Tag: 2024-06-20

6 Attack Reports | 162 Vulnerabilities

Attack reports

RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The discovery of an espionage group leveraging Rafel in their operations was of particular significance, as it indicates the tool’s efficacy across various threat actor profi…
ransomware
android
infostealer
discord
2024-06-20
google play
rafel rat
data wipe
smartphone
2fa bypass
Published: June 20, 2024
Downloadable IOCs: 6

Fickle Stealer Distributed via Multiple Attack Chain

In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target.
vba
infostealer
rust
2024-06-20
docx
fickle stealer
pdf viewer
Published: June 20, 2024
Downloadable IOCs: 53

Sustained Campaign Using Chinese Espionage Tools Targets Telcos

Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials.
backdoor
espionage
credential theft
keylogger
2024-06-20
coolclient
quickheal
rainyday
telecommunications
responder
Published: June 20, 2024
Downloadable IOCs: 47

Attackers deploying new tactics in campaign targeting exposed Docker APIs

Datadog Security Researchers recently encountered a new campaign that targets Docker API endpoints publicly exposed without authentication, with the objective of spreading cryptojacking malware. The observed TTPs bear resemblance to those seen in Spinning YARN, another campaign discovered in March …
docker
2024-06-20
xmrig miner
compiler
yarn
docker host
spinning yarn
docker engine
mnt directory
go code
tencent
vurl
exeremo
chkstart
execstartpost
Published: June 20, 2024
Linked vulnerabilities : CVE-2023-22515, CVE-2022-26134
Downloadable IOCs: 37

Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

While monitoring data in Recorded Future Malware Intelligence, Insikt Group identified purported virtual meeting software called Vortax that, upon download and installation, delivers three information stealers (“infostealers”) in cross-platform attacks — Rhadamanthys, Stealc, and, most notably, Ato…
macos
c2
2024-06-20
Published: June 20, 2024
Downloadable IOCs: 60

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

In March 2024, researchers at the Trellix Advanced Research Center uncovered a sophisticated and evasive attack campaign targeting users in Latin America and Asia Pacific through trojanized copies of the Cisco Webex Meetings App. This campaign employed a stealthy malware loader, known as HijackLoad…
service
2024-06-20
autoit3
module
cisco webex
vt sustained
vt powershell
systems
meetings app
vt executed
pe payload
Published: June 20, 2024
Downloadable IOCs: 36
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-3605

10.0
    WP Hotel Booking plugin for WordPress
  • Version(s): up to 2.1.0
Published: June 20, 2024

CVE-2024-4742

9.8
    Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin
  • Version(s): up to 1.2.5
Published: June 20, 2024

CVE-2024-5432

9.8
    Lifeline Donation plugin for WordPress
  • Version(s): up to 1.2.6
Published: June 20, 2024

CVE-2024-4098

9.8
    Shariff Wrapper plugin for WordPress
  • Version(s): up to 4.6.13
Published: June 20, 2024

CVE-2024-6100

8.8
    Google
  • Chrome
Published: June 20, 2024

CVE-2024-6101

8.8
    Google
  • Chrome
Published: June 20, 2024

CVE-2024-6102

8.8
    Google
  • Chrome
Published: June 20, 2024

CVE-2024-6103

8.8
    Google
  • Chrome
Published: June 20, 2024

CVE-2024-3561

8.8
    Custom Field Suite plugin for WordPress
  • Version(s): up to 2.6.7
Published: June 20, 2024

CVE-2024-3562

8.8
    Custom Field Suite plugin for WordPress
  • Version(s): up to 2.6.7
Published: June 20, 2024

CVE-2024-5605

8.8
    Media Library Assistant plugin for WordPress
  • Version(s): up to 3.16
Published: June 20, 2024

CVE-2024-37532

8.8
    IBM WebSphere Application Server
  • Version(s): 8.5, 9.0
Published: June 20, 2024

CVE-2024-6189

8.8
    Tenda A301
  • Version(s): 15.13.08.12
Published: June 20, 2024

CVE-2024-6154

8.2
    Parallels Desktop
Published: June 20, 2024

CVE-2024-6147

7.8
    Poly Plantronics Hub
Published: June 20, 2024

CVE-2024-6153

7.8
    Parallels Desktop
Published: June 20, 2024

CVE-2024-5746

7.6
    GitHub Enterprise Server
  • Version(s): before 3.9.16, 3.10.0 - 3.10.13, 3.11.0 - 3.11.11, 3.12.0 - 3.12.5
Published: June 20, 2024

