Tag : 2024-05-31

8 attack reports | 81 vulnerabilities

Attack Reports

Title	Published	Tags	Description	Number of indicators
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks	May 31, 2024, 2:27 p.m.	trojan banking 2024-05-31 brazil keylogging overlay access_pc_client.dll carnavalheist	Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan dubbed 'CarnavalHeist'. The…	61
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns	May 31, 2024, 2:17 p.m.	headlace 2024-05-31 bluedelta	Throughout the three phases, BlueDelta used phishing emails, legitimate internet services LIS, and living off-the-land binaries L…	30
Threat Intelligence Alert: Merry-Go-Round Conceals Ads from Users and Brands	May 31, 2024, 1:45 p.m.	2024-05-31 click hijacking	HUMAN's Satori Threat Intelligence and Research Team uncovered an ad cloaking operation, dubbed 'Merry-Go-Round', which involves …	13
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit	May 31, 2024, 1:41 p.m.	cryptominer 2024-05-31 ssl-vpns	Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto P…	10
Chat Messenger voting topics - a new way to steal accounts is gaining momentum	May 31, 2024, 1:24 p.m.	phishing credential harvesting 2024-05-31	The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaini…	230
Active exploitation of stored XSS vulnerabilities in WordPress Plugins	May 31, 2024, 12:23 p.m.	CVE-2023-6961 wordpress 2024-05-31 xss CVE-2023-40000 CVE-2024-2194	Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popula…	28
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America	May 31, 2024, 12:22 p.m.	trojan banking 2024-05-31 brazil allakore azure allasenha stealing credential	Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank a…	61
Disrupting FlyingYeti's campaign targeting Ukraine	May 31, 2024, 12:19 p.m.	malware phishing russia ukraine 2024-05-31 CVE-2023-38831 cookbox	This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus…	8

