NCC Group researchers discovered vulnerabilities in Sonos smart speakers, including a flaw that could have enabled attackers to eavesdrop on users. An attacker in Wi-Fi range of the targeted Sonos smart speaker can exploit one of the vulnerabilities for Remote Code Execution (RCE). The researchers showed how an attacker could have taken control of a speaker, secretly recorded audio, and exfiltrated it to their server using this vulnerability. This article continues to discuss the Sonos product vulnerabilities. 

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of two vulnerabilities, including a path traversal flaw affecting Apache OFBiz. Apache OFBiz is an open source Enterprise Resource Planning (ERP) system with a suite of business applications to help manage an organization. Many industries and businesses of different sizes use it because it is versatile and cost-effective. The path traversal vulnerability could allow attackers to remotely execute arbitrary commands on vulnerable servers.

Researchers at Menlo Security found a sophisticated phishing campaign that exploits users' trust in Google Drawings and WhatsApp. Menlo Security calls this attack a "Living Off Trusted Sites" (LOTS) threat because it manipulates legitimate platforms to trick victims into giving up their personal and financial information. This article continues to discuss findings regarding the novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to avoid detection and trick users.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations about threat actors targeting improperly configured Cisco devices. Malicious hackers have been observed acquiring system configuration files through the abuse of protocols or software such as the Cisco Smart Install (SMI) feature. This feature has been exploited to take control of Cisco switches. This article continues to discuss CISA's warning about the abuse of improperly configured Cisco devices.

The "2024 Cost of Data Breach Study" by IBM and the Ponemon Institute details the financial costs of cyberattacks across different industries. In 2023, the global average cost of a data breach reached $4.45 million, up 15 percent over the previous three years. The report attributed this increase to the rising expenses of lost business and post-breach response actions. The US averaged $9.48 million per breach, the highest of any nation. As in previous years, healthcare had the highest average breach costs at $10.93 million.

With the goal of creating division, Iran is adding to Russia’s and China’s efforts to sow distrust and chaos in the upcoming US election. Iran has been using websites and social media feeds directed to both politically left and right voters. Microsoft Threat Analysis thinks the sites use artificial intelligence to pick up news from real US news sites and then give it their own fake news twists. Russia has also been creating propaganda videos to support Trump and Russian points of view and China has been posting videos made to increase pro-Palestinian university protests.

ReasonLabs researchers discovered a malware campaign that forced the installation of malicious Google Chrome and Microsoft Edge browser extensions in more than 300,000 browsers, modifying the browser's executables to take over homepages and steal browsing history. The installer and extensions, which are typically undetected by antivirus software, steal data and run commands on infected devices. ReasonLabs warns that the threat actors behind it use a variety of malvertising themes to achieve the initial infection.

Rapid7's "Ransomware Radar Report 2024" highlights key findings from the analysis of visible leak sites, ransomware code, and underground forum chatter. According to the report, 2023 was a significant year for ransomware attacks, but 2024 is expected to be even worse. Rapid7 recorded over 2,500 ransomware attacks in the first half of 2024, with over 14 publicly claimed attacks daily.

A popular Ethereum blockchain, which was the victim of the largest ever crypto-heist back in 2022, recently suffered a $12m loss but had the stolen funds returned by ethical hackers.  Ronin Network is an Ethereum Virtual Machine (EVM) blockchain designed for game developers and is owned by Vietnamese firm Sky Mavis.  Earlier this week, Ronin Network revealed that unauthorized third-party actors withdrew around 4000 Ethereum and two million USD Coin (USDC), a digital stablecoin pegged to the US dollar, a total valued at around $12m.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.  The prolific ransomware group is BlackSuit, which rebranded from Royal in July 2023.  CISA noted that the largest individual demand since the group rebranded was $60m, although the report adds that the group displays a “willingness to negotiate payment amounts,” so initial high asking prices are likely to be merely a negotiating tactic.