Tag: 2024-07-02

4 Attack Reports | 146 Vulnerabilities

Attack reports

ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution

This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embedded QR codes in PDF attachments redirecting victims to phishing sites. The report details the platform's features, including two-factor authentication bypass, realistic M…
phishing
credential theft
cybercrime
2024-07-02
onnx store
qrcode
caffeine
fintech
Published: July 2, 2024
Downloadable IOCs: 25

Exposing FakeBat loader: distribution methods and adversary infrastructure

During the first semester of 2024, FakeBat (aka EugenLoader, PaykLoader) was one of the most widespread loaders using the drive-by download technique. Researchers uncovered multiple FakeBat distribution campaigns leveraging malvertising, software impersonation, fake web browser updates, and social …
loader
social engineering
malvertising
fakebat
2024-07-02
drive-by download
paykloader
eugenloader
eugenfest
payk_34
Published: July 2, 2024
Downloadable IOCs: 237

Mining Gang's New Tool: k4spreader

QIanxin describes the discovery and analysis of k4spreader, a new malware installer and spreader tool developed by the 8220 mining gang. k4spreader is written in cgo and implements system persistence, self-updating, and releasing other malware like the Tsunami botnet and PwnRig miner. The tool is s…
botnet
2024-07-02
pwnrig
mining
tsunami
spreader
k4spreader
Published: July 2, 2024
Downloadable IOCs: 35

Exploiting CVE-2021-40444 to Infiltrate Systems

A recently detected attack exploited a vulnerability in Microsoft Office to deploy spyware called MerkSpy. The initial vector was a deceptive Word document posing as a job description. Opening it triggered the exploitation of CVE-2021-40444, allowing arbitrary code execution. This downloaded an HTM…
vulnerability
spyware
keylogger
2024-07-02
information theft
CVE-2021-40444
merkspy
Published: July 2, 2024
Linked vulnerabilities : CVE-2021-40444
Downloadable IOCs: 6
Click here to see more Attack Reports

Vulnerabilities

CVE-2023-41917

10.0
    Speed-Measurement feature
Published: July 2, 2024

CVE-2023-41918

10.0
    UNKNOWN
Published: July 2, 2024

CVE-2024-6172

9.8
    Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin
Published: July 2, 2024

CVE-2023-41919

9.8
    UNKNOWN
Published: July 2, 2024

CVE-2023-41920

9.8
    UNKNOWN
Published: July 2, 2024

CVE-2023-41921

9.8
    UNKNOWN
Published: July 2, 2024

CVE-2024-6439

9.8
    Home Owners Collection Management System Project
  • Home Owners Collection Management System
Published: July 2, 2024

CVE-2024-6440

9.8
    Home Owners Collection Management System Project
  • Home Owners Collection Management System
Published: July 2, 2024

CVE-2024-36404

9.8
    GeoTools
Published: July 2, 2024

CVE-2024-4708

9.8
    mySCADA myPRO
Published: July 2, 2024

CVE-2024-32755

9.1
    UNKNOWN
Published: July 2, 2024

CVE-2024-5349

8.8
    LA-Studio Element Kit for Elementor plugin for WordPress
Published: July 2, 2024

CVE-2023-41926

8.8
    UNKNOWN
Published: July 2, 2024

CVE-2024-34593

8.8
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-37479

8.5
    LA-Studio Element Kit for Elementor
Published: July 2, 2024

CVE-2024-34584

8.4
    SumenNService
Published: July 2, 2024

CVE-2024-4897

8.4
    parisneo/lollms-webui
    llama-cpp-python
Published: July 2, 2024

CVE-2024-36243

8.2
    OpenHarmony
Published: July 2, 2024

CVE-2024-36260

8.2
    OpenHarmony
Published: July 2, 2024

CVE-2024-37030

8.2
    OpenHarmony
Published: July 2, 2024

CVE-2024-37077

8.2
    OpenHarmony
Published: July 2, 2024

CVE-2024-37185

8.2
    OpenHarmony
Published: July 2, 2024

CVE-2024-4679

7.8
    Hitachi JP1/Extensible SNMP Agent for Windows
    Hitachi JP1/Extensible SNMP Agent
    Job Management Partner1/Extensible SNMP Agent
Published: July 2, 2024

