Aqua Security researchers are warning of a new malware family named "perfctl" that targets Linux systems. It establishes persistent access and hijacks resources to conduct cryptocurrency mining. The perfctl malware, found to have been active for over three years, exploits more than 20,000 misconfigurations and known vulnerabilities. It uses a rootkit to hide on compromised systems, runs in the background as a service, and more. The malware's operators have used additional tools for reconnaissance, deploying proxy-jacking software, and other activities.

Qualcomm has released security patches to address a zero-day vulnerability in the Digital Signal Processor (DSP) service, which affects dozens of chipsets. Google Project Zero's Seth Jenkins and Amnesty International Security Lab's Conghui Wang reported the security flaw. It is stems from a use-after-free vulnerability that, if successfully exploited by local attackers with low privileges, can result in memory corruption.

The popular "LiteSpeed Cache" WordPress plug-in, installed over 6 million times, is impacted by a Cross-Site Scripting (XSS) flaw that allows attackers to escalate privileges and install malicious code. The flaw was discovered by security researcher "TaiYou" in LiteSpeed Cache, the most popular caching plug-in for the WordPress Content Management System (CMS). Patchstack reports that the XSS vulnerability could allow an unauthenticated user to steal sensitive information and escalate privileges on the WordPress site with a single HTTP request.

Researchers at NSFOCUS discovered a new botnet malware family named "Gorilla," also known as "GorillaBot," which is based on leaked "Mirai" source code. Last month, NSFOCUS reported that the botnet issued over 300,000 attack commands between September 4 and 27, 2024. On average, the botnet issues 20,000 commands every day to launch Distributed Denial-of-Service (DDoS) attacks. The botnet has attacked universities, government websites, telecommunications, banks, gaming, and gambling sectors in over 100 countries. This article continues to discuss findings regarding the Gorilla botnet.

The Advanced Persistent Threat (APT) group "GoldenJackal" launched a new set of attacks on government organizations' air-gapped systems. The cyber espionage campaign, discovered by researchers at ESET, involved the use of custom toolsets to infiltrate isolated systems. ESET traced GoldenJackal back to 2019, when it attacked a South Asian embassy in Belarus. GoldenJackal used a custom toolset targeting air-gapped systems, which made it one of the earliest known examples of this type of attack.

MITRE has announced a new Artificial Intelligence (AI)-incident-sharing project that allows organizations to share intelligence regarding real-world AI-related incidents. The new initiative, developed together with over 15 companies, aims to raise community awareness and understanding of AI-enabled system threats and defenses. The project, launched as part of MITRE's Adversarial Threat Landscape for AI Systems (ATLAS) framework, enables trusted contributors to receive and share protected and anonymized data on incidents involving operational AI-enabled systems.

Due to a cyberattack, American Water, the largest publicly traded US water and wastewater utility company, had to shut down some systems. The company stated that the attack forced it to shut down MyWater, its online customer portal, and pause billing. American Water has more than 6,500 employees, providing water and wastewater services to over 14 million people in 14 states and on 18 military installations. This article continues to discuss the cyberattack faced by American Water and other recent cyberattacks that have targeted the water sector.

Permiso researchers reported that attackers conducted Large Language Model (LLM) hijacking of cloud infrastructure for generative Artificial Intelligence (AI) to run rogue chatbot services. Permiso detailed attacks targeting Amazon Bedrock environments, which support access to foundational LLMs such as Anthropic's Claude. The company set up a honeypot that showed how hijackers used stolen resources to run jailbroken chatbots. Threat actors use Amazon Web Services (AWS) access keys leaked on platforms like GitHub to communicate with Application Programming Interface (API) endpoints.

Assistant Professor and Associate PUR-1 Director Stylianos Chatzidakis and a team of researchers from Purdue University's School of Nuclear Engineering conducted a project titled "Characterizing Nuclear Cybersecurity States Using Artificial Intelligence/Machine Learning." Their final report, now an official US Nuclear Regulatory Commission (NRC) Technical Letter Report, delves into the feasibility of AI/ML technologies in characterizing cyber events within nuclear systems.

The Science and Technology Directorate (S&T), the research and development arm of the Department of Homeland Security (DHS), launches Cybersecurity Awareness Month by highlighting its research, development, testing, and evaluation efforts and partnerships. For example, S&T recently launched the "Multi-cloud Analytic Prototyping and Lab Environment" system for the Cybersecurity and Infrastructure Security Agency (CISA). This testbed offers a secure environment where users can access multiple tools through a single login.