Tag: 2024-05-07

17 Attack Reports | 137 Vulnerabilities

Attack reports

Threat Actors Hack YouTube Channels to Distribute Infostealers

This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads …
lummac2
malware distribution
2024-05-05
2024-05-06
2024-05-07
2024-05-08
vidar
youtube
infostealers
compromised accounts
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 13

Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack

The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
obfuscation
rat
xmrig
persistence
2024-05-05
2024-05-06
2024-05-07
2024-05-08
purecrypter
cryptominer
3proxy
antiav
orcusrat
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 12

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed …
botnet
2024-05-05
2024-05-06
2024-05-07
2024-05-08
mirai
ivanti
CVE-2024-21887
CVE-2023-46805
2024-05-09
2024-05-10
Published: May 10, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805
Downloadable IOCs: 23

Profiling Trafficers: Cerberus

This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution o…
malware
infostealer
russia
2024-05-05
2024-05-06
2024-05-07
lumma stealer
2024-05-08
aurora stealer
redline
hacking
cybercrime
rhadamanthys stealer
casbaneiro
metamorfo
dracula stealer (samurai)
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 24

New Campaigns from Scattered Spider

Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insurance sectors. Their tactics involve creating convincing lookalike domains and login pages to lure victims into revealing cr…
phishing
social engineering
2024-05-05
2024-05-06
2024-05-07
2024-05-08
credential theft
telecom targeting
lookalike domains
2024-05-09
2024-05-10
Published: May 10, 2024
Linked vulnerabilities : CVE-2024-22024
Downloadable IOCs: 118

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques lik…
obfuscation
infostealer
persistence
macos
spyware
2024-05-05
2024-05-06
2024-05-07
2024-05-08
cuckoo stealer
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 4

Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four

This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and …
rat
evasion
persistence
remcos
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
credential theft
remote access
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 34

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code into critical WordPress files or the database, creating unauthorized admin users like 'wpsupp-user.' It exploits the vulne…
vulnerability
javascript
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
wordpress
litespeed
plugin
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 6

Tracking the Surge in Non-PE Cyber Threats

This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malici…
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
asyncrat
analysis
spam
infection chain
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 13

APT28 campaign against Polish government institutions

The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.
phishing
apt28
russia
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
government
microsoft edge
webhook
bat script
mocky
headlace
poland
campaign
Published: May 8, 2024
Downloadable IOCs: 74

Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers

Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
rootkit
windows
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
explorer
dll path
ntfs
payload dll
ime file
ioctl
ata bus
tdl4
rovnix
mebroot
tidserv
findwindow
mbr
guntior
Published: May 8, 2024
Downloadable IOCs: 6

Code Emulation and Cybercrime Infrastructure Discovery

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…
loader
ransomware
stealer
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
socgholish
matanbuchus
emulation
bulletproof
Published: May 8, 2024
Downloadable IOCs: 76

Stealer Distributed via Crafted Minecraft Source Pack

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…
stealer
persistence
anti-analysis
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
screenshots
zeus panda
minecraft
Published: May 8, 2024
Downloadable IOCs: 23

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

This report examines a malware strain distributed to web servers in South Korea that redirects users to an illegal gambling site. The threat actor installed a Meterpreter backdoor, a port forwarding tool, and an IIS module malware on a compromised web server. The IIS module inspects HTTP headers an…
korea
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
meterpreter
webserver
iismodulemalware
gamblingredirect
Published: May 8, 2024
Downloadable IOCs: 8

RemcosRAT Distributed Using Steganography

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor…
obfuscation
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
steganography
remcosrat
process-hollowing
malicious-documents
Published: May 8, 2024
Downloadable IOCs: 4

HijackLoader Updates

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…
rat
evasion
rhadamanthys
stealer
remcos
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
amadey
lumma stealer
injection
modular
racoon stealer v2
malware loader
meta stealer
Published: May 7, 2024
Downloadable IOCs: 11

LNK File Disguised as Certificate Distributing RokRAT Malware

This analysis delves into the continuous distribution of malicious shortcut files (*.LNK) targeting South Korean users, particularly those related to North Korea. These LNK files contain legitimate documents, script code, and encoded malware data. When executed, they create and run a document file …
backdoor
lnk
rokrat
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
Published: May 7, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-4186

