Tag: 2024-05-23

5 Attack Reports | 119 Vulnerabilities

Attack reports

Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea

An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group has systematically targeted high-level organizations across countries in the South China Sea region. The extensive analysis spanned several years, revealing their evolvin…
malware
apt
espionage
2024-05-23
.net
dustyexfiltool
2024-05-24
unfading sea haze
silentgh0st
translucentgh0st
sharpjshandler
Published: May 24, 2024
Downloadable IOCs: 47

Operation Specter: An Active Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

An analysis reveals long-term espionage operations by a Chinese advanced persistent threat (APT) group against at least seven governmental entities across the Middle East, Africa and Asia since late 2022. The threat actor attempts to obtain sensitive and classified information about diplomatic and …
cyberespionage
2024-05-23
CVE-2021-34473
gh0st rat
moudoor
mydoor
tunnelspecter
email-exfiltration
sweetspecter
embassies
backdoors
CVE-2021-26855
geopolitics
Published: May 23, 2024
Downloadable IOCs: 28

New ransomware group abusing BitLocker

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…
ransomware
exfiltration
encryption
2024-05-23
bitlocker
trojan-ransom.vbs.bitlock.gen
trojan.vbs.sagent.gen
trojan.win32.generic
partitions
Published: May 23, 2024
Downloadable IOCs: 6

Sharp Dragon Expands Towards Africa and The Caribbean

Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponize…
espionage
cobalt strike beacon
government
cyber
2024-05-23
CVE-2023-0669
expansion
caribbean
targeting
africa
Published: May 23, 2024
Downloadable IOCs: 38

New Hijack Loader Variant: Uses Process Hollowing, Has Enhanced Anti-Evasion Capabilities

loader
rhadamanthys
2024-05-23
api hooking
hijackloader
hijack loader
yara
tracker
suricata
loader variant
has enhanced
png image
user account
april
Published: May 23, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-5168

9.8
    Prodys Quantum Audio codec
  • Version(s): 2.3.4t and below
Published: May 23, 2024

CVE-2024-5084

9.8
    Hash Form - Drag & Drop Form Builder plugin for WordPress
  • Version(s): up to 1.1.0
Published: May 23, 2024

CVE-2024-5296

9.8
    D-Link D-View
Published: May 23, 2024

CVE-2024-4662

8.8
    Oxygen Builder plugin for WordPress
  • Version(s): up to 4.8.2
Published: May 23, 2024

CVE-2024-35186

8.8
    gitoxide
  • Version(s): 0.36.0
Published: May 23, 2024

CVE-2024-4779

8.8
    Unlimited Elements For Elementor plugin for WordPress
  • Version(s): up to 1.5.107
Published: May 23, 2024

CVE-2024-34060

8.8
    IrisEVTXModule
  • Version(s): 1.0.0
Published: May 23, 2024

CVE-2024-5201

8.8
    OpenText Dimensions RM
Published: May 23, 2024

CVE-2024-5246

8.8
    NETGEAR ProSAFE Network Management System
Published: May 23, 2024

CVE-2024-5247

8.8
    NETGEAR ProSAFE Network Management System
Published: May 23, 2024

CVE-2024-5291

8.8
    D-Link DIR-2150 routers
Published: May 23, 2024

CVE-2024-5293

8.8
    D-Link DIR-2640
Published: May 23, 2024

CVE-2024-5295

8.8
    D-Link G416 Wireless Router
Published: May 23, 2024

CVE-2024-5297

8.8
    D-Link D-View
Published: May 23, 2024

CVE-2024-5298

8.8
    D-Link D-View
Published: May 23, 2024

CVE-2024-5299

8.8
    D-Link D-View
Published: May 23, 2024

CVE-2024-4978

8.4
    Justice AV Solutions Viewer Setup
  • Version(s): 8.3.7.250-1
Published: May 23, 2024

CVE-2024-26139

8.3
    OpenCTI
Published: May 23, 2024

CVE-2024-5085

8.1
    Hash Form – Drag & Drop Form Builder plugin for WordPress
  • Version(s): up to 1.1.0
Published: May 23, 2024

CVE-2024-4835

8.0
    GitLab
  • Version(s): 15.11 - 16.10.5, 16.11 - 16.11.2, 17.0
Published: May 23, 2024

CVE-2024-4471

8.0
    140+ Widgets | Best Addons For Elementor
  • Version(s): up to 1.4.3.1
Published: May 23, 2024

