Tag: 2024-06-06

15 Attack Reports | 94 Vulnerabilities

Attack reports

Malware Targets Message Queuing Services Applications

The report describes a recent campaign targeting Apache RocketMQ platforms, where attackers exploited a known vulnerability (CVE-2023-33246) to gain remote code execution on the systems. They then downloaded and executed the Muhstik malware, which provides persistence, evades detection, performs la…
evasion
cryptocurrency
vulnerability
persistence
apache
2024-06-06
irc
rocketmq
lateral
muhstik
CVE-2023-33246
Published: June 6, 2024
Linked vulnerabilities : CVE-2023-33246
Downloadable IOCs: 21

Operation ControlPlug: Targeted attack campaign using MSC files

An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involving MSC (Microsoft Common Console Document) files to initiate their malicious activities. These files, generally unfamiliar, leveraged the Console Taskpad feature to exec…
malware
stealthy
apt
plugx
campaign
2024-06-06
korplug
kaba
tvt
destroyrat
thoper
sogu
Published: June 6, 2024
Downloadable IOCs: 14

Malicious Python Script with a "Best Before" Date | Cobalt Strike Beacon

This post details analysis of a malicious Python script, which yielded a hash for a Cobalt Strike beacon.
2024-06-06
python script
cobaltstike
Published: June 6, 2024
Downloadable IOCs: 1

Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…
backdoor
supply-chain
typosquatting
2024-06-06
cobaltstrike
malicious-installer
Published: June 6, 2024
Downloadable IOCs: 11

TargetCompany’s Linux Variant Targets ESXi Environments

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…
ransomware
lockbit
execution
2024-06-06
vmware esxi
targetcompany
cloud security
vampire
Published: June 6, 2024
Downloadable IOCs: 3

DarkGate again but... Improved?

The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in version 6, the activities of its developer RastaFarEye, and an in-depth analysis of the malware's new features, execution chain, and supported commands. It highlights Dar…
obfuscation
pikabot
rat
phishing
autohotkey
darkgate
2024-06-06
Published: June 6, 2024
Downloadable IOCs: 313

Wineloader - Analysis of the Infection Chain

The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools or modules to be downloaded through an encrypted command and control channel. It starts with a phishing email luring targets with a wine tasting event invitation. Execut…
backdoor
obfuscation
wineloader
persistence
javascript
2024-06-06
sideloading
Published: June 6, 2024
Downloadable IOCs: 9

DarkCrystal RAT Cyber Attacks Targeting Government Officials in Ukraine

This intelligence document outlines targeted cyber attacks against government officials, military personnel, and defense industry representatives in Ukraine using the DarkCrystal RAT malware. The malware is distributed through the Signal messaging app, disguised as messages from existing contacts o…
rat
ukraine
cyber
2024-06-06
darkcrystal rat
darkcrystal
targeted
Published: June 6, 2024
Downloadable IOCs: 14

Operation Crimson Palace: A Technical Deep Dive

Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware executable. The hunt uncovered a complex, persistent cyberespionage campaign by Chinese state-sponsored actors targeting a high-profile government organization in Southeast As…
malware
cobalt strike
cyberespionage
lateral movement
intrusion
2024-06-06
impersoni-fake-ator
powheartbeat
credential access
pocoproxy
rudebird
phantomnet
ccoredoor
eagerbee
nupakage
Published: June 6, 2024
Downloadable IOCs: 138

RansomHub: New Ransomware with Origins in Older Knight

A rapidly emerging operation called RansomHub has rapidly grown into one of the largest ransomware threats currently active. Analysis reveals RansomHub is likely an updated and rebranded version of the older Knight ransomware, suggesting the developers bought Knight's source code after its develope…
CVE-2020-1472
2024-06-06
zerologon
ransomware-as-a-service
knight
cyclops blink
snatch
rebranded
affiliates
ransomhub
Published: June 6, 2024
Linked vulnerabilities : CVE-2020-1472
Downloadable IOCs: 14

