From the shadows of cyber warfare to digital vaults and software vulnerabilities, the ever-changing landscape of cyber threats continues to unfold. A Russian-speaking group, UAT-5647, has been relentlessly targeting Ukrainian and Polish entities with advanced malware. At the same time, Radiant Capital Blockchain fell victim to a massive crypto heist, losing $58 million after hackers compromised private keys and drained multi-sig wallets. Meanwhile, Microsoft has revealed a critical flaw in Apple’s TCC framework, patched just in time in macOS Sequoia 15. Read on for the top 10 highlights from cyberspace.
01
Russian-speaking group UAT-5647 has been targeting Ukrainian and Polish entities since late 2023. It is using updated malware like SingleCamper, DustyHammock, and ShadyHammock.
02
Radiant Capital Blockchain experienced a crypto heist, resulting in a loss of up to $58 million in user assets. The attack involved a compromise of private keys, allowing the hacker to access multi-sig wallets and drain user assets.
03
ASEC detected phishing emails impersonating Korean entertainment agencies. The emails prompt recipients to check their images used in ads by clicking a link, which actually leads to a Python-based info-stealer in the form of a fake PDF.
04
Microsoft revealed information about a security flaw (CVE-2024-44133) in Apple's TCC framework in macOS, known as HM Surf, which has been patched in macOS Sequoia 15.
05
This year has seen a record number of active ransomware groups, with 58 attacking global businesses in Q2. The top 10 ransomware groups were responsible for 58.3% of detected attacks in Q3.
06
Japan's ruling Liberal Democratic Party's website was hit by DDoS attacks during the start of the country's general election campaign. Pro-Russian groups NoName057(16) and the Cyber Army of Russia, claimed responsibility.
07
A critical security vulnerability (CVE-2024-9264) has been found in Grafana, allowing attackers to execute arbitrary code due to a flaw in the experimental SQL Expressions feature.
08
Research by CheckPoint revealed that Microsoft was the most impersonated brand accounting for 61% of all phishing attempts in Q3 2024, followed by Apple at 12% and Google at 7%.
09
European cyber insurance startup Stoïk raised €25 million (~ $27 million) in a Series B round led by Alven, with participation from Andreessen Horowitz, Munich Re Ventures, Opera Tech Ventures, and Anthemis.
10
Industrial cyber risk management company DeNexus raised $17.5 million in a Series A funding round led by Punja Global Ventures, with participation from AXA XL, Prosegur/SegTech, and HCS Capital.
