Tag: 2024-07-05

6 Attack Reports | 62 Vulnerabilities

Attack reports

The Hidden Danger of PDF Files with Embedded QR Codes

The report describes how malware authors are abusing PDF files with embedded QR codes to deceive users into visiting malicious phishing URLs disguised as legitimate services. The QR codes redirect users to fake Microsoft login pages designed to harvest credentials and potentially gain unauthorized …
phishing
credential theft
2024-07-05
pdf files
qr codes
malicious urls
Published: July 5, 2024
Downloadable IOCs: 1

New Threat: A Deep Dive Into the Zergeca Botnet

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, in…
persistence
ddos
botnet
2024-07-05
go
zergeca
CVE-2018-10562
CVE-2018-10561
CVE-2016-20016
CVE-2022-35733
CVE-2017-17215
Published: July 5, 2024
Downloadable IOCs: 13

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that downl…
linux
cryptominer
2024-07-05
groovy language
jenkins script console
Published: July 5, 2024
Downloadable IOCs: 4

ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…
python
powershell
CVE-2021-34473
2024-07-05
proxyshell
CVE-2021-31207
CVE-2021-34523
microsoft exchange
Published: July 5, 2024
Downloadable IOCs: 4

Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment

In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the ScreenConnect remote access client, potentially facilitated through drive-by downloads. Threat actors exploited ScreenConnect to establish unauthorized remote sessions, ultimately deploying the …
screenconnect
asyncrat
autoit
2024-07-05
nsi script
nsis installer
Published: July 5, 2024
Downloadable IOCs: 77

Death Stealer forked from PowerShell Token Grabber

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…
stealer
2024-07-05
kematian stealer
powershell token grabber
Published: July 5, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-39696

8.8
    Evmos
  • Version(s): before 19.0.0
Published: July 5, 2024

CVE-2024-34361

8.5
    Pi-hole
  • Version(s): before 5.18.3
Published: July 5, 2024

CVE-2024-37903

8.2
    Mastodon
  • Version(s): 2.6.0 to 4.1.18, 2.6.0 to 4.2.10
Published: July 5, 2024

CVE-2024-39321

7.5
    Traefik
  • Version(s): before 2.11.6, before 3.0.4, before 3.1.0-rc3
Published: July 5, 2024

CVE-2024-39689

7.5
    Certifi
  • Version(s): starting in 2021.05.30 and prior to 2024.07.4
Published: July 5, 2024

CVE-2024-5753

7.5
    vanna-ai/vanna
  • Version(s): v0.3.4
Published: July 5, 2024

CVE-2024-39687

7.2
    Fedify
  • Version(s): 0.9.2, 0.10.1, 0.11.1
Published: July 5, 2024

CVE-2024-6505

6.0
    QEMU
Published: July 5, 2024

CVE-2024-6524

5.5
    ShopXO
  • Version(s): up to 6.1.0
Published: July 5, 2024

CVE-2024-23588

5.3
    HCL Nomad server on Domino
Published: July 5, 2024

CVE-2024-39691

4.3
    matrix-appservice-irc
  • Version(s): 2.0.0, before 2.0.1
Published: July 5, 2024

CVE-2024-6523

3.5
    ZKTeco BioTime
  • Version(s): up to 9.5.2
Published: July 5, 2024

CVE-2024-6526

3.5
    CodeIgniter Ecommerce-CodeIgniter-Bootstrap
  • Version(s): up to 1998845073cf433bc6c250b0354461fbd84d0e03
Published: July 5, 2024

CVE-2024-6525

2.7
    D-Link DAR-7000
  • Version(s): up to 20230922
Published: July 5, 2024

CVE-2023-52340

None
    Linux kernel
  • Version(s): before 6.3
Published: July 5, 2024

CVE-2024-32498

None
    OpenStack Cinder
  • Version(s): through 24.0.0
    Glance
  • Version(s): before 28.0.2
    Nova
  • Version(s): before 29.0.3
Published: July 5, 2024

CVE-2024-34481

None
    Drupal Wiki
  • Version(s): before 8.31.1
Published: July 5, 2024

CVE-2024-36041

None
    KDE Plasma Workspace
  • Version(s): 5.27.11.1, before 5.27.11.1, 6.x, before 6.0.5.1
Published: July 5, 2024

