Tag: 2024-07-05

6 Attack Reports | 62 Vulnerabilities

Attack reports

The Hidden Danger of PDF Files with Embedded QR Codes

The report describes how malware authors are abusing PDF files with embedded QR codes to deceive users into visiting malicious phishing URLs disguised as legitimate services. The QR codes redirect users to fake Microsoft login pages designed to harvest credentials and potentially gain unauthorized …
phishing
credential theft
2024-07-05
pdf files
qr codes
malicious urls
Published: July 5, 2024
Downloadable IOCs: 1

New Threat: A Deep Dive Into the Zergeca Botnet

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
persistence
ddos
botnet
2024-07-05
go
zergeca
CVE-2018-10562
CVE-2018-10561
CVE-2016-20016
CVE-2022-35733
CVE-2017-17215
Published: July 5, 2024
Downloadable IOCs: 13

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that downl…
linux
cryptominer
2024-07-05
groovy language
jenkins script console
Published: July 5, 2024
Downloadable IOCs: 4

ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…
python
powershell
CVE-2021-34473
2024-07-05
proxyshell
CVE-2021-31207
CVE-2021-34523
microsoft exchange
Published: July 5, 2024
Downloadable IOCs: 4

Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment

In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the ScreenConnect remote access client, potentially facilitated through drive-by downloads. Threat actors exploited ScreenConnect to establish unauthorized remote sessions, ultimately deploying the …
screenconnect
asyncrat
autoit
2024-07-05
nsi script
nsis installer
Published: July 5, 2024
Downloadable IOCs: 77

Death Stealer forked from PowerShell Token Grabber

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…
stealer
2024-07-05
kematian stealer
powershell token grabber
Published: July 5, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-39696

8.8
    Evmos
Published: July 5, 2024

CVE-2024-34361

8.5
    Pi-hole
Published: July 5, 2024

CVE-2024-37903

8.2
    Mastodon
Published: July 5, 2024

CVE-2024-39321

7.5
    Traefik
Published: July 5, 2024

CVE-2024-39689

7.5
    Certifi
Published: July 5, 2024

CVE-2024-5753

7.5
    vanna-ai/vanna
Published: July 5, 2024

CVE-2024-39687

7.2
    Fedify
Published: July 5, 2024

CVE-2024-6505

6.0
    QEMU
Published: July 5, 2024

CVE-2024-6524

5.5
    ShopXO
Published: July 5, 2024

CVE-2024-23588

5.3
    HCL Nomad server on Domino
Published: July 5, 2024

CVE-2024-39691

4.3
    matrix-appservice-irc
Published: July 5, 2024

CVE-2024-6523

3.5
    ZKTeco BioTime
Published: July 5, 2024

CVE-2024-6526

3.5
    CodeIgniter Ecommerce-CodeIgniter-Bootstrap
Published: July 5, 2024

CVE-2024-6525

2.7
    D-Link DAR-7000
Published: July 5, 2024

CVE-2023-52340

None
    Linux kernel
Published: July 5, 2024

CVE-2024-32498

None
    OpenStack Cinder
    Glance
    Nova
Published: July 5, 2024

CVE-2024-34481

None
    Drupal Wiki
Published: July 5, 2024

CVE-2024-36041

None
    KDE Plasma Workspace
Published: July 5, 2024

CVE-2024-39472

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39473

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39474

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39475

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39476

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39477

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39478

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39479

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39480

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39481

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39482

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39483

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39484

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39485

None
    Linux kernel
Published: July 5, 2024

CVE-2024-6209

None
    ABB ASPECT - Enterprise
    NEXUS Series
    MATRIX Series
Published: July 5, 2024

CVE-2024-6298

None
    ABB ASPECT-Enterprise
    ABB NEXUS Series
    ABB MATRIX Series
Published: July 5, 2024

CVE-2024-38346

None
    CloudStack
Published: July 5, 2024

CVE-2024-39027

None
    SeaCMS
Published: July 5, 2024

CVE-2024-39028

None
    SeaCMS
Published: July 5, 2024

CVE-2024-39864

None
    CloudStack
Published: July 5, 2024

CVE-2024-23997

None
    Lukas Bach yana
Published: July 5, 2024

CVE-2024-23998

None
    Another Redis Desktop Manager
Published: July 5, 2024

CVE-2024-29318

None
    Volmarg Personal Management System
Published: July 5, 2024

CVE-2024-29319

None
    Volmarg Personal Management System
Published: July 5, 2024

CVE-2024-37768

None
    14Finger
Published: July 5, 2024

CVE-2024-37769

None
    14Finger
Published: July 5, 2024

CVE-2024-39210

None
    Best House Rental Management System
Published: July 5, 2024

CVE-2024-27709

None
    Eskooly Web Product
Published: July 5, 2024

CVE-2024-27710

None
    Eskooly Free Online School management Software
Published: July 5, 2024

CVE-2024-27711

None
    Eskooly Free Online School management Software
Published: July 5, 2024

CVE-2024-27712

None
    Eskooly Free Online School management Software
Published: July 5, 2024

CVE-2024-27713

None
    Eskooly Free Online School management Software
Published: July 5, 2024

CVE-2024-27715

None
    Eskooly Free Online School management Software
Published: July 5, 2024

CVE-2024-27716

None
    Eskooly Web Product
Published: July 5, 2024

CVE-2024-27717

None
    Eskooly Free Online School Management Software
Published: July 5, 2024

CVE-2024-37767

None
    14Finger
Published: July 5, 2024

CVE-2024-39150

None
    vditor
Published: July 5, 2024

CVE-2024-39178

None
    MyPower vc8100
Published: July 5, 2024

CVE-2024-39174

None
    yzmcms
Published: July 5, 2024

CVE-2024-39019

None
    idccms
Published: July 5, 2024

CVE-2024-39020

None
    idccms
Published: July 5, 2024

CVE-2024-39021

None
    idccms
Published: July 5, 2024

CVE-2024-39022

None
    idccms
Published: July 5, 2024

CVE-2024-39023

None
    idccms
Published: July 5, 2024
Click here to see more Vulnerabilities