CVE-2024-20888

7.8
    OneUIHome
Published: July 2, 2024

CVE-2024-20891

7.8
    Samsung SystemUI
Published: July 2, 2024

CVE-2024-34585

7.8
    UNKNOWN
Published: July 2, 2024

CVE-2024-34595

7.8
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-34122

7.8
    Acrobat for Edge
Published: July 2, 2024

CVE-2024-38519

7.8
    yt-dlp
Published: July 2, 2024

CVE-2024-4467

7.8
    QEMU
Published: July 2, 2024

CVE-2024-20895

7.7
    Dar service
Published: July 2, 2024

CVE-2024-5865

7.7
    Delinea Centrify PAS
Published: July 2, 2024

CVE-2024-4836

7.5
    Edito CMS
Published: July 2, 2024

CVE-2024-34587

7.5
    UNKNOWN
Published: July 2, 2024

CVE-2024-34596

7.5
    Samsung
  • Smartthings
Published: July 2, 2024

CVE-2023-41922

7.2
    webserver
Published: July 2, 2024

CVE-2023-41923

7.2
    UNKNOWN
Published: July 2, 2024

CVE-2024-39323

7.1
    aimeos/ai-admin-graphql
Published: July 2, 2024

CVE-2024-32756

6.8
    Linux kernel
Published: July 2, 2024

CVE-2024-32757

6.8
    UNKNOWN
Published: July 2, 2024

CVE-2024-32932

6.8
    UNKNOWN
Published: July 2, 2024

CVE-2024-32854

6.7
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-37126

6.7
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-37132

6.7
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-37133

6.7
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-37134

6.7
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-20892

6.5
    UNKNOWN
Published: July 2, 2024

CVE-2024-6438

6.5
    Hitout
  • Carsale
Published: July 2, 2024

CVE-2024-39316

6.5
    Rack
Published: July 2, 2024

CVE-2024-5938

6.4
    Boot Store theme for WordPress
Published: July 2, 2024

CVE-2024-5419

6.4
    Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress
Published: July 2, 2024