CVE-2024-30279

7.8
    Acrobat Reader
  • Version(s): 20.005.30574, 24.002.20736 and earlier
Published: May 23, 2024

CVE-2024-30280

7.8
    Acrobat Reader
  • Version(s): 20.005.30574, 24.002.20736 and earlier
Published: May 23, 2024

CVE-2024-5245

7.8
    NETGEAR ProSAFE Network Management System
Published: May 23, 2024

CVE-2024-5202

7.7
    OpenText Dimensions RM
Published: May 23, 2024

CVE-2024-35224

7.6
    OpenProject
  • Version(s): 14.1.0, 14.0.2, 13.4.2
Published: May 23, 2024

CVE-2024-2038

7.5
    Visual Website Collaboration, Feedback & Project Management - Atarim plugin for WordPress
  • Version(s): up to 3.22.6
Published: May 23, 2024

CVE-2024-5227

7.5
    TP-Link Omada ER605 router
Published: May 23, 2024

CVE-2024-5228

7.5
    TP-Link Omada ER605 Router
Published: May 23, 2024

CVE-2024-5242

7.5
    TP-Link Omada ER605 router
Published: May 23, 2024

CVE-2024-5243

7.5
    TP-Link Omada ER605 routers
Published: May 23, 2024

CVE-2024-5292

7.3
    D-Link Network Assistant
Published: May 23, 2024

CVE-2024-4347

7.2
    WP Fastest Cache plugin for WordPress
  • Version(s): up to 1.2.6
Published: May 23, 2024

CVE-2024-2874

6.5
    GitLab CE/EE
  • Version(s): before 16.10.6, 16.11 - 16.11.3, 17.0 - 17.0.1
Published: May 23, 2024

CVE-2024-5165

6.5
    Eclipse Ditto
  • Version(s): 3.0.0 - 3.5.5
Published: May 23, 2024

CVE-2024-3201

6.4
    WP DSGVO Tools (GDPR) plugin for WordPress
  • Version(s): up to 3.1.32
Published: May 23, 2024

CVE-2024-4486

6.4
    Awesome Contact Form7 for Elementor plugin for WordPress
  • Version(s): up to 2.9
Published: May 23, 2024

CVE-2024-4783

6.4
    jQuery T(-) Countdown Widget plugin for WordPress
  • Version(s): up to 2.3.25
Published: May 23, 2024

CVE-2024-4431

6.4
    LA-Studio Element Kit for Elementor plugin for WordPress
  • Version(s): up to 1.3.7.6
Published: May 23, 2024

CVE-2024-5177

6.4
    Hash Elements plugin for WordPress
  • Version(s): up to 1.3.8
Published: May 23, 2024

CVE-2024-3648

6.4
    ShareThis Share Buttons plugin for WordPress
  • Version(s): up to 2.3.0
Published: May 23, 2024

CVE-2024-4043

6.4
    WP Ultimate Post Grid plugin
  • Version(s): up to 3.9.1
Published: May 23, 2024

CVE-2024-4706

6.4
    WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress
  • Version(s): up to 27.2
Published: May 23, 2024

CVE-2024-2861

6.4
    ProfilePress plugin for WordPress
  • Version(s): up to 4.15.8
Published: May 23, 2024

CVE-2024-1814

6.4
    Spectra - WordPress Gutenberg Blocks plugin
  • Version(s): up to 2.12.8
Published: May 23, 2024

CVE-2024-1815

6.4
    Spectra - WordPress Gutenberg Blocks plugin
  • Version(s): up to 2.12.8
Published: May 23, 2024

CVE-2024-3997

6.4
    Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress
  • Version(s): up to 3.14.1
Published: May 23, 2024

CVE-2024-4378

6.4
    Premium Addons for Elementor plugin for WordPress
  • Version(s): up to 4.10.30
Published: May 23, 2024

CVE-2024-4575

6.4
    LayerSlider plugin for WordPress
  • Version(s): 7.11.0
Published: May 23, 2024

CVE-2024-4365

6.4
    Advanced iFrame plugin for WordPress
  • Version(s): up to 2024.3
Published: May 23, 2024

CVE-2024-5231

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5232

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5233

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5234

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5235

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5236

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5237

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5238

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5239

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5240

6.3
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-5264

5.9
    Thales Luna EFT
  • Version(s): 2.1, above
Published: May 23, 2024

CVE-2024-35222

5.9
    Tauri
  • Version(s): 1.0 - 1.6.6, 2.0.0-beta.0 - 2.0.0-beta.18
Published: May 23, 2024

CVE-2023-7045

5.4
    GitLab CE/EE
  • Version(s): 13.11 - 16.10.5, 16.11 - 16.11.2, 17.0 - 17.0.0
Published: May 23, 2024

CVE-2024-35197

5.4
    gitoxide
Published: May 23, 2024

CVE-2024-1855

5.3
    WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress
  • Version(s): up to 2.2.23
Published: May 23, 2024

CVE-2024-5230

5.3
    EnvaySoft FleetCart
  • Version(s): up to 4.1.1
Published: May 23, 2024

CVE-2023-6325

5.3
    RomethemeForm For Elementor plugin for WordPress
  • Version(s): up to 1.1.5
Published: May 23, 2024

CVE-2024-35223

5.3
    Dapr
  • Version(s): 1.0 - 1.13.2
Published: May 23, 2024

CVE-2024-28188

5.3
    Jupyter Scheduler
  • Version(s): 1.1.6, 1.2.1, 1.8.2, 2.5.2
Published: May 23, 2024

CVE-2023-6844

5.0
    WordPress iframe plugin
  • Version(s): up to 5.0
Published: May 23, 2024

CVE-2024-5244

5.0
    TP-Link Omada ER605 routers
Published: May 23, 2024

CVE-2024-4895

4.7
    wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin
  • Version(s): up to 3.4.2.12
Published: May 23, 2024

