SafeBreach Labs researcher Alon Leviev has highlighted significant gaps in Microsoft's Windows Update architecture, warning that hackers can execute software downgrade attacks and render "fully patched" meaningless on any Windows machine. In a Black Hat conference presentation, he took over the Windows Update process to craft custom downgrades on critical OS components, elevate privileges, and more. He made a fully patched Windows machine susceptible to thousands of past vulnerabilities, thus turning vulnerabilities that have been fixed into zero-days.

Samsung recently announced that it has paid out nearly $5 million through its bug bounty program since its launch in 2017, including $828,000 in 2023.  In 2023, Samsung noted that 113 researchers got paid for responsibly disclosing vulnerabilities in Galaxy mobile devices.  The highest single reward exceeded $57,000, and it went to TASZK Security Labs.  The company also recently announced bonus rewards for high-quality vulnerability reports and informed bug bounty hunters that the maximum reward has been increased to $1 million.

Mortgage lender LoanDepot recently reported that the costs associated with a ransomware attack that occured in January 2024, have reached nearly $27 million.  The company noted that the amount includes "costs to investigate and remediate the cybersecurity incident, the costs of customer notifications and identity protection, professional fees including legal expenses, litigation settlement costs, and commission guarantees." The Alphv/BlackCat ransomware group took credit for the attack.

Claroty's Team82 uncovered a security vulnerability in Rockwell Automation's ControlLogix 1756 devices that could expose critical infrastructure to cyberattacks on the Operational Technology (OT) controlling physical processes. The flaw in Rockwell Automation's ControlLogix 1756 devices enables attackers to evade a critical security feature. They can use the trusted slot mechanism as a passageway to jump between slots and access Industrial Control Systems (ICS). This article continues to discuss the potential exploitation and impact of the Rockwell controller flaw.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released "Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem" to help organizations purchasing software understand their software manufacturers' cybersecurity approach and ensure secure-by-design is a priority. The guide provides questions to ask when buying software, resources to assess product security maturity based on secure-by-design principles, and more. This article continues to discuss the new Secure by Demand guide.

Check Point Research warns that over 20,000 Ubiquiti devices are exposed on the Internet, revealing informational data, including their platform names, configured IP addresses, and more, due to a five-year-old bug. In January 2019, broadband Internet expert Jim Troutman warned that an exposed port in dozens of Ubiquiti Internet of Things (IoT) devices was being used for Denial-of-Service (DoS) attacks. The vulnerability received a "high" score of 7.5 on the CVSS scale. Months later, Rapid7 researchers still found about 500,000 vulnerable devices.

The Ransomware-as-a-Service (RaaS) operator "Hunters International" is using a new Remote Access Trojan (RAT) named "SharpRhino." According to researchers at Quorum Cyber, the malware is delivered through a typosquatting domain impersonating the legitimate tool "Angry IP Scanner." Information Technology (IT) professionals are more likely to be the ones downloading and using the IP address and port scanner. This article continues to discuss findings regarding the Hunters International gang targeting IT workers with the SharpRhino RAT.

According to South Korea's National Cyber Security Center (NCSC), Democratic People's Republic of Korea (DPRK) state-sponsored hackers have exploited vulnerabilities in a Virtual Private Network's (VPN) software update to install malware and infiltrate networks. The two threat groups said to be involved in this activity are "Kimsuky" and Andariel, both state-sponsored actors previously linked to the "Lazarus Group." This article continues to discuss North Korean hackers' exploitation of flaws in a VPN's software update to deploy malware and breach networks.

In the first half of 2024, 22,254 Common Vulnerabilities and Exposures (CVEs) were reported, up 30 percent from last year. According to Qualys' "2024 Midyear Threat Landscape Review" just 0.91 percent of the reported CVEs were weaponized. While only 204 of the reported CVEs have been weaponized, they represent critical risks often exploited by threat actors in ransomware attacks and other cyberattacks. This article continues to discuss key findings from Qualys' 2024 Midyear Threat Landscape Review.

The cloud computing company Amazon Web Services (AWS) uses a massive neural network graph model with 3.5 billion nodes and 48 billion edges to quickly detect malicious domains crawling its infrastructure. The "Mithra" system applies algorithms for threat intelligence and provides AWS with a reputation-scoring system to identify malicious domains. In a note about Mithra, the technology giant said it detects about 182,000 new malicious domains daily. This article continues to discuss the Mithra neural network used by AWS to predict and block malicious domains.