Rapid7's "Ransomware Radar Report 2024" highlights key findings from the analysis of visible leak sites, ransomware code, and underground forum chatter. According to the report, 2023 was a significant year for ransomware attacks, but 2024 is expected to be even worse. Rapid7 recorded over 2,500 ransomware attacks in the first half of 2024, with over 14 publicly claimed attacks daily.

A popular Ethereum blockchain, which was the victim of the largest ever crypto-heist back in 2022, recently suffered a $12m loss but had the stolen funds returned by ethical hackers.  Ronin Network is an Ethereum Virtual Machine (EVM) blockchain designed for game developers and is owned by Vietnamese firm Sky Mavis.  Earlier this week, Ronin Network revealed that unauthorized third-party actors withdrew around 4000 Ethereum and two million USD Coin (USDC), a digital stablecoin pegged to the US dollar, a total valued at around $12m.

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.  The prolific ransomware group is BlackSuit, which rebranded from Royal in July 2023.  CISA noted that the largest individual demand since the group rebranded was $60m, although the report adds that the group displays a “willingness to negotiate payment amounts,” so initial high asking prices are likely to be merely a negotiating tactic.

American building security giant ADT recently confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.  The company employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States.  The company noted that some of its databases were breached, and customer information was stolen.  The attackers obtained some customer information, including email addresses, phone numbers, and postal addresses.

Cybersecurity analysts have recently uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations. The researchers say that Kimsuky, active since at least 2012, primarily targets South Korean think tanks and government entities, though its reach extends to the US, the UK, and other European nations.

Researchers at Oligo Security have discovered an 18-year-old vulnerability that affects all major web browsers. According to Oligo Security researcher Avi Lumelsky, the critical vulnerability reveals a fundamental flaw in the handling of network requests by browsers, which could enable malicious actors to access sensitive services running on local devices. The company noted that the vulnerability has far-reaching implications. It is caused by inconsistent implementation of security mechanisms as well as a lack of standardization across different browsers.

AppOmni analyzed 230 billion Software-as-a-Service (SaaS) audit log events from its telemetry to gain insight into the behavior of bad actors that gain access to SaaS apps. They looked at a dataset compiled from over 20 SaaS platforms, focusing on alert sequences that would be less obvious to organizations able to examine only one platform's logs. They found that the MITRE ATT&CK kill chain is hardly relevant or heavily abbreviated for most SaaS security incidents, as many attacks were found to be simple smash-and-grab activities lasting 30 minutes to an hour.

The US State Department has identified at least six Iranian government hackers that were allegedly behind a series of attacks on US water utilities last fall. The six are Iranian security officials allegedly linked to malicious cyber activities performed by Iran's Islamic Revolutionary Guard Corps (IRGC) hacking groups. The State Department is offering a reward of up to $10 million for information on their whereabouts. This article continues to discuss the CyberAv3ngers water utility attacks and the US offering $10 million for information on the leaders behind them.

Researchers from the CISPA Helmholtz Center for Information Security in Germany have detailed a RISC-V CPU vulnerability dubbed "GhostWrite." RISC-V is an open source Instruction Set Architecture (ISA) designed for developing custom processors for different applications, including embedded systems, microcontrollers, and more. The team found the vulnerability in the XuanTie C910 CPU made by the Chinese chip company T-Head. GhostWrite enables attackers with limited privileges to read and write from and to physical memory, which could allow them to gain full access to the targeted device.

Bitdefender researchers discovered serious vulnerabilities in widely used solar power systems that could allow attackers to cause blackouts. The researchers analyzed photovoltaic system management platforms from the Chinese companies Solarman and Deye. According to Bitdefender, these platforms are used to operate millions of solar installations worldwide, making up about 20 percent of the global solar power production. This article continues to discuss the vulnerabilities found in solar power systems that could have been exploited by hackers to cause disruption and possibly blackouts.