Video Episode: https://youtu.be/lEaBTx6FvCI In today’s episode, we dive into the alarming rise of Linux malware “perfctl,” which has stealthily targeted millions of servers for cryptomining over the past three years. We discuss the critical CVE-2024-29824 vulnerability in Ivanti Endpoint Manager, exploited for unauthorized SQL injection, and the ongoing threats posed by the North Korean APT group Stonefly, known for their intricate cybercrime tactics. Additionally, we explore the disturbing trend of cybercriminals leveraging compromised cloud credentials to operate sexualized AI chat bots, highlighting the urgent need for improved security practices. Sources: 1. https://www.bleepingcomputer.com/news/security/linux-malware-perfctl-behind-years-long-cryptomining-campaign/ 2. https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/ 3. https://www.helpnetsecurity.com/2024/10/03/private-us-companies-targeted-by-stonefly-apt/ 4. https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/ Timestamps 00:00 – Introduction 01:06 – AI powered s3x bots 03:13 – Ivanti SQL Injection 04:08 – Perfectl Linux Malware 05:33 – APT45 StoneFly Attacks US companies 1. What are today’s top cybersecurity news stories? 2. What is the Linux malware “perfctl” and how does it work? 3. How is the Ivanti Endpoint Manager flaw (CVE-2024-29824) being exploited? 4. What activities are linked to the Stonefly APT group targeting US companies? 5. How are stolen cloud credentials being used for AI-powered sex chat services? 6. What vulnerabilities does CVE-2024-29824 address and why is it critical? 7. What measures can organizations take to detect the “perfctl” malware? 8. What are the implications of the Stonefly APT’s recent attacks on private companies? 9. How did researchers demonstrate the abuse of AWS Bedrock for illegal activities? 10. What security best practices can prevent cloud credential theft and misuse? perfctl, Linux, Monero, vulnerabilities, Ivanti, SQL injection, cybersecurity, remediation, Stonefly, cyberattacks, Preft, malware, cloud credentials, AI-powered, child sexual exploitation, cybercriminals, # Intro In a shocking revelation, a stealthy Linux malware named “perfctl” has been exploiting server vulnerabilities for over three years, using advanced evasion techniques to secretly mine Monero cryptocurrency on countless systems worldwide. This elusive threat not only disrupts normal operations by maxing out CPU usage but also deftly vanishes when users log in, making detection extremely difficult for many administrators. How do adversaries exploit vulnerabilities to gain initial access to systems with the perfctl malware? Hackers are actively exploiting a critical SQL injection flaw in Ivanti Endpoint Manager, prompting US federal agencies to rush and remediate the threat by October 23, 2024. Despite Ivanti’s urgent patches, details of the attacks remain sparse, spotlighting the pressing need for effective cybersecurity measures. Why does this particular vulnerability pose such a significant risk compared to others? North Korean APT group Stonefly, undeterred by legal indictments, is intensifying its financially-motivated cyberattacks on US companies, leveraging a unique arsenal of malware and tools. Despite failed ransomware attempts, their distinctive Preft backdoor confirms their tenacity in pursuing targets with no direct intelligence value. Why has Stonefly shifted their focus from espionage to financially-driven cybercrime in recent years? A staggering rise in stolen cloud credentials is fueling an underground market of AI-powered sex chat services, with cybercriminals bypassing content filters for disturbing role-plays involving child sexual exploitation. As security researchers lay bare the chilling implications of compromised AI infrastructure, the industry scrambles for solutions to thwart this e