Attack Reports
| Title | Published | Tags | Description | Number of indicators |
|---|---|---|---|---|
| Leveraging DNS Tunneling for Tracking and Scanning | May 13, 2024, 7:12 p.m. | This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wi… | 63 | |
| Security Brief: Millions of Messages Distribute LockBit Black Ransomware | May 13, 2024, 6:27 p.m. | In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of … | 16 | |
| GoTo Meeting loads RAT via Shellcode Loader | May 13, 2024, 9:47 a.m. | A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Rem… | 17 | |
| Romance Scams Urging Investment | May 13, 2024, 9:38 a.m. | The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cry… | 3 | |
| StopRansomware: Black Basta | May 13, 2024, 9:31 a.m. | This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant f… | 174 | |
| Threat Actors Hack YouTube Channels to Distribute Infostealers | May 10, 2024, 1:47 p.m. | This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subsc… | 13 | |
| Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack | May 10, 2024, 1:45 p.m. | The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versio… | 12 | |
| Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation | May 10, 2024, 9:06 a.m. | Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerab… | 23 | |
| Profiling Trafficers: Cerberus | May 10, 2024, 9:02 a.m. | This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specializ… | 24 | |
| New Campaigns from Scattered Spider | May 10, 2024, 8:33 a.m. | Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various… | 118 | |
| macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge | May 10, 2024, 8:31 a.m. | This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spy… | 4 | |
| Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four | May 9, 2024, 3:14 p.m. | This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat … | 34 | |
| Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin | May 9, 2024, 3:08 p.m. | A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache… | 6 | |
| Tracking the Surge in Non-PE Cyber Threats | May 9, 2024, 3:04 p.m. | This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware … | 13 | |
| APT28 campaign against Polish government institutions | May 8, 2024, 3:37 p.m. | The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which h… | 74 | |
| Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers | May 8, 2024, 1:32 p.m. | Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called… | 6 | |
| Code Emulation and Cybercrime Infrastructure Discovery | May 8, 2024, 11:18 a.m. | This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within… | 76 | |
| Stealer Distributed via Crafted Minecraft Source Pack | May 8, 2024, 11:09 a.m. | This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The … | 23 | |
| Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server | May 8, 2024, 11:05 a.m. | This report examines a malware strain distributed to web servers in South Korea that redirects users to an illegal gambling site.… | 8 | |
| RemcosRAT Distributed Using Steganography | May 8, 2024, 11:03 a.m. | Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganog… | 4 |
Vulnerabilities
| CVE | CVSS | Published | Product impacted | Tags |
|---|---|---|---|---|
| CVE-2024-4393 | 9.8 | May 8, 2024, 3:15 a.m. |  WordPress Social Connect plugin |
|
| CVE-2024-32980 | 9.1 | May 8, 2024, 3:15 p.m. | Spin |
|
| CVE-2024-2746 | 8.8 | May 8, 2024, 2:15 a.m. | dnf5 |
|
| CVE-2024-34347 | 8.3 | May 8, 2024, 3:15 p.m. | @hoppscotch/cli |
|
| CVE-2024-31156 | 8.0 | May 8, 2024, 3:15 p.m. | BIG-IP Configuration utility |
|
| CVE-2024-2860 | 7.8 | May 8, 2024, 2:15 a.m. | Brocade SANnav |
|
