Vietnamese organizations are facing a stealthy malware campaign that employs a dual injection technique, allowing threat actors to bypass Chrome’s app-bound encryption. In a new twist on eCommerce fraud, researchers identified a credit card skimming campaign that hijacks Google Tag Manager to steal payment data. Attackers injected malicious scripts into a Magento-based website, allowing them to intercept and exfiltrate customer credit card details during checkout. Cybercriminals are stepping up their Bitcoin scam tactics. This VidScam involves sending small .3gp video files that trick recipients into joining WhatsApp groups, where fraudsters push fake investment opportunities. Here are the top 10 highlights from the past 24 hours.
01
Cyble spotted a dual injection technique wherein a malware targeting Vietnamese organizations uses a ZIP file containing disguised LNK and XML files and can bypass Chrome’s app-bound encryption.
02
Sucuri identified a cybersecurity incident involving credit card data theft from a Magento-based eCommerce website and traced the malware to a Google Tag Manager (GTM) script.
03
Trend Micro researchers uncovered an SEO manipulation campaign using BadIIS malware targeting Asian countries. The campaign is likely financially motivated, redirecting users to illegal gambling websites.
04
Microsoft warned of attackers using publicly available ASP.NET machine keys in ViewState code injection attacks to deploy malware on web servers. Over 3,000 publicly disclosed keys have been identified.
05
GreenSpot APT group is running a phishing campaign targeting users of 163[.]com, a popular email service in China. They created fake domains like mail[.]ll63[.]net and mail[.]eco163[.]com to steal login information.
06
Attackers are now using video attachments in MMS to promote Bitcoin scams, evolving from static image-based tactics. The scam involves small .3gp video files that lure recipients to WhatsApp groups.
07
CISA warned U.S. federal agencies about ongoing attacks exploiting a critical Microsoft Outlook vulnerability (CVE-2024-21413) that allows remote code execution.
08
The U.K's new Cyber Monitoring Centre has been launched, which aims to measure and categorize cyber incidents using a scale similar to those used for physical events like earthquakes and hurricanes.
09
Hackers are exploiting vulnerabilities in SimpleHelp RMM clients to create admin accounts and install backdoors, potentially preparing for ransomware attacks.
10
Astra Security closed a $2.7 million growth funding round led by Emergent Ventures, with participation from Better Capital, Blume Ventures, and others.