CVE-2024-5241

4.7
    Huashi Private Cloud CDN Live Streaming Acceleration Server
  • Version(s): up to 20240520
Published: May 23, 2024

CVE-2024-3065

4.4
    PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress
  • Version(s): up to 1.7
Published: May 23, 2024

CVE-2024-5258

4.4
    GitLab
  • Version(s): 16.10 - 16.10.6, 16.11 - 16.11.3, 17.0 - 17.0.1
Published: May 23, 2024

CVE-2024-3626

4.3
    Email Subscribers by Icegram Express WordPress plugin
  • Version(s): up to 5.7.17
Published: May 23, 2024

CVE-2024-3711

4.3
    Brizy - Page Builder plugin for WordPress
  • Version(s): up to 2.4.43
Published: May 23, 2024

CVE-2023-6502

4.3
    GitLab CE/EE
  • Version(s): < 16.10.6, 16.11 - 16.11.3, 17.0 - 17.0.1
Published: May 23, 2024

CVE-2024-1947

4.3
    GitLab CE/EE
  • Version(s): 13.2.4 - 16.10.6, 16.11 - 16.11.3, 17.0 - 17.0.1
Published: May 23, 2024

CVE-2024-1803

4.3
    EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress
  • Version(s): up to 3.9.12
Published: May 23, 2024

CVE-2024-5294

4.3
    D-Link DIR-3040 router
Published: May 23, 2024

CVE-2024-32969

2.7
    vantage6
  • Version(s): 4.5.0rc3
Published: May 23, 2024

CVE-2024-3708

None
    lighttpd
  • Version(s): before 1.4.51
Published: May 23, 2024

CVE-2024-2220

None
    Button contact VR WordPress plugin
  • Version(s): up to 4.7
Published: May 23, 2024

CVE-2024-3594

None
    IDonate WordPress plugin
  • Version(s): through 1.9.0
Published: May 23, 2024

CVE-2024-3917

None
    Pet Manager WordPress plugin
  • Version(s): 1.0, 1.1, 1.2, 1.3, 1.4
Published: May 23, 2024

CVE-2024-3918

None
    Pet Manager WordPress plugin
  • Version(s): 1.0, 1.1, 1.2, 1.3, 1.4
Published: May 23, 2024

CVE-2024-3920

None
    Flattr WordPress plugin
  • Version(s): through 1.2.2
Published: May 23, 2024

CVE-2024-4388

None
    UNKNOWN
Published: May 23, 2024

CVE-2024-4399

None
    UNKNOWN
Published: May 23, 2024

CVE-2024-36011

None
    Linux kernel
Published: May 23, 2024

CVE-2024-36012

None
    Linux kernel
Published: May 23, 2024

CVE-2024-36013

None
    Linux kernel
Published: May 23, 2024

CVE-2023-4859

None
    UNKNOWN
Published: May 23, 2024

CVE-2024-2301

None
    HP LaserJet Pro devices
Published: May 23, 2024

CVE-2024-34927

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34928

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34929

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34930

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34931

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34932

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34933

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34934

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34935

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-34936

None
    Campcodes Complete Web-Based School Management System
  • Version(s): 1.0
Published: May 23, 2024

CVE-2024-35081

None
    LuckyFrameWeb
  • Version(s): 3.5.2
Published: May 23, 2024

CVE-2024-35082

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35083

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35084

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35085

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35086

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35090

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-35091

None
    J2EEFAST
  • Version(s): 2.7.0
Published: May 23, 2024

CVE-2024-5143

None
    UNKNOWN
Published: May 23, 2024

CVE-2024-31843

None
    Italtel Embrace
  • Version(s): 1.6.4
Published: May 23, 2024

CVE-2024-35079

None
    inxedu
  • Version(s): v2024.4
Published: May 23, 2024

CVE-2024-35080

None
    inxedu
  • Version(s): 2024.4
Published: May 23, 2024

CVE-2024-35375

None
    DedeCMS
  • Version(s): 5.7.114
Published: May 23, 2024

CVE-2024-35570

None
    inxedu
  • Version(s): 2.0.6
Published: May 23, 2024
Click here to see more Vulnerabilities