CVE-2024-5182

7.5
    mudler/localai
  • Version(s): 2.14.0
Published: June 20, 2024

CVE-2024-6162

7.5
    Undertow
Published: June 20, 2024

CVE-2024-6113

7.3
    Monbela Tourist Inn Online Reservation System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6190

7.3
    itsourcecode Farm Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6191

7.3
    itsourcecode Student Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6192

7.3
    Loan Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6193

7.3
    Vehicle Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6196

7.3
    itsourcecode Banking Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-3597

7.1
    Export WP Page to Static HTML/CSS plugin for WordPress
  • Version(s): up to 2.2.2
Published: June 20, 2024

CVE-2023-25646

7.1
    ZTE H388X
Published: June 20, 2024

CVE-2024-37222

7.1
    Master Slider
  • Version(s): n/a - 3.9.10
Published: June 20, 2024

CVE-2024-34693

6.8
    Apache Superset
  • Version(s): before 3.1.3, 4.0.0
Published: June 20, 2024

CVE-2023-3204

6.5
    Materialis theme for WordPress
  • Version(s): up to 1.1.24
Published: June 20, 2024

CVE-2024-4390

6.5
    Slider and Carousel slider by Depicter plugin for WordPress
  • Version(s): up to 3.0.2
Published: June 20, 2024

CVE-2024-37350

6.5
    Absolute Secure Access
  • Version(s): prior to 13.06
Published: June 20, 2024

CVE-2024-1168

6.4
    SEOPress - On-site SEO plugin for WordPress
  • Version(s): up to 7.9
Published: June 20, 2024

CVE-2024-3558

6.4
    Custom Field Suite plugin for WordPress
  • Version(s): up to 2.6.7
Published: June 20, 2024

CVE-2024-4626

6.4
    JetWidgets For Elementor plugin for WordPress
  • Version(s): up to 1.0.17
Published: June 20, 2024

CVE-2024-5686

6.4
    WPZOOM Addons for Elementor (Templates, Widgets) plugin
  • Version(s): up to 1.1.38
Published: June 20, 2024

CVE-2024-5036

6.4
    Sina Extension for Elementor plugin
  • Version(s): up to 3.5.4
Published: June 20, 2024

CVE-2024-5156

6.4
    Flatsome theme for WordPress
  • Version(s): up to 3.18.7
Published: June 20, 2024

CVE-2024-6184

6.3
    Ruijie RG-UAC
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6185

6.3
    Ruijie RG-UAC
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6186

6.3
    Ruijie RG-UAC
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6187

6.3
    Ruijie RG-UAC
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6194

6.3
    Tailoring Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-6195

6.3
    itsourcecode Tailoring Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-36071

6.3
    Samsung Magician
  • Version(s): 8.0.0
Published: June 20, 2024

CVE-2024-6177

6.1
    Lg
  • Supersign Cms
Published: June 20, 2024

CVE-2024-6178

6.1
    Lg
  • Supersign Cms
Published: June 20, 2024

CVE-2024-6179

6.1
    Lg
  • Supersign Cms
Published: June 20, 2024

CVE-2024-37183

5.7
    UNKNOWN
Published: June 20, 2024

CVE-2024-3627

5.4
    The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress
  • Version(s): up to 1.1.7
Published: June 20, 2024

CVE-2024-37897

5.4
    SFTPGo
  • Version(s): before v2.6.1
Published: June 20, 2024

CVE-2024-5213

5.3
    mintplex-labs/anything-llm
  • Version(s): up to 1.5.3
Published: June 20, 2024

CVE-2024-6188

5.3
    Parsec Automation TrackSYS
  • Version(s): 11.x.x
Published: June 20, 2024

CVE-2024-37345

5.3
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37346

4.9
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37343

4.8
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-38082

4.7
    Microsoft Edge (Chromium-based)
Published: June 20, 2024

CVE-2024-37344

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37347

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37348

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37349

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37351

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-37352

4.5
    Absolute Secure Access
  • Version(s): before 13.06
Published: June 20, 2024

CVE-2024-3602

4.3
    Promolayer plugin for WordPress
  • Version(s): up to 1.1.0
Published: June 20, 2024

CVE-2024-6183

4.3
    EZ-Suite EZ-Partner
  • Version(s): 5
Published: June 20, 2024

CVE-2024-38093

4.3
    Microsoft Edge (Chromium-based)
Published: June 20, 2024

CVE-2024-6181

3.5
    LabVantage LIMS
  • Version(s): 2017
Published: June 20, 2024

CVE-2024-6182

3.5
    LabVantage LIMS
  • Version(s): 2017
Published: June 20, 2024

CVE-2024-6176

None
    LG SuperSign CMS
  • Version(s): 4.1.3, before 4.3.1
Published: June 20, 2024