Suspicious DNS Probing Operation Amplified

This analysis discusses a large-scale domain name system (DNS) probing operation that targets open resolvers globally. An actor operating from the China Education and Research Network is conducting these probes, sending queries with encoded IP addresses to identify and measure responses from open D…
dns
2024-06-06
reconnaissance
amplification
probing
open resolvers
Published: June 6, 2024
Downloadable IOCs: 17

Malware botnet installing NiceRAT

This report discusses a botnet that has been active since 2019, distributing various malware such as NiceRAT, Nitol, and NanoCore. The botnet is spread through disguised cracked programs, shared on domestic file-sharing sites and blogs, posing as genuine software activators or game server tools. On…
malware
botnet
2024-06-06
nitol
nanocore
nicerat
Published: June 6, 2024
Downloadable IOCs: 24

DarkGate switches up its tactics with new payload, email templates

This analysis delves into a recent surge of malicious email campaigns by the DarkGate threat actor, employing novel tactics to distribute malware. These campaigns leverage a technique called 'Remote Template Injection' to bypass security controls and deceive recipients into executing malicious code…
autohotkey
darkgate
malspam
2024-06-06
template injection
email campaigns
in-memory execution
Published: June 6, 2024
Downloadable IOCs: 12

Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors

This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to…
ransomware
coinminer
botnet
2024-06-06
rdp
phobos
havex
backdoor.oldrea
proxy
Published: June 6, 2024
Downloadable IOCs: 34

Warning Against Phishing Emails Prompting Execution of Commands via Paste

This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
phishing
powershell
darkgate
malicious
2024-06-06
emails
commands
Published: June 6, 2024
Downloadable IOCs: 15
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-5675

10.0
    Mentor - Employee Portal
Published: June 6, 2024

CVE-2024-36393

9.9
    SysAid
Published: June 6, 2024

CVE-2024-5452

9.8
    pytorch-lightning
Published: June 6, 2024

CVE-2024-3104

9.6
    anything-llm
Published: June 6, 2024

CVE-2024-5153

9.1
    Startklar Elementor Addons plugin for WordPress
Published: June 6, 2024

CVE-2024-36394

9.1
    SysAid
Published: June 6, 2024

CVE-2024-3033

9.1
    mintplex-labs/anything-llm
Published: June 6, 2024

CVE-2024-5179

8.8
    Cowidgets – Elementor Addons plugin for WordPress
    Cowidgets - Elementor Addons plugin for WordPress
Published: June 6, 2024

CVE-2024-5324

8.8
    Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress
Published: June 6, 2024