| CVE-2024-3507 | 7.7 | May 8, 2024, 11:15 a.m. | Lunar software |
|
| CVE-2024-1438 | 7.7 | May 8, 2024, 1:15 p.m. | PressFore Rolo Slider |
|
| CVE-2024-31270 | 7.6 | May 8, 2024, 2:15 p.m. | ARForms Form Builder |
|
| CVE-2024-1929 | 7.5 | May 8, 2024, 2:15 a.m. | dnf5daemon-server |
|
| CVE-2024-4436 | 7.5 | May 8, 2024, 9:15 a.m. | Red Hat OpenStack platform |
|
| CVE-2024-4437 | 7.5 | May 8, 2024, 9:15 a.m. | Red Hat OpenStack platform |
|
| CVE-2024-4438 | 7.5 | May 8, 2024, 9:15 a.m. | Red Hat OpenStack platform |
|
| CVE-2024-21793 | 7.5 | May 8, 2024, 3:15 p.m. | BIG-IP Next Central Manager |
|
| CVE-2024-25560 | 7.5 | May 8, 2024, 3:15 p.m. | BIG-IP AFM |
|
| CVE-2024-26026 | 7.5 | May 8, 2024, 3:15 p.m. | UNKNOWN |
|
| CVE-2024-33608 | 7.5 | May 8, 2024, 3:15 p.m. | F5 BIG-IP |
|
| CVE-2024-28883 | 7.4 | May 8, 2024, 3:15 p.m. | BIG-IP APM browser network access VPN client |
|
| CVE-2024-32049 | 7.4 | May 8, 2024, 3:15 p.m. | BIG-IP Next Central Manager |
|
| CVE-2024-22264 | 7.2 | May 8, 2024, 4:15 a.m. | VMware Avi Load Balancer |
|
| CVE-2024-34553 | 7.1 | May 8, 2024, 12:15 p.m. | Stockholm Core |
|
| CVE-2024-3951 | 7.1 | May 8, 2024, 3:15 p.m. | PTC Codebeamer |
|
| CVE-2024-33612 | 6.8 | May 8, 2024, 3:15 p.m. | BIG-IP Next Central Manager |
|
| CVE-2024-1930 | 6.5 | May 8, 2024, 2:15 a.m. | dnf5daemon-server |
|
| CVE-2024-22266 | 6.5 | May 8, 2024, 4:15 a.m. | VMware Avi Load Balancer |
|
| CVE-2023-41651 | 6.5 | May 8, 2024, 9:15 a.m. | Multi-column Tag Map |
|
| CVE-2024-34573 | 6.5 | May 8, 2024, 9:15 a.m. | Pootle Pagebuilder - WordPress Page builder |
|
| CVE-2024-34571 | 6.5 | May 8, 2024, 10:15 a.m. | ThemeGrill Himalayas |
|
| CVE-2024-34572 | 6.5 | May 8, 2024, 10:15 a.m. | Fancy Elementor Flipbox |
|
| CVE-2024-34562 | 6.5 | May 8, 2024, 11:15 a.m. | Move Addons for Elementor |
|
| CVE-2024-34563 | 6.5 | May 8, 2024, 11:15 a.m. | Gold Addons for Elementor |
|
| CVE-2024-34564 | 6.5 | May 8, 2024, 11:15 a.m. | LogicHunt Inc. Counter Up |
|
| CVE-2024-34566 | 6.5 | May 8, 2024, 11:15 a.m. | Johan van der Wijk Content Blocks (Custom Post Widget) |
|
| CVE-2024-34569 | 6.5 | May 8, 2024, 11:15 a.m. | Katie Seaborn Zotpress |
|
| CVE-2022-40218 | 6.5 | May 8, 2024, 12:15 p.m. | ThemeHunk Advance WordPress Search Plugin |
|
| CVE-2024-34414 | 6.5 | May 8, 2024, 12:15 p.m. | Nobita |
|
| CVE-2024-34547 | 6.5 | May 8, 2024, 12:15 p.m. | Magical Addons For Elementor |
|
| CVE-2024-34548 | 6.5 | May 8, 2024, 12:15 p.m. | WidgetKit |
|
| CVE-2024-32761 | 6.5 | May 8, 2024, 3:15 p.m. | F5 BIG-IP |
|
| CVE-2024-24908 | 6.5 | May 8, 2024, 4:15 p.m. | Dell PowerProtect DM5500 |
|
| CVE-2024-3494 | 6.4 | May 8, 2024, 6:15 a.m. | Mesmerize Companion plugin for WordPress |
|
| CVE-2024-4281 | 6.4 | May 8, 2024, 10:15 a.m. | WordPress Link Library plugin |
|
| CVE-2024-4653 | 6.3 | May 8, 2024, 3:15 p.m. | BlueNet Technology Clinical Browsing System |
|
| CVE-2024-4654 | 6.3 | May 8, 2024, 3:15 p.m. | UNKNOWN |
|
| CVE-2024-4418 | 6.2 | May 8, 2024, 3:15 a.m. | libvirt |
|
| CVE-2024-33604 | 6.1 | May 8, 2024, 3:15 p.m. | BIG-IP Configuration utility |
|
| CVE-2024-34574 | 5.9 | May 8, 2024, 9:15 a.m. | Wpsoul Table Maker |
|
| CVE-2024-34565 | 5.9 | May 8, 2024, 11:15 a.m. | Debug Info |
|
| CVE-2024-34568 | 5.9 | May 8, 2024, 11:15 a.m. | LetterPress |
|
| CVE-2024-34570 | 5.9 | May 8, 2024, 11:15 a.m. | Xpro Elementor Addons |
|
| CVE-2024-34546 | 5.9 | May 8, 2024, 12:15 p.m. | Sticky Social Link |
|
| CVE-2024-34558 | 5.9 | May 8, 2024, 12:15 p.m. | realmag777 WOLF |
|
| CVE-2024-34560 | 5.9 | May 8, 2024, 12:15 p.m. | gee Search Plus |
|
| CVE-2024-34561 | 5.9 | May 8, 2024, 12:15 p.m. | Real 3D FlipBook WordPress Plugin |
|
