Go to listing page

Daily Cybersecurity Roundup, October 18, 2024

From the shadows of cyber warfare to digital vaults and software vulnerabilities, the ever-changing landscape of cyber threats continues to unfold. A Russian-speaking group, UAT-5647, has been relentlessly targeting Ukrainian and Polish entities with advanced malware. At the same time, Radiant Capital Blockchain fell victim to a massive crypto heist, losing $58 million after hackers compromised private keys and drained multi-sig wallets. Meanwhile, Microsoft has revealed a critical flaw in Apple’s TCC framework, patched just in time in macOS Sequoia 15. Read on for the top 10 highlights from cyberspace. 

01

Russian-speaking group UAT-5647 has been targeting Ukrainian and Polish entities since late 2023. It is using updated malware like SingleCamper, DustyHammock, and ShadyHammock.

02

Radiant Capital Blockchain experienced a crypto heist, resulting in a loss of up to $58 million in user assets. The attack involved a compromise of private keys, allowing the hacker to access multi-sig wallets and drain user assets.

03

ASEC detected phishing emails impersonating Korean entertainment agencies. The emails prompt recipients to check their images used in ads by clicking a link, which actually leads to a Python-based info-stealer in the form of a fake PDF.

04

Microsoft revealed information about a security flaw (CVE-2024-44133) in Apple's TCC framework in macOS, known as HM Surf, which has been patched in macOS Sequoia 15.

05

This year has seen a record number of active ransomware groups, with 58 attacking global businesses in Q2. The top 10 ransomware groups were responsible for 58.3% of detected attacks in Q3.

06

Japan's ruling Liberal Democratic Party's website was hit by DDoS attacks during the start of the country's general election campaign. Pro-Russian groups NoName057(16) and the Cyber Army of Russia, claimed responsibility.

07

A critical security vulnerability (CVE-2024-9264) has been found in Grafana, allowing attackers to execute arbitrary code due to a flaw in the experimental SQL Expressions feature.

08

Research by CheckPoint revealed that Microsoft was the most impersonated brand accounting for 61% of all phishing attempts in Q3 2024, followed by Apple at 12% and Google at 7%.

09

European cyber insurance startup Stoïk raised €25 million (~ $27 million) in a Series B round led by Alven, with participation from Andreessen Horowitz, Munich Re Ventures, Opera Tech Ventures, and Anthemis.

10

Industrial cyber risk management company DeNexus raised $17.5 million in a Series A funding round led by Punja Global Ventures, with participation from AXA XL, Prosegur/SegTech, and HCS Capital.

Get the Daily Cybersecurity Roundup delivered to your email!