CVE-2024-5329

8.8
    Unlimited Elements For Elementor plugin
Published: June 6, 2024

CVE-2024-1879

8.8
    significant-gravitas/autogpt
Published: June 6, 2024

CVE-2024-3152

8.8
    mintplex-labs/anything-llm
Published: June 6, 2024

CVE-2024-5267

8.8
    Sonos Era 100 smart speakers
Published: June 6, 2024

CVE-2024-5269

8.8
    Sonos Era 100 Smart Speaker
Published: June 6, 2024

CVE-2024-5505

8.8
    NETGEAR ProSAFE Network Management System
Published: June 6, 2024

CVE-2024-28995

8.6
    SolarWinds Serv-U
Published: June 6, 2024

CVE-2024-4325

8.6
    gradio-app/gradio
Published: June 6, 2024

CVE-2024-36399

8.2
    Kanboard
Published: June 6, 2024

CVE-2023-6966

8.1
    Moneytizer plugin for WordPress
    The Moneytizer plugin for WordPress
Published: June 6, 2024

CVE-2023-6968

8.1
    Moneytizer plugin for WordPress
    The Moneytizer plugin for WordPress
Published: June 6, 2024

CVE-2024-4177

8.1
    GravityZone Console
Published: June 6, 2024

CVE-2024-3504

8.1
Published: June 6, 2024

CVE-2024-2914

7.8
    deepjavalibrary/djl
Published: June 6, 2024

CVE-2024-30369

7.8
    A10 Thunder ADC
Published: June 6, 2024

CVE-2024-30374

7.8
    Luxion KeyShot Viewer
Published: June 6, 2024

CVE-2024-30375

7.8
    Luxion KeyShot Viewer
Published: June 6, 2024

CVE-2024-5301

7.8
    Kofax Power PDF
Published: June 6, 2024

CVE-2024-5302

7.8
    Kofax Power PDF
Published: June 6, 2024

CVE-2024-5303

7.8
    Kofax Power PDF
Published: June 6, 2024

CVE-2024-5506

7.8
    Luxion KeyShot Viewer
Published: June 6, 2024

CVE-2024-5507

7.8
    Luxion KeyShot Viewer
Published: June 6, 2024

CVE-2024-5508

7.8
    Luxion KeyShot Viewer
Published: June 6, 2024

CVE-2024-5509

7.8
    Luxion KeyShot
Published: June 6, 2024

CVE-2024-37150

7.6
    Deno
Published: June 6, 2024

CVE-2024-35178

7.5
    Jupyter Server
Published: June 6, 2024

CVE-2024-4941

7.5
Published: June 6, 2024

CVE-2024-3049

7.4
    Booth
    Booth cluster ticket manager
Published: June 6, 2024

CVE-2024-5482

7.4
    parisneo/lollms-webui
Published: June 6, 2024

CVE-2024-30368

7.2
    A10 Thunder ADC
Published: June 6, 2024

CVE-2024-4889

7.2
    berriai/litellm application
Published: June 6, 2024

CVE-2024-4194

6.5
    WordPress Album and Image Gallery plus Lightbox plugin
    The Album and Image Gallery plus Lightbox plugin for WordPress
Published: June 6, 2024

CVE-2024-2350

6.4
    Clever Addons for Elementor plugin for WordPress
    Clever Addons for Elementor plugin
Published: June 6, 2024

CVE-2024-4705

6.4
    Testimonials Widget plugin for WordPress
Published: June 6, 2024

CVE-2024-5001

6.4
    Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress
Published: June 6, 2024

CVE-2024-5224

6.4
    WordPress Easy Social Like Box - Popup - Sidebar Widget plugin
    Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress
Published: June 6, 2024

CVE-2024-5342

6.4
    Simple Image Popup Shortcode plugin for WordPress
Published: June 6, 2024

CVE-2024-2922

6.4
    Themesflat Addons For Elementor plugin for WordPress
Published: June 6, 2024

CVE-2024-4212

6.4
    Themesflat Addons For Elementor plugin for WordPress
    Themesflat Addons For Elementor plugin
Published: June 6, 2024

CVE-2024-4364

6.4
    Qi Addons For Elementor plugin
    Qi Addons For Elementor plugin for WordPress
Published: June 6, 2024

CVE-2024-4458

6.4
    Themesflat Addons For Elementor plugin for WordPress
    Themesflat Addons For Elementor plugin
Published: June 6, 2024

CVE-2024-4459

6.4
    Themesflat Addons For Elementor plugin for WordPress
Published: June 6, 2024

CVE-2024-4608

6.4
    SellKit - Funnel builder and checkout optimizer for WooCommerce
Published: June 6, 2024

CVE-2024-4707

6.4
    Materialis Companion plugin for WordPress
Published: June 6, 2024

CVE-2024-5141

6.4
    Rotating Tweets (Twitter widget and shortcode) plugin for WordPress
Published: June 6, 2024

CVE-2024-5152

6.4
    ElementsReady Addons for Elementor plugin for WordPress
    ElementsReady Addons for Elementor
Published: June 6, 2024

CVE-2024-5161

6.4
    Magical Addons For Elementor plugin for WordPress
    Magical Addons For Elementor
Published: June 6, 2024

CVE-2024-5162

6.4
    WordPress prettyPhoto plugin for WordPress
    WordPress prettyPhoto plugin
Published: June 6, 2024

CVE-2024-5221

6.4
    Qi Blocks plugin for WordPress
Published: June 6, 2024

CVE-2024-5259

6.4
    MultiVendorX Marketplace - WooCommerce MultiVendor Marketplace Solution plugin for WordPress
Published: June 6, 2024