9.8
    Build App Online plugin for WordPress
Published: May 7, 2024

CVE-2024-4345

9.8
    Startklar Elementor Addons plugin for WordPress
Published: May 7, 2024

CVE-2024-4346

9.1
    Startklar Elementor Addons plugin for WordPress
Published: May 7, 2024

CVE-2024-34346

8.4
    Deno
Published: May 7, 2024

CVE-2024-22472

8.1
    Silicon Labs 500 Series Z-Wave devices
Published: May 7, 2024

CVE-2024-27273

8.1
    IBM AIX
Published: May 7, 2024

CVE-2024-31456

7.7
    GLPI
Published: May 7, 2024

CVE-2024-4599

7.5
    LAN Messenger
Published: May 7, 2024

CVE-2024-4537

7.5
    Janto Ticketing Software
Published: May 7, 2024

CVE-2024-4538

7.5
    Janto Ticketing Software
Published: May 7, 2024

CVE-2024-32663

7.5
    Suricata
    Suricata
Published: May 7, 2024

CVE-2024-34084

7.5
    Minder
Published: May 7, 2024

CVE-2024-29207

7.5
    UniFi Connect EV Station
    UniFi Connect EV Station Pro
    UniFi Connect Display
    UniFi Connect Display Cast
    UniFi Connect Application
Published: May 7, 2024

CVE-2024-4582

7.3
    Faraday GM8181
    Faraday GM828x
Published: May 7, 2024

CVE-2024-4600

7.1
    Socomec Net Vision
Published: May 7, 2024

CVE-2024-29889

7.1
    GLPI
Published: May 7, 2024

CVE-2024-34342

7.1
    react-pdf
Published: May 7, 2024

CVE-2024-4536

6.8
    Eclipse Dataspace Components
Published: May 7, 2024

CVE-2024-20863

6.7
    HAL
Published: May 7, 2024

CVE-2024-4601

6.7
    Socomec Net Vision
Published: May 7, 2024

CVE-2024-20865

6.6
    UNKNOWN
    Samsung Bootloader
Published: May 7, 2024

CVE-2024-2913

6.5
    UNKNOWN
    mintplex-labs/anything-llm repository
Published: May 7, 2024

CVE-2024-27217

6.5
    OpenHarmony
Published: May 7, 2024

CVE-2024-3758

6.5
    OpenHarmony
    OpenHarmony
Published: May 7, 2024

CVE-2024-3759

6.5
    OpenHarmony
    OpenHarmony
Published: May 7, 2024

CVE-2024-27982

6.5
    Node.js
Published: May 7, 2024

CVE-2023-31234

6.3
    Tilda Publishing
Published: May 7, 2024

CVE-2024-4595

6.3
    SEMCMS
Published: May 7, 2024

CVE-2024-20872

6.2
    TalkbackSE
Published: May 7, 2024

CVE-2023-40694

6.2
    IBM Watson CP4D Data Stores
Published: May 7, 2024

CVE-2024-20861

6.0
    UNKNOWN
    SveService
Published: May 7, 2024

CVE-2024-20862

6.0
    Samsung SveService
Published: May 7, 2024

CVE-2024-29209

6.0
    Phish Alert Button (PAB) for Outlook
    Second Chance Client
    PIQ Client
    Phish Alert Button for Outlook
Published: May 7, 2024