CVE-2024-1427

6.4
    The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress
Published: July 2, 2024

CVE-2024-5219

6.4
    Easy Google Maps plugin for WordPress
Published: July 2, 2024

CVE-2024-3513

6.4
    Ultimate Blocks - WordPress Blocks Plugin
Published: July 2, 2024

CVE-2024-5504

6.4
    Rife Elementor Extensions & Templates plugin for WordPress
Published: July 2, 2024

CVE-2024-5260

6.4
    Sina Extension for Elementor plugin for WordPress
Published: July 2, 2024

CVE-2024-6382

6.4
    MongoDB Rust Driver
Published: July 2, 2024

CVE-2024-6441

6.3
    ORIPA
Published: July 2, 2024

CVE-2024-6452

6.3
    linlinjava litemall
Published: July 2, 2024

CVE-2024-6453

6.3
    itsourcecode Farm Management System
Published: July 2, 2024

CVE-2024-5544

6.1
    Media Library Assistant plugin for WordPress
Published: July 2, 2024

CVE-2024-20893

6.1
    UNKNOWN
Published: July 2, 2024

CVE-2024-32852

5.9
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-20889

5.9
    BLE (Bluetooth Low Energy) module
Published: July 2, 2024

CVE-2024-20901

5.9
    libsaped
Published: July 2, 2024

CVE-2024-34586

5.9
    KnoxCustomManagerService
Published: July 2, 2024

CVE-2024-39315

5.7
    Pomerium
Published: July 2, 2024

CVE-2024-20896

5.5
    Samsung Galaxy devices
Published: July 2, 2024

CVE-2024-34594

5.5
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-39322

5.5
    aimeos/ai-admin-jsonadm
Published: July 2, 2024

CVE-2024-4268

5.4
    Dotcamp
  • Ultimate Blocks
Published: July 2, 2024

CVE-2024-6264

5.4
    Wpexpertplugins
  • Post Meta Data Manager
Published: July 2, 2024

CVE-2023-41927

5.3
    UNKNOWN
Published: July 2, 2024

CVE-2023-41928

5.3
    UNKNOWN
Published: July 2, 2024

CVE-2024-5545

5.3
    Motors – Car Dealer, Classifieds & Listing plugin for WordPress
Published: July 2, 2024

CVE-2024-20890

5.3
    BLE (Bluetooth Low Energy) for Samsung devices
Published: July 2, 2024

CVE-2024-34588

5.3
    Unknown
Published: July 2, 2024

CVE-2024-34589

5.3
    Unknown
Published: July 2, 2024

CVE-2024-34601

5.3
    Samsung
  • Galaxystore
Published: July 2, 2024

CVE-2024-6088

5.3
    Thimpress
  • Learnpress
Published: July 2, 2024

CVE-2024-6099

5.3
    Thimpress
  • Learnpress
Published: July 2, 2024

CVE-2024-39891

5.3
    Authy API
Published: July 2, 2024

CVE-2024-39325

5.3
    aimeos/ai-controller-frontend
Published: July 2, 2024

CVE-2024-2819

5.1
    Hitachi Ops Center Common Services
Published: July 2, 2024

CVE-2024-0158

5.1
    Dell BIOS
Published: July 2, 2024

CVE-2024-5866

5.0
    Delinea Centrify PAS
Published: July 2, 2024

CVE-2024-6011

4.8
    Stylemixthemes
  • Cost Calculator Builder
Published: July 2, 2024

CVE-2024-32853

4.4
    Dell PowerScale OneFS
Published: July 2, 2024

CVE-2024-39326

4.4
    SkillTree
Published: July 2, 2024

CVE-2024-38857

4.3
    Checkmk
Published: July 2, 2024

CVE-2024-20894

4.3
    Unknown
Published: July 2, 2024

CVE-2024-34590

4.3
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-34591

4.3
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-34592

4.3
    Samsung
  • Android
Published: July 2, 2024

CVE-2024-6012

4.3
    Stylemixthemes
  • Cost Calculator Builder
Published: July 2, 2024

CVE-2024-20897

4.0
    Samsung IMS service
Published: July 2, 2024

CVE-2024-20898

4.0
    SoftphoneClient in IMS service
Published: July 2, 2024

CVE-2024-20899

4.0
    Samsung IMS Service
Published: July 2, 2024

CVE-2024-20900

4.0
    MTP application
Published: July 2, 2024

CVE-2024-34583

4.0
    Samsung
Published: July 2, 2024

CVE-2024-6381

4.0
    libbson
Published: July 2, 2024

CVE-2024-39324

3.8
    aimeos/ai-admin-graphql
Published: July 2, 2024

CVE-2024-31071

3.3
    OpenHarmony
Published: July 2, 2024

CVE-2024-36278

3.3
    OpenHarmony
Published: July 2, 2024

CVE-2024-34597

3.3
    Samsung
  • Health
Published: July 2, 2024

CVE-2024-34599

3.3
    Samsung
  • Tips
    Google
Published: July 2, 2024

CVE-2024-34600

3.3
    Samsung
  • Flow
Published: July 2, 2024

CVE-2024-38537

0.0
    Fides
Published: July 2, 2024

CVE-2024-3999

None
    EazyDocs WordPress plugin
Published: July 2, 2024

CVE-2024-4627

None
    Rank Math SEO WordPress plugin
Published: July 2, 2024

CVE-2024-5606

None
    Quiz and Survey Master (QSM) WordPress plugin
Published: July 2, 2024

CVE-2024-5767

None
    WordPress Plugin sitetweet
Published: July 2, 2024

CVE-2024-39119

None
    idccms
Published: July 2, 2024

CVE-2024-39143

None
    ResidenceCMS
Published: July 2, 2024

CVE-2023-51776

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2023-51777

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2023-51778

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-22102

None
    WinDriver
Published: July 2, 2024

CVE-2024-22103

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-22104

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-22105

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-22106

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-25086

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-25087

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-25088

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-26314

None
    Jungo WinDriver
Published: July 2, 2024

CVE-2024-3826

None
    Akana
Published: July 2, 2024

CVE-2022-32147

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-32191

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-3428

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-41718

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-41726

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-41728

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-41729

None
    Go programming language
Published: July 2, 2024

CVE-2022-41730

None
    UNKNOWN
Published: July 2, 2024

CVE-2023-39324

None
    UNKNOWN
Published: July 2, 2024

CVE-2024-39206

None
    MSP360 Backup Agent
Published: July 2, 2024

CVE-2024-39894

None
    OpenSSH
Published: July 2, 2024

CVE-2024-6341

None
    UNKNOWN
Published: July 2, 2024

CVE-2022-25477

None
    Realtek RtsPer driver for PCIe Card Reader
    Realtek RtsUer driver for USB Card Reader
Published: July 2, 2024

CVE-2022-25478

None
    Realtek RtsPer driver for PCIe Card Reader
    Realtek RtsUer driver for USB Card Reader
Published: July 2, 2024

CVE-2022-25479

None
    Realtek RtsPer driver for PCIe Card Reader
    Realtek RtsUer driver for USB Card Reader
Published: July 2, 2024

CVE-2022-25480

None
    Realtek RtsPer driver for PCIe Card Reader
    Realtek RtsUer driver for USB Card Reader
Published: July 2, 2024

CVE-2022-30636

None
    Go programming language
Published: July 2, 2024

CVE-2023-24531

None
    Go programming language
Published: July 2, 2024

CVE-2024-24791

None
    UNKNOWN
Published: July 2, 2024
Click here to see more Vulnerabilities