According to Egress, email phishing attacks increased 28 percent in the second quarter of 2024 compared to the first quarter, with attackers using effective methods to defeat defenses. Attackers often send phishing emails from familiar accounts to get around authentication protocols. From April to June 2024, 44 percent of attacks came from internally compromised accounts, with 8 percent coming from an account within the organization's supply chain. This article continues to discuss findings surrounding the surge in email phishing attacks.

Microsoft and the US government have seized more than 100 websites used by the Russian nation-state threat actor "Star Blizzard." A US court authorized Microsoft's Digital Crimes Unit (DCU) to disrupt 66 unique domains used by Star Blizzard to attack Microsoft customers. The US Department of Justice (DoJ) seized 41 more domains linked to the same actor. Star Blizzard may build new infrastructure, but the seizure of these domains will hinder its ability to influence the November US election. This article continues to discuss the disruption of Star Blizzard operations.

Sansec reports that multiple threat actors compromised over 4,000 online stores through the exploitation of a critical Adobe Commerce vulnerability named "CosmicSting." The vulnerability is an improper restriction of XML external entity reference (XXE). Adobe released a hotfix for the bug in July, warning of its exploitation in limited attacks, and the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) list.

Security researchers at Group-IB have discovered fake trading apps on Google Play and Apple's App Store that lure victims into "pig butchering" scams.  After being reported, the apps have been removed from the official Android and iOS stores after accumulating several thousand downloads.  Pig butchering is a scam where a victim is led to believe they are getting high investment returns on a fake trading platform that displays fabricated information.

Security researchers at Patchstack discovered a new vulnerability in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated attackers to inject malicious code into websites. The flaw impacts the plugin’s CSS queue generation process and affects over six million active installations. The vulnerability, tracked as CVE-2024-47374, is an unauthenticated stored XSS issue that could lead to privilege escalation or data theft. The researchers noted that it exploits the plugin’s “Vary Group” functionality, which controls cache variations based on user roles.

According to security researchers at Socura, cybersecurity is now the fastest-growing IT role in the UK, but the share of women in such positions has fallen dramatically since 2021.  The researchers claimed the number of security professionals has more than doubled since Jan-Dec 2021, from 28,500 to 65,000 in March 2024.  An increase of 128% makes it the fastest-growing of any IT-related profession over that period, followed by IT support (42%), IT trainers (33%), and IT business analysts, architects, and systems designers (33%).

Security researchers at ESET have recently identified a new China-aligned threat group named CeranaKeeper, which is targeting governmental institutions in Thailand.  This group has been active since early 2022 and leverages an evolving toolset to exfiltrate sensitive data by abusing legitimate cloud services such as Dropbox, OneDrive, and GitHub.  While some of CeranaKeeper's tools were previously attributed to the Mustang Panda group, the researchers' new analysis revealed technical differences, suggesting these are distinct entities.

Security researchers at Netcraft have warned of a new wave of investment scams attempting to cash in on public awareness of the presidential debate last month. The researchers found 24 such domains related to the debate, including 14 phishing sites using the word “debate” in their domain. Many of the websites exploit the image of Republican presidential nominee Donald Trump, tech entrepreneur and billionaire Elon Musk, or a blend of both. The researchers noted that criminals likely use these personas to add legitimacy to their crypto investment theme.