Discord, texts, and emails are now battlegrounds for cybercriminals, who disguise malware distribution as beta testing invites for new video games. Victims download installers for multiple info-stealers, unknowingly exposing sensitive data. Deep learning models face an emerging threat with BARWM, a backdoor method using DNN-based steganography. Cryptocurrency scams reached alarming new heights in 2024, with $494 million stolen through wallet drainer attacks. Read on for the top 10 highlights from cyberspace.
01
Cybercriminals are using fake game beta testing invitations on Discord, text messages, and emails to distribute info-stealers like Nova Stealer, Ageo Stealer, and Hexon Stealer.
02
BARWM is a new backdoor attack method for deep learning models used in mobile devices. It utilizes DNN-based steganography to create imperceptible and unique triggers for each input.
03
A newly discovered WordPress plugin called PhishWP is being used by cybercriminals to create convincing fake payment pages that steal sensitive financial and personal data.
04
A report by Certik revealed that web3 attacks resulted in a loss of $2.3 billion worth of cryptocurrency in 2024, a 31.6% increase from 2023 figures. Ethereum suffered the highest number of attacks.
05
Researchers at Socket have found malicious campaigns using Out-of-Band Application Security Testing (OAST) techniques. The attackers are leveraging OAST tools like Burp Collaborator and interact.sh.
06
Sophos addressed at least three vulnerabilities in Sophos Firewall, including CVE-2024-12727 (SQL injection), CVE-2024-12728 (weak credentials), and CVE-2024-12729 (code injection).
07
A new report noted that scammers pilfered $494 million worth of cryptocurrency in wallet drainer attacks, in 2024, marking a 67% surge over 2023 statistics.
08
The Android Security Bulletin for January 2025 reported fixes for vulnerabilities in the System, Framework, Media Framework, and hardware from Qualcomm and MediaTek.
09
The National Security Bureau of Taiwan reported a doubling of cyberattacks in 2024, with an average of 2.4 million attacks per day, with most attributed to Chinese threat actors.
10
The Indian government has released draft rules for the Digital Personal Data Protection (DPDP) Act, 2023, aimed at enhancing citizens' control over their personal data.
