Tag: 2024-07-04

3 Attack Reports | 39 Vulnerabilities

Attack reports

Mekotio Banking Trojan Threatens Financial Systems in Latin America

The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs c…
credential theft
banking trojan
2024-07-04
mekotio
Published: July 4, 2024
Downloadable IOCs: 15

Mallox Ransomware: Linux Variant Decryptor Found

The report analyzes the Mallox ransomware, which has been active since mid-2021 and focuses on multi-extortion by encrypting victims' data and threatening to post it on public TOR sites. Initially targeting Windows systems, Mallox has now developed Linux variants using custom Python scripts for pay…
ransomware
encryption
mallox
targetcompany
2024-07-04
fargo
cyber-extortion
mawahelper
Published: July 4, 2024
Downloadable IOCs: 5

Dissecting GootLoader With Node.js

This article demonstrates how to circumvent anti-analysis techniques employed by GootLoader malware while utilizing Node.js debugging in Visual Studio Code. GootLoader JavaScript files employ an evasion technique that can pose a formidable challenge for sandboxes attempting to analyze the malware. …
evasion
anti-analysis
javascript
gootloader
2024-07-04
deobfuscation
Published: July 4, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-39930

9.9
    Gogs
  • Version(s): 0.0.1 - 0.13.0
Published: July 4, 2024

CVE-2024-39931

9.9
    Gogs
  • Version(s): 0.13.0
Published: July 4, 2024

CVE-2024-39932

9.9
    Gogs
  • Version(s): 0.13.0 and prior
Published: July 4, 2024

CVE-2024-39943

9.9
    rejetto HFS (HTTP File Server)
  • Version(s): 3 before 0.52.10
Published: July 4, 2024

CVE-2024-2385

8.8
    Elementor Addons by Livemesh plugin for WordPress
  • Version(s): up to 8.3.7
Published: July 4, 2024

CVE-2024-3904

8.8
    Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW
  • Version(s): 05, 06, 07
Published: July 4, 2024

CVE-2024-6318

8.8
    WordPress IMGspider plugin
  • Version(s): up to 2.3.10
Published: July 4, 2024

CVE-2024-6319

8.8
    IMGspider plugin for WordPress
  • Version(s): up to 2.3.10
Published: July 4, 2024

CVE-2024-5943

8.8
    Nested Pages plugin for WordPress
  • Version(s): up to 3.2.7
Published: July 4, 2024

CVE-2024-39936

8.6
    Qt
  • Version(s): before 5.15.18, before 6.2.13, 6.3.x - 6.5.7, 6.6.x - 6.7.3
Published: July 4, 2024

CVE-2024-39937

8.6
    supOS
  • Version(s): 5.0
Published: July 4, 2024

CVE-2024-6506

8.2
    MRW plugin
  • Version(s): 5.4.3
Published: July 4, 2024

CVE-2024-6507

8.1
    UNKNOWN
Published: July 4, 2024

CVE-2024-39934

7.8
    Robotmk
  • Version(s): before 2.0.1
Published: July 4, 2024

CVE-2024-39933

7.7
    Gogs
  • Version(s): up to 0.13.0
Published: July 4, 2024

CVE-2024-37471

7.1
    Woffice Core
  • Version(s): n/a, 5.4.8
Published: July 4, 2024

CVE-2024-37472

7.1
    WofficeIO Woffice
  • Version(s): from n/a through 5.4.8
Published: July 4, 2024

CVE-2024-1182

7.0
    GENESIS64
  • Version(s): all versions
    MC Works64
  • Version(s): all versions
Published: July 4, 2024

CVE-2024-1574

6.7
    Mitsubishi Electric MC Works64
    ICONICS GENESIS64
  • Version(s): 10.97 - 10.97.2
    Mitsubishi Electric GENESIS64
  • Version(s): 10.97 - 10.97.2
Published: July 4, 2024

CVE-2024-37476

6.5
    Automattic Newspack Campaigns
  • Version(s): n/a - 2.31.1
Published: July 4, 2024

CVE-2024-37474

6.5
    Newspack Ads
  • Version(s): n/a - 1.47.1
Published: July 4, 2024

CVE-2024-2926

6.4
    Elementor Addons by Livemesh plugin for WordPress
  • Version(s): up to 8.3.7
Published: July 4, 2024

CVE-2024-3638

6.4
    Elementor Addons by Livemesh plugin for WordPress
  • Version(s): before 8.3.8
Published: July 4, 2024

CVE-2024-3639

6.4
    Elementor Addons by Livemesh plugin for WordPress
  • Version(s): up to 8.3.7
Published: July 4, 2024

CVE-2024-5641

6.4
    One Click Order Re-Order plugin for WordPress
  • Version(s): up to 1.1.9
Published: July 4, 2024

CVE-2024-22277

6.4
    VMware Cloud Director Availability
Published: July 4, 2024

CVE-2024-1573

5.9
    ICONICS GENESIS64
  • Version(s): 10.97, 10.97.2
    Mitsubishi Electric GENESIS64
  • Version(s): 10.97, 10.97.2
    Mitsubishi Electric MC Works64
Published: July 4, 2024

CVE-2024-6511

3.5
    y_project RuoYi
  • Version(s): up to 4.7.9
Published: July 4, 2024

CVE-2024-6434

3.1
    Premium Addons for Elementor plugin for WordPress
  • Version(s): up to 4.10.35
Published: July 4, 2024

CVE-2024-32754

3.1
    Unknown
Published: July 4, 2024

CVE-2024-38344

None
    WP Tweet Walls
  • Version(s): before 1.0.4
Published: July 4, 2024

CVE-2024-38345

None
    Sola Testimonials
  • Version(s): before 3.0.0
Published: July 4, 2024

CVE-2024-38471

None
    TP-LINK
Published: July 4, 2024

CVE-2024-39884

None
    Apache HTTP Server
  • Version(s): 2.4.60
Published: July 4, 2024

CVE-2024-39165

None
    Asial JpGraph Professional
  • Version(s): up to 4.2.6-pro
Published: July 4, 2024

CVE-2024-39211

None
    Kaiten
  • Version(s): 57.128.8
Published: July 4, 2024

CVE-2024-39929

None
    Exim
  • Version(s): up to 4.97.1
Published: July 4, 2024

CVE-2024-6513

None
    UNKNOWN
Published: July 4, 2024

CVE-2024-39935

None
    NGINX Proxy Manager
  • Version(s): before 2.11.3
Published: July 4, 2024
Click here to see more Vulnerabilities