackers with limited privileges to read and write from and to physical memory, which could allow them to gain full access to the targeted device.

Bitdefender researchers discovered serious vulnerabilities in widely used solar power systems that could allow attackers to cause blackouts. The researchers analyzed photovoltaic system management platforms from the Chinese companies Solarman and Deye. According to Bitdefender, these platforms are used to operate millions of solar installations worldwide, making up about 20 percent of the global solar power production. This article continues to discuss the vulnerabilities found in solar power systems that could have been exploited by hackers to cause disruption and possibly blackouts.

According to researchers at Aqua Security, Amazon Web Services (AWS) has patched critical vulnerabilities that could have been used to take over accounts. The security flaws could have enabled arbitrary code execution and AWS account takeovers, under certain conditions. The exploitation of the flaws could have also exposed sensitive data and caused Denial-of-Service (DoS) attacks, data exfiltration, and Artificial Intelligence (AI) model manipulation. This article continues to discuss the recently patched critical AWS vulnerabilities.  

Censys found more than 40,000 Internet-exposed Industrial Control Systems (ICS) in the US. Over half of these systems are likely for building control and automation, and around 18,000 are used to control industrial systems. This article continues to discuss the exposure of Internet-exposed ICS devices.

SecurityWeek reports "Over 40,000 Internet-Exposed ICS Devices Found in US: Censys"

Submitted by grigby1