DaggerFly is ramping up its cyberespionage operations with a newly identified malware that targets Linux-based network devices. The malware is designed to overwrite essential system binaries, replace SSH libraries, and maintain long-term access while exfiltrating sensitive data. North Korean hackers have intensified their Contagious Interview campaign, deploying new variants of the macOS malware family, FlexibleFerret. A report by Picus Security reveals a significant rise in info-stealers designed to harvest credentials. Read on for the top 10 highlights from cyberspace.
01
A new malware called ELF/Sshdinjector.A!tr has been linked to the DaggerFly espionage group, targeting Linux-based network devices for data theft.
02
SentinelOne found new variants of a macOS malware family, named FlexibleFerret, used by North Korean threat actors in the Contagious Interview campaign.
03
Morphisec has found a new version of the ValleyRAT malware, which spreads through a fake download of a Chrome browser from a fraudulent Chinese telecom website.
04
Researchers have uncovered infrastructure laundering, where Funnull CDN, a Chinese company, has been renting IPs from AWS and Microsoft Azure to host scam websites.
05
AMD announced patches for a vulnerability (CVE-2024-5616) in its microprocessors that could compromise Secure Encrypted Virtualization protection, allowing attackers to load malicious microcode.
06
New report by Picus Security noted that info-stealers are increasingly targeting credential stores, with 29% of analyzed malware samples seeking to steal passwords from various sources.?
07
The CISA added four security flaws—CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410—to its KEV catalog due to evidence of active exploitation.
08
The NCSC and Five Eyes allies have released new guidance for edge device manufacturers to improve baseline security. The guidance focuses on logging requirements for threat detection and forensic data acquisition.
09
Over half (54%) of global financial institutions experienced cyberattacks involving data destruction in 2024, a 12.5% increase from 2023. Cloud environments and APIs are the most common attack vectors at 71%.
10
AttackIQ announced the acquisition of vulnerability prioritization startup DeepSurface. Terms of the deal were not disclosed.