» Click here to see all Attack Reports «

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-23692	9.8	May 31, 2024, 10:15 a.m.	Rejetto HTTP File Server	disclosure@vulncheck.com CWE-1336 2024-05-31 CVE-2024-23692
CVE-2024-36108	9.8	May 31, 2024, 3:15 p.m.	casgate	security-advisories@github.com CWE-285 2024-05-31 CVE-2024-36108
CVE-2024-29822	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29822
CVE-2024-29823	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29823
CVE-2024-29824	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29824
CVE-2024-29825	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29825
CVE-2024-29826	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29826
CVE-2024-29827	9.6	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29827
CVE-2024-5345	8.8	May 31, 2024, 3:15 a.m.	Responsive Owl Carousel for Elementor plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-5345
CVE-2024-5523	8.8	May 31, 2024, 8:15 a.m.	Astrotalks	CWE-89 cve-coordination@incibe.es 2024-05-31 CVE-2024-5523
CVE-2024-22059	8.8	May 31, 2024, 6:15 p.m.	Ivanti Neurons for ITSM	support@hackerone.com 2024-05-31 CVE-2024-22059
CVE-2024-22060	8.7	May 31, 2024, 6:15 p.m.	Ivanti Neurons for ITSM	support@hackerone.com 2024-05-31 CVE-2024-22060
CVE-2024-35142	8.4	May 31, 2024, 5:15 p.m.	IBM Security Verify Access Docker	psirt@us.ibm.com CWE-250 2024-05-31 CVE-2024-35142
CVE-2024-29828	8.4	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29828
CVE-2024-29829	8.4	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29829
CVE-2024-29830	8.4	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29830
CVE-2024-29846	8.4	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-29846
CVE-2024-5525	8.3	May 31, 2024, 8:15 a.m.	Astrotalks	CWE-269 cve-coordination@incibe.es 2024-05-31 CVE-2024-5525
CVE-2023-38551	8.2	May 31, 2024, 6:15 p.m.	Ivanti Connect Secure	support@hackerone.com 2024-05-31 CVE-2023-38551
CVE-2024-5565	8.1	May 31, 2024, 3:15 p.m.	Vanna library	reefs@jfrog.com 2024-05-31 CVE-2024-5565
CVE-2024-36120	8.1	May 31, 2024, 5:15 p.m.	javascript-deobfuscator	security-advisories@github.com CWE-94 2024-05-31 CVE-2024-36120
CVE-2023-38042	7.8	May 31, 2024, 6:15 p.m.	Ivanti Secure Access Client for Windows	support@hackerone.com 2024-05-31 CVE-2023-38042
CVE-2024-22058	7.8	May 31, 2024, 6:15 p.m.	Ivanti EPM	support@hackerone.com 2024-05-31 CVE-2024-22058
CVE-2024-35140	7.7	May 31, 2024, 5:15 p.m.	IBM Security Verify Access Docker	psirt@us.ibm.com CWE-295 2024-05-31 CVE-2024-35140
CVE-2024-5564	7.4	May 31, 2024, 7:15 p.m.	NetworkManager	secalert@redhat.com CWE-120 2024-05-31 CVE-2024-5564
CVE-2023-46810	7.3	May 31, 2024, 6:15 p.m.	Ivanti Secure Access Client for Linux	support@hackerone.com 2024-05-31 CVE-2023-46810
CVE-2024-2793	7.2	May 31, 2024, 5:15 a.m.	Atarim plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-2793
CVE-2024-29848	7.2	May 31, 2024, 6:15 p.m.	Ivanti Avalanche	support@hackerone.com 2024-05-31 CVE-2024-29848
CVE-2024-5418	6.4	May 31, 2024, 3:15 a.m.	DethemeKit For Elementor plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-5418
CVE-2024-4376	6.4	May 31, 2024, 6:15 a.m.	Premium Addons for Elementor plugin	security@wordfence.com 2024-05-31 CVE-2024-4376
CVE-2024-5427	6.4	May 31, 2024, 7:15 a.m.	WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-5427
CVE-2024-4160	6.4	May 31, 2024, 10:15 a.m.	WordPress Download Manager plugin	security@wordfence.com 2024-05-31 CVE-2024-4160
CVE-2024-5041	6.4	May 31, 2024, 10:15 a.m.	Happy Addons for Elementor plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-5041
CVE-2024-5347	6.4	May 31, 2024, 10:15 a.m.	Happy Addons for Elementor plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2024-5347
CVE-2024-31908	6.4	May 31, 2024, 1:15 p.m.	IBM Planning Analytics Local	CWE-79 psirt@us.ibm.com 2024-05-31 CVE-2024-31908
CVE-2023-7073	6.4	May 31, 2024, 3:15 p.m.	Auto Featured Image (Auto Post Thumbnail) plugin for WordPress	security@wordfence.com 2024-05-31 CVE-2023-7073
CVE-2024-4379	5.4	May 31, 2024, 6:15 a.m.	Premium Addons for Elementor plugin	security@wordfence.com 2024-05-31 CVE-2024-4379
CVE-2024-31889	5.4	May 31, 2024, 1:15 p.m.	IBM Planning Analytics Local	CWE-79 psirt@us.ibm.com 2024-05-31 CVE-2024-31889
CVE-2024-31907	5.4	May 31, 2024, 1:15 p.m.	IBM Planning Analytics Local	CWE-79 psirt@us.ibm.com 2024-05-31 CVE-2024-31907
CVE-2024-5524	5.3	May 31, 2024, 8:15 a.m.	Astrotalks	CWE-200 cve-coordination@incibe.es 2024-05-31 CVE-2024-5524