CVE-2024-39472

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39473

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39474

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39475

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39476

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39477

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39478

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39479

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39480

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39481

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39482

None
    Linux kernel
Published: July 5, 2024

CVE-2024-39483

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39484

None
    Linux Kernel
Published: July 5, 2024

CVE-2024-39485

None
    Linux kernel
Published: July 5, 2024

CVE-2024-6209

None
    ABB ASPECT - Enterprise
  • Version(s): <=3.08.01
    NEXUS Series
  • Version(s): <=3.08.01
    MATRIX Series
  • Version(s): <=3.08.01
Published: July 5, 2024

CVE-2024-6298

None
    ABB ASPECT-Enterprise
  • Version(s): through 3.08.01
    ABB NEXUS Series
  • Version(s): through 3.08.01
    ABB MATRIX Series
  • Version(s): through 3.08.01
Published: July 5, 2024

CVE-2024-38346

None
    CloudStack
  • Version(s): 4.18.2.1, 4.19.0.2+
Published: July 5, 2024

CVE-2024-39027

None
    SeaCMS
  • Version(s): 12.9
Published: July 5, 2024

CVE-2024-39028

None
    SeaCMS
  • Version(s): <=12.9
Published: July 5, 2024

CVE-2024-39864

None
    CloudStack
  • Version(s): 4.18.2.1, 4.19.0.2
Published: July 5, 2024

CVE-2024-23997

None
    Lukas Bach yana
  • Version(s): <=1.0.16
Published: July 5, 2024

CVE-2024-23998

None
    Another Redis Desktop Manager
  • Version(s): <=1.6.1
Published: July 5, 2024

CVE-2024-29318

None
    Volmarg Personal Management System
  • Version(s): 1.4.64
Published: July 5, 2024

CVE-2024-29319

None
    Volmarg Personal Management System
  • Version(s): 1.4.64
Published: July 5, 2024

CVE-2024-37768

None
    14Finger
  • Version(s): 1.1
Published: July 5, 2024

CVE-2024-37769

None
    14Finger
  • Version(s): 1.1
Published: July 5, 2024

CVE-2024-39210

None
    Best House Rental Management System
  • Version(s): 1.0
Published: July 5, 2024

CVE-2024-27709

None
    Eskooly Web Product
  • Version(s): 3.0
Published: July 5, 2024

CVE-2024-27710

None
    Eskooly Free Online School management Software
  • Version(s): 3.0 and before
Published: July 5, 2024

CVE-2024-27711

None
    Eskooly Free Online School management Software
  • Version(s): 3.0 and before
Published: July 5, 2024

CVE-2024-27712

None
    Eskooly Free Online School management Software
  • Version(s): 3.0, before 3.0
Published: July 5, 2024

CVE-2024-27713

None
    Eskooly Free Online School management Software
  • Version(s): 3.0, before 3.0
Published: July 5, 2024

CVE-2024-27715

None
    Eskooly Free Online School management Software
  • Version(s): 3.0 and before
Published: July 5, 2024

CVE-2024-27716

None
    Eskooly Web Product
  • Version(s): 3.0 and before
Published: July 5, 2024

CVE-2024-27717

None
    Eskooly Free Online School Management Software
  • Version(s): 3.0 and before
Published: July 5, 2024

CVE-2024-37767

None
    14Finger
  • Version(s): 1.1
Published: July 5, 2024

CVE-2024-39150

None
    vditor
  • Version(s): 3.9.8, before 3.9.8
Published: July 5, 2024

CVE-2024-39178

None
    MyPower vc8100
  • Version(s): V100R001C00B030
Published: July 5, 2024

CVE-2024-39174

None
    yzmcms
  • Version(s): 7.1
Published: July 5, 2024

CVE-2024-39019

None
    idccms
  • Version(s): 1.35
Published: July 5, 2024

CVE-2024-39020

None
    idccms
  • Version(s): 1.35
Published: July 5, 2024

CVE-2024-39021

None
    idccms
  • Version(s): 1.35
Published: July 5, 2024

CVE-2024-39022

None
    idccms
  • Version(s): 1.35
Published: July 5, 2024

CVE-2024-39023

None
    idccms
  • Version(s): 1.35
Published: July 5, 2024
Click here to see more Vulnerabilities