CVE-2024-4565

None
    Advanced Custom Fields (ACF) WordPress plugin
  • Version(s): before 6.3
    Advanced Custom Fields Pro WordPress plugin
  • Version(s): before 6.3
Published: June 20, 2024

CVE-2024-5475

None
    Responsive video embed WordPress plugin
  • Version(s): before 0.5.1
Published: June 20, 2024

CVE-2024-5522

None
    WordPress HTML5 Video Player plugin
  • Version(s): before 2.5.27
Published: June 20, 2024

CVE-2024-38619

None
    Linux kernel
Published: June 20, 2024

CVE-2024-38620

None
    Linux kernel
Published: June 20, 2024

CVE-2024-29012

None
    SonicOS
Published: June 20, 2024

CVE-2024-29013

None
    SonicOS SSL-VPN
Published: June 20, 2024

CVE-2021-47617

None
    Linux kernel
Published: June 20, 2024

CVE-2021-47618

None
    Linux kernel
Published: June 20, 2024

CVE-2021-47619

None
    Linux kernel
Published: June 20, 2024

CVE-2021-47620

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48711

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48712

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48713

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48714

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48715

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48716

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48717

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48718

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48719

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48720

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48721

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48722

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48723

None
    Linux kernel
Published: June 20, 2024

CVE-2024-28147

None
    edu-sharing
  • Version(s): <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19
Published: June 20, 2024

CVE-2024-5886

None
    UNKNOWN
Published: June 20, 2024

CVE-2021-4439

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48724

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48725

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48726

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48727

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48728

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48729

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48730

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48731

None
    Linux Kernel
  • Version(s): 5.15.0
Published: June 20, 2024

CVE-2022-48732

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48733

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48734

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48735

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48736

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48737

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48738

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48739

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48740

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48741

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48742

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48743

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48744

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48745

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48746

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48747

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48748

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48749

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48750

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48751

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48752

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48753

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48754

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48755

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48756

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48757

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48758

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48759

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48760

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48761

None
    Linux kernel
  • Version(s): 5.15.5
Published: June 20, 2024

CVE-2022-48762

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48763

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48764

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48765

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48766

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48767

None
    Linux Kernel
Published: June 20, 2024

CVE-2022-48768

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48769

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48770

None
    Linux kernel
Published: June 20, 2024

CVE-2022-48771

None
    Linux kernel
Published: June 20, 2024

CVE-2023-52883

None
    Linux kernel
Published: June 20, 2024

CVE-2023-49110

None
    Kiuwan SAST
Published: June 20, 2024

CVE-2023-49111

None
    Kiuwan SAST
Published: June 20, 2024

CVE-2023-49112

None
    Kiuwan SAST
Published: June 20, 2024

CVE-2023-49113

None
    Kiuwan Local Analyzer (KLA) Java scanning application
Published: June 20, 2024

CVE-2023-3353

None
    UNKNOWN
Published: June 20, 2024

CVE-2024-37676

None
    htop
  • Version(s): 2.20
Published: June 20, 2024

CVE-2022-41324

None
    Northern.tech Mender
  • Version(s): 3.3.x before 3.3.2, 3.4.x before 3.4.0
Published: June 20, 2024

CVE-2022-45929

None
    Northern.tech Mender
  • Version(s): 3.3.x before 3.3.2, 3.5.x before 3.5.0, 3.6.x before 3.6.0
Published: June 20, 2024

CVE-2024-28397

None
    js2py
  • Version(s): up to v0.74
Published: June 20, 2024

CVE-2024-33335

None
    H3C SeaSQL DWS
  • Version(s): 2.0
Published: June 20, 2024

CVE-2024-37626

None
    TOTOLINK A6000R
  • Version(s): V1.0.1-B20201211.2000
Published: June 20, 2024

CVE-2024-37674

None
    Moodle CMS
  • Version(s): 3.10
Published: June 20, 2024

CVE-2024-37699

None
    DataLife Engine
  • Version(s): v.17.1 and before
Published: June 20, 2024

CVE-2024-37818

None
    Strapi
  • Version(s): 4.24.4
Published: June 20, 2024

CVE-2024-29390

None
    Daily Expenses Management System
  • Version(s): 1.0
Published: June 20, 2024

CVE-2024-30848

None
    SilverSky E-mail service
  • Version(s): 5.0.3126
Published: June 20, 2024

CVE-2024-31586

None
    Computer Laboratory Management System
  • Version(s): 1.0
Published: June 20, 2024
Click here to see more Vulnerabilities