CVE-2024-5038

6.4
    Colibri Page Builder plugin for WordPress
Published: June 6, 2024

CVE-2024-5188

6.4
    Essential Addons for Elementor
Published: June 6, 2024

CVE-2024-5277

6.4
    Lunary
Published: June 6, 2024

CVE-2024-5684

6.3
    UNKNOWN
Published: June 6, 2024

CVE-2023-6956

6.1
    WordPress EasyAzon - Amazon Associates Affiliate Plugin
    EasyAzon - Amazon Associates Affiliate Plugin plugin for WordPress
Published: June 6, 2024

CVE-2024-5673

6.1
    Dulldusk's PHP File Manager
Published: June 6, 2024

CVE-2024-37156

6.1
    SuluFormBundle
Published: June 6, 2024

CVE-2024-2017

5.4
    Countdown, Coming Soon, Maintenance - Countdown & Clock plugin for WordPress
    Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress
Published: June 6, 2024

CVE-2024-5127

5.4
    lunary-ai/lunary
Published: June 6, 2024

CVE-2024-0910

5.3
    Restrict for Elementor plugin for WordPress
Published: June 6, 2024

CVE-2024-0972

5.3
    BuddyPress Members Only plugin for WordPress
Published: June 6, 2024

CVE-2024-1175

5.3
    WP-Recall plugin for WordPress
    WP-Recall plugin
Published: June 6, 2024

CVE-2024-5615

5.3
    Open Graph plugin for WordPress
Published: June 6, 2024

CVE-2024-37152

5.3
    Argo CD
Published: June 6, 2024

CVE-2024-5658

4.8
    Two-Factor Authentication plugin for CraftCMS
    CraftCMS plugin Two-Factor Authentication
Published: June 6, 2024

CVE-2024-4942

4.4
    Custom Dash plugin for WordPress
Published: June 6, 2024

CVE-2024-5656

4.4
    Google CSE plugin for WordPress
Published: June 6, 2024

CVE-2024-4788

4.3
    Boostify Header Footer Builder for Elementor plugin
    Boostify Header Footer Builder for Elementor plugin for WordPress
Published: June 6, 2024

CVE-2024-5449

4.3
    WP Dark Mode - WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress
    WP Dark Mode - WordPress Dark Mode Plugin
Published: June 6, 2024

CVE-2024-5665

4.3
    Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress
    WordPress Login/Signup Popup (Inline Form + WooCommerce) plugin
Published: June 6, 2024

CVE-2024-5489

4.3
    Wbcom Designs - Custom Font Uploader plugin for WordPress
Published: June 6, 2024

CVE-2024-36106

4.3
    Argo CD
Published: June 6, 2024

CVE-2024-5256

4.3
    Sonos Era 100 smart speakers
Published: June 6, 2024

CVE-2024-5268

4.3
    Sonos Era 100 smart speakers
Published: June 6, 2024

CVE-2024-5657

3.7
    CraftCMS plugin Two-Factor Authentication
Published: June 6, 2024

CVE-2024-0912

None
    Microsoft Internet Information Server (IIS)
    C•CURE 9000 Web Server
    Microsoft Internet Information Server (IIS)
Published: June 6, 2024

CVE-2024-5089

None
    UNKNOWN
Published: June 6, 2024

CVE-2024-36779

None
    Sourcecodester Stock Management System
Published: June 6, 2024

CVE-2024-34832

None
    CubeCart
Published: June 6, 2024

CVE-2024-33655

None
    DNS Servers implementing RFC 1035
Published: June 6, 2024

CVE-2024-36742

None
    OneFlow-Inc. Oneflow
Published: June 6, 2024

CVE-2024-36736

None
    OneFlow-Inc. Oneflow
Published: June 6, 2024

CVE-2024-36737

None
    Oneflow
Published: June 6, 2024

CVE-2024-36743

None
    OneFlow-Inc. Oneflow
Published: June 6, 2024

CVE-2024-36745

None
    OneFlow-Inc. Oneflow
Published: June 6, 2024
Click here to see more Vulnerabilities