Malware Campaign Exploits Niche Search Queries on Bengal Cats in Australia
In an unusual malware campaign, cybercriminals are targeting users searching for specific queries like "Are Bengal Cats legal in Australia?" with GootLoader malware. Sophos researchers revealed that attackers use SEO poisoning tactics to deliver malware through booby-trapped search results. The attack starts with a compromised legitimate website offering a ZIP file, leading to multi-stage malware delivery. While GootLoader's primary payload, GootKit, wasn't observed in this campaign, the incident highlights evolving malware distribution techniques.
Vulnerabilities in ML Toolkits Could Lead to Server Hijacks and Privilege Escalation
Security researchers from JFrog disclosed nearly two dozen vulnerabilities in 15 open-source machine learning toolkits, including popular frameworks like Weave, ZenML, and Deep Lake. Flaws like directory traversal, command injection, and privilege escalation pose risks of server hijacks and data breaches. One vulnerability in Weave ML scored an 8.8 CVSS rating, allowing attackers to access admin privileges. JFrog warns that exploiting these issues could severely compromise ML pipelines, datasets, and models.
Fileless Remcos RAT Malware Spreads via Excel Exploit
Researchers identified a new phishing campaign distributing fileless Remcos RAT malware. The attack begins with a malicious Excel file exploiting a 2017 Office vulnerability (CVE-2017-0199) to download an HTA payload, which evades detection using obfuscation techniques. The fileless variant of Remcos allows attackers to execute commands, steal data, and even disable user inputs remotely. Fortinet warned that the sophisticated use of anti-analysis measures makes detection challenging.
FBI Warns of Surge in Fake Emergency Data Requests by Cybercriminals
The FBI issued a warning about an uptick in fake emergency data requests (EDRs) used by cybercriminals to steal sensitive user data. Threat actors exploit compromised government email accounts to submit fraudulent EDRs to U.S. companies. The agency advises organizations to verify requests thoroughly and improve security protocols, as fake EDRs have been linked to identity theft, social engineering, and espionage attempts.
Debt Relief Firm Forth Confirms Data Breach Impacting 1.5 Million
Debt relief provider Forth disclosed a May 2024 data breach that exposed personal information of 1.5 million individuals. The compromised data includes Social Security numbers, addresses, and birthdates. Forth is offering affected individuals free identity theft protection for one year and has notified relevant authorities. The breach also affected non-customers linked to Forth's partner, Centrex Software.
D-Link Warns of Critical Vulnerability in Legacy NAS Devices
D-Link alerted users to a command injection vulnerability affecting multiple discontinued NAS models. The flaw allows remote attackers to execute arbitrary shell commands via crafted HTTP requests. With exploit code publicly available and over 61,000 devices potentially exposed online, D-Link recommends retiring the vulnerable models, as no patches are available due to end-of-life status.
Palo Alto Networks Investigates Alleged RCE Vulnerability in PAN-OS
Palo Alto Networks is urging customers to secure PAN-OS management interfaces following claims of a new remote code execution vulnerability. While no evidence of exploitation has been found, the company emphasizes best practices for securing management interfaces. This advisory comes as CISA flags a separate Palo Alto Networks vulnerability actively exploited by ransomware gangs.
Stop & Shop Parent Company Grapples with Cybersecurity Incident
Stop & Shop’s parent company, Ahold Delhaize, is investigating a cybersecurity issue affecting U.S. operations. The incident has disrupted pharmacies and e-commerce services, but stores remain operational. External cybersecurity experts and law enforcement are assisting in mitigating the problem. The company has not disclosed specifics about the nature or extent of the breach.