Cybercriminals are leveraging increasingly sophisticated methods to breach defenses and exploit vulnerabilities. PXA Stealer, a Python-based malware tied to a Vietnamese-speaking threat actor, is targeting government and education sectors in Europe and Asia. At the same time, Glove Stealer is circumventing Google Chrome’s Application-Bound encryption, stealing browser cookies through deceptive social engineering tactics. In another alarming trend, the Sitting Ducks technique has enabled attackers to hijack 70,000 legitimate domains for phishing and investment fraud campaigns, exploiting trust in compromised platforms. Read on for more.
01
A new Python-based malware called PXA Stealer, linked to a Vietnamese-speaking threat actor, has been found targeting government and education entities in Europe and Asia.
02
The new Glove Stealer malware was found to bypass Google Chrome's Application-Bound encryption to steal browser cookies. The threat actors use social engineering tactics to trick victims into installing it.
03
A Chinese threat actor named SilkSpecter is running a scam using fake online stores to steal credit card information from shoppers in the U.S. and Europe. SilkSpecter operates 4,695 fake domains impersonating popular brands like North Face, Lidl, and Ikea.
04
Cybercriminals are using a technique called Sitting Ducks to take over legitimate domains and use them in phishing scams and investment fraud. Infoblox found 800,000 vulnerable domains in the last three months, with around 9% (70,000) being hijacked.
05
Dr. Web discovered eight Android apps on the Google Play Store containing a trojan called Android.FakeApp.1669 (Android/FakeApp). Over two million users downloaded these infected apps.
06
A high-severity security flaw (CVE-2024-10979) in PostgreSQL can allow unauthorized users to change environment variables and potentially execute code or expose information.
07
Unit 42 researchers discovered a group of North Korean IT workers, referred to as CL-STA-0237, involved in phishing attacks using malware-infected video conference apps, operating primarily from Laos.
08
A high-severity bug (CVE-2024-47574) in Fortinet's FortiClient VPN was discovered, allowing low-privilege users or malware to gain higher privileges, execute code, and delete logs. Another flaw (CVE-2024-50564) permitted unauthorized registry access.
09
The CISA warned about two new vulnerabilities (CVE-2024-9465 and CVE-2024-9463) in the Palo Alto Networks Expedition software, which are being actively exploited. They have been added to the KEV catalog.
10
Bitsight announced the acquisition of Cybersixgill for $115 million to enhance its cyber risk management capabilities.