CVE-2024-4205	4.3	May 31, 2024, 6:15 a.m.	Premium Addons for Elementor plugin	security@wordfence.com 2024-05-31 CVE-2024-4205
CVE-2024-22338	4.0	May 31, 2024, 11:15 a.m.	IBM Security Verify Access OIDC Provider	CWE-20 psirt@us.ibm.com 2024-05-31 CVE-2024-22338
CVE-2024-35196	2.0	May 31, 2024, 6:15 p.m.	Sentry	security-advisories@github.com CWE-532 2024-05-31 CVE-2024-35196
CVE-2024-37017	None	May 31, 2024, 12:15 a.m.	asdcplib (AS-DCP Lib)	cve@mitre.org 2024-05-31 CVE-2024-37017
CVE-2024-37018	None	May 31, 2024, 1:15 a.m.	OpenDaylight	cve@mitre.org 2024-05-31 CVE-2024-37018
CVE-2024-32850	None	May 31, 2024, 2:15 a.m.	SkyBridge MB-A100/MB-A110 firmware	vultures@jpcert.or.jp 2024-05-31 CVE-2024-32850
CVE-2024-37032	None	May 31, 2024, 4:15 a.m.	Ollama	cve@mitre.org 2024-05-31 CVE-2024-37032
CVE-2024-23847	None	May 31, 2024, 6:15 a.m.	Unifier and Unifier Cast	vultures@jpcert.or.jp 2024-05-31 CVE-2024-23847
CVE-2024-36246	None	May 31, 2024, 6:15 a.m.	Unifier	vultures@jpcert.or.jp 2024-05-31 CVE-2024-36246
CVE-2024-4469	None	May 31, 2024, 6:15 a.m.	WP STAGING WordPress Backup Plugin	contact@wpscan.com 2024-05-31 CVE-2024-4469
CVE-2024-5436	None	May 31, 2024, 9:15 a.m.	Snapchat LensCore	cve-coordination@google.com 2024-05-31 CVE-2024-5436 CWE-704
CVE-2024-5484	None	May 31, 2024, 11:15 a.m.	UNKNOWN	security@huntr.dev 2024-05-31 CVE-2024-5484
CVE-2024-5538	None	May 31, 2024, 11:15 a.m.	UNKNOWN	security@huntr.dev 2024-05-31 CVE-2024-5538
CVE-2024-1980	None	May 31, 2024, 3:15 p.m.	UNKNOWN	security@wordfence.com 2024-05-31 CVE-2024-1980
CVE-2022-25037	None	May 31, 2024, 4:15 p.m.	wanEditor	cve@mitre.org 2024-05-31 CVE-2022-25037
CVE-2022-25038	None	May 31, 2024, 4:15 p.m.	wanEditor	cve@mitre.org 2024-05-31 CVE-2022-25038
CVE-2024-28736	None	May 31, 2024, 4:15 p.m.	Debezium Community debezium-ui	cve@mitre.org 2024-05-31 CVE-2024-28736
CVE-2021-44534	None	May 31, 2024, 6:15 p.m.	UNKNOWN	support@hackerone.com 2024-05-31 CVE-2021-44534
CVE-2024-1275	None	May 31, 2024, 6:15 p.m.	Welch Ally Connex Spot Monitor	2024-05-31 CVE-2024-1275 productsecurity@baxter.com CWE-1394
CVE-2024-31030	None	May 31, 2024, 6:15 p.m.	FreeCoAP	cve@mitre.org 2024-05-31 CVE-2024-31030
CVE-2024-5144	None	May 31, 2024, 6:15 p.m.	UNKNOWN	security@wordfence.com 2024-05-31 CVE-2024-5144
CVE-2024-5176	None	May 31, 2024, 6:15 p.m.	Welch Allyn Configuration Tool	CWE-522 2024-05-31 productsecurity@baxter.com CVE-2024-5176
CVE-2024-23316	None	May 31, 2024, 7:15 p.m.	Ping Identity PingAccess	CWE-444 2024-05-31 CVE-2024-23316 responsible-disclosure@pingidentity.com
CVE-2024-33996	None	May 31, 2024, 8:15 p.m.	Calendar Web Service	CWE-20 patrick@puiterwijk.org 2024-05-31 CVE-2024-33996
CVE-2024-33997	None	May 31, 2024, 8:15 p.m.	Unknown	CWE-79 patrick@puiterwijk.org 2024-05-31 CVE-2024-33997
CVE-2024-33998	None	May 31, 2024, 8:15 p.m.	UNKNOWN	CWE-79 patrick@puiterwijk.org 2024-05-31 CVE-2024-33998
CVE-2024-33999	None	May 31, 2024, 8:15 p.m.	UNKNOWN	CWE-20 patrick@puiterwijk.org 2024-05-31 CVE-2024-33999
CVE-2024-34000	None	May 31, 2024, 8:15 p.m.	UNKNOWN	CWE-79 patrick@puiterwijk.org 2024-05-31 CVE-2024-34000
CVE-2024-34001	None	May 31, 2024, 8:15 p.m.	Unknown	CWE-352 patrick@puiterwijk.org 2024-05-31 CVE-2024-34001
CVE-2024-36843	None	May 31, 2024, 8:15 p.m.	libmodbus	cve@mitre.org 2024-05-31 CVE-2024-36843
CVE-2024-36844	None	May 31, 2024, 8:15 p.m.	libmodbus	cve@mitre.org 2024-05-31 CVE-2024-36844
CVE-2024-36845	None	May 31, 2024, 8:15 p.m.	libmodbus	cve@mitre.org 2024-05-31 CVE-2024-36845
CVE-2024-34002	None	May 31, 2024, 9:15 p.m.	Moodle	CWE-200 patrick@puiterwijk.org 2024-05-31 CVE-2024-34002
CVE-2024-34003	None	May 31, 2024, 9:15 p.m.	Moodle	CWE-200 patrick@puiterwijk.org 2024-05-31 CVE-2024-34003
CVE-2024-34004	None	May 31, 2024, 9:15 p.m.	Moodle	CWE-200 patrick@puiterwijk.org 2024-05-31 CVE-2024-34004
CVE-2024-34005	None	May 31, 2024, 9:15 p.m.	Moodle	CWE-200 patrick@puiterwijk.org 2024-05-31 CVE-2024-34005
CVE-2024-34006	None	May 31, 2024, 9:15 p.m.	UNKNOWN	patrick@puiterwijk.org 2024-05-31 CVE-2024-34006 CWE-838
CVE-2024-34007	None	May 31, 2024, 9:15 p.m.	MFA	CWE-352 patrick@puiterwijk.org 2024-05-31 CVE-2024-34007
CVE-2024-34008	None	May 31, 2024, 9:15 p.m.	UNKNOWN	CWE-352 patrick@puiterwijk.org 2024-05-31 CVE-2024-34008
CVE-2024-34009	None	May 31, 2024, 9:15 p.m.	UNKNOWN	CWE-20 patrick@puiterwijk.org 2024-05-31 CVE-2024-34009
CVE-2024-5138	None	May 31, 2024, 9:15 p.m.	Ubuntu snapd	security@ubuntu.com 2024-05-31 CVE-2024-5138

» Click here to see all Vulnerabilities «