| CVE-2024-28889 | 5.9 | May 8, 2024, 3:15 p.m. | F5 BIG-IP |
|
| CVE-2024-4135 | 5.4 | May 8, 2024, 10:15 a.m. | WP Latest Posts plugin for WordPress |
|
| CVE-2024-30459 | 5.3 | May 8, 2024, 2:15 p.m. | AIpost AI WP Writer |
|
| CVE-2024-32886 | 4.9 | May 8, 2024, 2:15 p.m. | Vitess |
|
| CVE-2024-27202 | 4.7 | May 8, 2024, 3:15 p.m. | BIG-IP Configuration utility |
|
| CVE-2024-4162 | 4.4 | May 8, 2024, 3:15 a.m. | Panasonic KW Watcher |
|
| CVE-2024-28132 | 4.4 | May 8, 2024, 3:15 p.m. | UNKNOWN |
|
| CVE-2024-24833 | 4.3 | May 8, 2024, 2:15 p.m. | Happy Addons for Elementor |
|
| CVE-2024-33573 | 4.3 | May 8, 2024, 2:15 p.m. | EPROLO EPROLO Dropshipping |
|
| CVE-2024-33574 | 4.3 | May 8, 2024, 2:15 p.m. | appsbd Vitepos |
|
| CVE-2024-4233 | 4.3 | May 8, 2024, 2:15 p.m. | Print Invoice & Delivery Notes for WooCommerce |
|
| CVE-2024-4456 | 4.1 | May 8, 2024, 1:15 a.m. | Octopus Server |
|
| CVE-2024-4644 | 3.5 | May 8, 2024, 12:15 p.m. | SourceCodester Prison Management System |
|
| CVE-2024-4645 | 3.5 | May 8, 2024, 1:15 p.m. | SourceCodester Prison Management System |
|
| CVE-2024-4646 | 3.5 | May 8, 2024, 1:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4647 | 3.5 | May 8, 2024, 1:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4648 | 3.5 | May 8, 2024, 1:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4649 | 3.5 | May 8, 2024, 2:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4650 | 3.5 | May 8, 2024, 2:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4651 | 3.5 | May 8, 2024, 2:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-4652 | 3.5 | May 8, 2024, 2:15 p.m. | Campcodes Complete Web-Based School Management System |
|
| CVE-2024-28971 | 3.5 | May 8, 2024, 4:15 p.m. | Dell Update Manager Plugin |
|
| CVE-2024-22460 | 2.2 | May 8, 2024, 4:15 p.m. | Dell PowerProtect DM5500 |
|
| CVE-2024-32674 | None | May 8, 2024, 4:15 a.m. | Heateor Social Login WordPress |
|
| CVE-2024-1076 | None | May 8, 2024, 6:15 a.m. | SSL Zen WordPress plugin |
|
| CVE-2024-34255 | None | May 8, 2024, 1:15 p.m. | jizhicms |
|
| CVE-2024-25515 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25517 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25518 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25519 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25520 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25521 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25522 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25523 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25524 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25525 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-25526 | None | May 8, 2024, 3:15 p.m. | RuvarOA |
|
| CVE-2024-26579 | None | May 8, 2024, 3:15 p.m. | Apache InLong |
|
| CVE-2024-32113 | None | May 8, 2024, 3:15 p.m. | Apache OFBiz |
|
| CVE-2024-24787 | None | May 8, 2024, 4:15 p.m. | Go programming language |
|
| CVE-2024-24788 | None | May 8, 2024, 4:15 p.m. | Go programming language |
|
| CVE-2024-25527 | None | May 8, 2024, 4:15 p.m. | RuvarOA |
|
| CVE-2024-25529 | None | May 8, 2024, 4:15 p.m. | RuvarOA |
|
| CVE-2024-25530 | None | May 8, 2024, 4:15 p.m. | RuvarOA |
|
| CVE-2024-25531 | None | May 8, 2024, 4:15 p.m. | RuvarOA |
|
| CVE-2024-31961 | None | May 8, 2024, 4:15 p.m. | Sonic Shopfloor.guide |
|
| CVE-2024-25528 | None | May 8, 2024, 5:15 p.m. | RuvarOA |
|
| CVE-2024-25532 | None | May 8, 2024, 5:15 p.m. | RuvarOA |
|
| CVE-2024-25533 | None | May 8, 2024, 5:15 p.m. | RuvarOA |
|
| CVE-2024-33382 | None | May 8, 2024, 5:15 p.m. | Open5GS |
|
| CVE-2024-34244 | None | May 8, 2024, 5:15 p.m. | libmodbus |
|
| CVE-2024-34257 | None | May 8, 2024, 5:15 p.m. | TOTOLINK EX1800T |