CVE-2023-7240

5.8
    UNKNOWN
Published: May 7, 2024

CVE-2024-20866

5.7
    Samsung Setupwizard
    Setupwizard
Published: May 7, 2024

CVE-2024-20859

5.5
    FactoryCamera
    FactoryCamera
Published: May 7, 2024

CVE-2024-20864

5.5
    DarManagerService
    DarManagerService
Published: May 7, 2024

CVE-2024-20867

5.5
    Samsung Email
Published: May 7, 2024

CVE-2024-20869

5.5
    Samsung Internet
Published: May 7, 2024

CVE-2024-34341

5.4
    Trix editor
Published: May 7, 2024

CVE-2024-4583

5.3
    Faraday GM8181
    Faraday GM828x
Published: May 7, 2024

CVE-2024-4584

5.3
    Faraday GM8181
    Faraday GM828x
Published: May 7, 2024

CVE-2024-32664

5.3
    Suricata
    Suricata
Published: May 7, 2024

CVE-2024-32867

5.3
    Suricata
    Suricata
Published: May 7, 2024

CVE-2024-23808

5.2
    OpenHarmony
Published: May 7, 2024

CVE-2024-20870

5.1
    Galaxy Store
Published: May 7, 2024

CVE-2024-20871

4.9
    Samsung Keyboard
    Samsung Keyboard
Published: May 7, 2024

CVE-2024-20821

4.4
    Samsung Mobile Devices
    Samsung Galaxy smartphones
Published: May 7, 2024

CVE-2024-20868

4.4
    Samsung Notes
Published: May 7, 2024

CVE-2024-20856

4.3
    Samsung Secure Folder
Published: May 7, 2024

CVE-2023-6810

4.3
    ClickCease Click Fraud Protection plugin for WordPress
Published: May 7, 2024

CVE-2024-4585

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4586

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4587

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4588

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4589

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-28148

4.3
    Apache Superset
Published: May 7, 2024

CVE-2024-4590

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4591

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4592

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4593

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-4594

4.3
    DedeCMS
Published: May 7, 2024

CVE-2024-20857

4.0
    CocktailBarService
Published: May 7, 2024

CVE-2024-20858

4.0
    CocktailBarService
Published: May 7, 2024

CVE-2024-20860

4.0
    TelephonyUI
Published: May 7, 2024

CVE-2024-4596

3.7
    Kimai
Published: May 7, 2024

CVE-2024-31078

3.3
    OpenHarmony
    OpenHarmony
Published: May 7, 2024

CVE-2024-3757

3.3
    OpenHarmony
    OpenHarmony
Published: May 7, 2024

CVE-2024-29210

2.8
    Second Chance Client
    PIQ Client
    Phish Alert Button for Outlook (PAB)
    Phish Alert Button (PAB) for Outlook
    Second Chance Client
    PIQ Client
Published: May 7, 2024

CVE-2024-20855

2.4
    Samsung Multitasking framework
    Samsung multitasking framework
Published: May 7, 2024

CVE-2024-29206

2.2
    UniFi Connect EV Station
    UniFi Connect EV Station Pro
    UniFi Access G2 Reader Pro
    UniFi Access Reader Pro
    UniFi Access Intercom
    UniFi Access Intercom Viewer
    UniFi Connect Display
    UniFi Connect Display Cast
    UniFi Connect EV Station
    UniFi Connect EV Station Pro
    UniFi Access G2 Reader Pro
    UniFi Access Reader Pro
    UniFi Access Intercom
    UniFi Access Intercom Viewer
    UniFi Connect Display
    UniFi Connect Display Cast
Published: May 7, 2024

CVE-2024-29208

2.2
    UniFi Connect EV Station
    UniFi Connect EV Station Pro
    UniFi Connect Display
    UniFi Connect Display Cast
    UniFi Connect EV Station
    UniFi Connect EV Station Pro
    UniFi Connect Display
    UniFi Connect Display Cast
Published: May 7, 2024

CVE-2024-3628

None
    EasyEvent WordPress plugin
    EasyEvent WordPress plugin
Published: May 7, 2024

