End-f-Life (EOL) crisis hits again! D-Link advised retiring tens of thousands of internet-facing NAS devices as those would no longer receive security updates or vendor support. A security bug in these devices allows attackers to execute arbitrary commands and trigger denial of service. In another bug-related headline, Cisco fixed a critical vulnerability for its Catalyst 6000 Series Switches triggered by improper handling of process-switched traffic, potentially leading to denial of service.

AI-themed fraud campaigns continue to proliferate as digital adversaries leverage ongoing technology trends. Most recently, victims were manipulated into joining fraudulent Facebook communities to download and access malicious executables posing as upcoming AI features and services.

Top Malware Reported in the Last 24 Hours

Malicious Facebook ads steal malware

A cybercrime group was spotted promoting fake AI services like MidJourney, OpenAI's SORA, and ChatGPT-5, tricking users into downloading password-stealing malware. They do it through Facebook ads and hijacked profiles impersonating popular AI services that promise previews of new features. Information-stealing malware like Rilide, Vidar, IceRAT, and Nova targeted victims' browsers to steal credentials, cryptocurrency wallets, and other sensitive data.

APT group launches malware campaign

The Vedalia APT group deployed a new malware campaign leveraging oversized LNK files to bypass traditional security measures and compromise targeted systems. Broadcom recently highlighted this evolution in the group's tactics, revealing how the use of large LNK files with double extensions and excessive whitespace obscures malicious command lines, making detection challenging. By executing PowerShell commands, the embedded script within these files aims to evade detection and deliver payloads like CL.Downloader!gen20 and trojans.

Top Vulnerabilities Reported in the Last 24 Hours

EOL D-Link NAS models pose threats

A researcher, known as Netsecfish, disclosed a sensitive flaw, CVE-2024-3273, affecting multiple EOL D-Link NAS models, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. The flaw enables arbitrary command injection and involves a hardcoded backdoor accessible via the nas_sharing.cgi uri. Exploitation could lead to unauthorized access, system configuration changes, or denial of service. Over 92,000 Internet-facing devices were found at risk.

Cisco fixes high-severity issue in switches

Cisco resolved a high-severity vulnerability, tracked as CVE-2024-20276, in Cisco IOS Software for Catalyst 6000 Series Switches. The flaw, triggered by improper handling of process-switched traffic, could allow an unauthenticated, local attacker to force a device to reload, leading to a DoS attack. Affected products include Catalyst 6500 and 6800 Series Switches with specific supervisor engines.

Top Scams Reported in the Last 24 Hours

Social media platforms exploited for phishing

Threat actors were found abusing work-associated social media accounts in a new attack combining compromised accounts with a 2-step phishing scheme. Attackers used deceptive messages from compromised accounts to lure victims into clicking malicious links disguised as legitimate OneDrive documents, leading to account takeovers and credential theft. Threat groups, such as 3rr0r Hun73r, used this tactic aimed at stealing both personal and corporate data.

Healthcare IT helpdesks targeted by social engineering hacks

The HHS alerted the HPH sector about adversaries attempting to enroll their own devices in MFA through IT helpdesk assistance where they impersonate financial department employees. By using stolen ID verification details and feigning smartphone issues, they can gain access to corporate resources. According to experts, this modus operandi shares similarities with the Scattered Spider threat group, known for ransomware attacks on prominent organizations.