Like a dragon on the hunt, a new threat cluster dubbed DragonRank has been using PlugX and BadIIS malware to target countries in Asia and Europe. In other news, the Iranian cyber group APT34 launched attacks on Iraqi government organizations to deploy two new malware, Veaty and Spearal. Highlighting the growing scale of the cybercrime landscape, the FBI’s latest report revealed that crypto-related cybercrime led to over $5.6 billion in losses in the U.S. in 2023. Catch up on the latest cybersecurity updates from the last 24 hours.
01
A new threat cluster DragonRank operated by a Chinese-speaking actor has been found targeting Thailand, India, Korea, Belgium, the Netherlands, and China to deliver PlugX and BadIIS malware for SEO rank manipulation.
02
The Iranian cyber group APT34 targeted Iraqi government entities, including the Prime Minister’s Office and the Ministry of Foreign Affairs, to deploy two newly identified malware families, Veaty and Spearal.
03
Researchers discovered two recent campaigns targeting misconfigured instances of a popular web testing tool, Selenium Grid, for cryptomining, proxyjacking, and exploit kit deployment.
04
Adobe patched 28 security vulnerabilities across multiple products, alerting Windows and macOS users about potential code execution attacks. Among these, two memory corruption vulnerabilities (CVE-2024-41869 and CVE-2024-45112) could be exploited to execute arbitrary code.
05
The U.K’s NCA and ICO have signed an agreement to enhance cooperation and cyber threat information sharing, aiming to strengthen cyber defenses, increase reporting, and support organizations impacted by cyberattacks.
06
Siemens issued a security advisory for a critical heap-based buffer overflow vulnerability, CVE-2024-33698, in its User Management Component (UMC) that could be exploited to execute arbitrary code on affected systems.
07
The FBI’s annual report on crypto-related cybercrime revealed that the U.S. suffered over $5.6 billion in losses in 2023, a 45% increase from the previous year. Additionally, BEC scams saw a 9% increase in identified global exposed losses in 2023.
08
A critical vulnerability, CVE-2024-20304, has been identified in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR software that could lead to a DoS condition and privilege escalation.
09
Datricks, a compliance and risk management startup raised $15 million in a Series A round led by Team8, SAP, and Jerusalem Venture Partners.
10
An enterprise microsegmentation platform provider, ColorTokens, acquired PureID, an identity security provider for an undisclosed amount.