CVE-2023-46012

None
    LINKSYS EA7500
Published: May 7, 2024

CVE-2024-33434

None
    CHAOS
    CHAOS
Published: May 7, 2024

CVE-2024-33780

None
    MP-SPDZ
Published: May 7, 2024

CVE-2024-33781

None
    MP-SPDZ
Published: May 7, 2024

CVE-2024-33782

None
    MP-SPDZ
Published: May 7, 2024

CVE-2024-33783

None
    MP-SPDZ
Published: May 7, 2024

CVE-2024-32369

None
    HSC Cybersecurity HC Mailinspector
Published: May 7, 2024

CVE-2024-32370

None
    HSC Cybersecurity HC Mailinspector
Published: May 7, 2024

CVE-2024-32371

None
    HSC Cybersecurity HC Mailinspector
Published: May 7, 2024

CVE-2024-33120

None
    Roothub
Published: May 7, 2024

CVE-2024-33122

None
    Roothub
Published: May 7, 2024

CVE-2024-33124

None
    Roothub
Published: May 7, 2024

CVE-2024-34523

None
    AChecker
Published: May 7, 2024

CVE-2024-33139

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33144

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33146

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33748

None
    MvnRepository MS Basic
Published: May 7, 2024

CVE-2024-33856

None
    Logpoint
Published: May 7, 2024

CVE-2024-33857

None
    Logpoint
Published: May 7, 2024

CVE-2024-33858

None
    Logpoint
Published: May 7, 2024

CVE-2022-37249

None
    UNKNOWN
Published: May 7, 2024

CVE-2024-29149

None
    Alcatel-Lucent ALE NOE deskphones
    Alcatel-Lucent SIP deskphones
    Alcatel-Lucent ALE NOE deskphones
    Alcatel-Lucent SIP deskphones
Published: May 7, 2024

CVE-2024-29150

None
    Alcatel-Lucent ALE NOE deskphones
    Alcatel-Lucent SIP deskphones
    Alcatel-Lucent ALE NOE deskphones
    Alcatel-Lucent SIP deskphones
Published: May 7, 2024

CVE-2024-33147

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33148

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33149

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33153

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33155

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33161

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33164

None
    J2EEFAST
Published: May 7, 2024

CVE-2024-33859

None
    Logpoint
Published: May 7, 2024

CVE-2024-33860

None
    Logpoint
Published: May 7, 2024

CVE-2023-42757

None
    Process Explorer
Published: May 7, 2024

CVE-2024-25507

None
    RuvarOA
    RuvarOA
Published: May 7, 2024

CVE-2024-25508

None
    RuvarOA
Published: May 7, 2024

CVE-2024-25512

None
    RuvarOA
Published: May 7, 2024

CVE-2024-34397

None
    GLib
    GNOME GLib
Published: May 7, 2024

CVE-2024-34517

None
    Neo4j
Published: May 7, 2024

CVE-2024-25509

None
    RuvarOA
Published: May 7, 2024

CVE-2024-25510

None
    RuvarOA
Published: May 7, 2024

CVE-2024-25511

None
    RuvarOA
Published: May 7, 2024

CVE-2024-25513

None
    RuvarOA
Published: May 7, 2024

CVE-2024-25514

None
    RuvarOA
Published: May 7, 2024

CVE-2024-34314

None
    CmsEasy
Published: May 7, 2024

CVE-2024-34315

None
    CmsEasy
Published: May 7, 2024

CVE-2024-4558

None
    Google Chrome
Published: May 7, 2024

CVE-2024-4559

None
    Google Chrome
Published: May 7, 2024

CVE-2024-0022

None
    Android
Published: May 7, 2024

CVE-2024-0024

None
    Android
Published: May 7, 2024

CVE-2024-0025

None
    Android
Published: May 7, 2024

CVE-2024-0026

None
    Android
Published: May 7, 2024

CVE-2024-0027

None
    Android OS
Published: May 7, 2024

CVE-2024-0042

None
    Android
Published: May 7, 2024

CVE-2024-0043

None
    Android Operating System
Published: May 7, 2024

CVE-2024-23704

None
    Android
Published: May 7, 2024

CVE-2024-23705

None
    Android
Published: May 7, 2024

CVE-2024-23706

None
    Android
Published: May 7, 2024

CVE-2024-23707

None
    Android
Published: May 7, 2024

CVE-2024-23708

None
    Android
Published: May 7, 2024

CVE-2024-23709

None
    Android
Published: May 7, 2024

CVE-2024-23710

None
    Android
Published: May 7, 2024

CVE-2024-23712

None
    Android
Published: May 7, 2024

CVE-2024-23713

None
    Android
Published: May 7, 2024

CVE-2024-4030

None
    Python
Published: May 7, 2024
Click here to see more Vulnerabilities