Tag: 2024-07-10

9 Attack Reports | 107 Vulnerabilities

Attack reports

Analysis of Suspected APT Attack Activities by “Silver Fox”

This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and tax entities but has now shifted its focus towards impersonating national institutions and security companies. The analysis involves a phishing website, Winos remote contr…
malware
obfuscation
apt
phishing
cybercrime
winos
2024-07-10
updatedll
Published: July 10, 2024
Downloadable IOCs: 7

Kematian-Stealer: A Deep Dive into a New Information Stealer

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …
malware
stealer
persistence
data exfiltration
github
2024-07-10
kematian-stealer
Published: July 10, 2024
Downloadable IOCs: 4

VayGren and Mr.Burns: Strong Ties in Finance

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
purecrypter
metastealer
2024-07-10
teamviewer
redline stealer
warzonerat
ave maria
purelogs
burnsrat
Published: July 10, 2024
Downloadable IOCs: 131

How do cryptocurrency drainer phishing scams work?

Cryptodrainer phishing scams have emerged as a significant threat, targeting unsuspecting individuals through deceptive tactics to steal their digital assets. These scams lure victims with promises of profits while covertly siphoning their cryptocurrency. Attackers employ social engineering techniq…
phishing
social engineering
cryptocurrency
financial fraud
cybercrime
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 14

Persistent npm Campaign Shipping Trojanized jQuery

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…
malware
supply chain
exfiltration
npm
github
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 67

Decrypted: DoNex Ransomware and its Predecessors

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…
ransomware
lockbit
darkrace
donex
encryption
2024-07-10
chacha20
rebranding
muse
cryptography
Published: July 10, 2024
Downloadable IOCs: 8

Ticket Heist: Olympic Games and Sporting Events at Risk

This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
impersonation
fraud
2024-07-10
olympics
tickets
uefa
events
Published: July 10, 2024
Downloadable IOCs: 685

Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)

Check Point Research discovered threat actors leveraging novel techniques to execute malicious code on Windows systems by exploiting Internet Explorer's vulnerabilities. The attackers utilized specially crafted .url files that, when opened, would launch IE and visit attacker-controlled URLs. Additi…
social engineering
windows
zero-day
CVE-2023-36025
exploitation
CVE-2021-40444
CVE-2024-38112
2024-07-10
internet explorer
malicious files
Published: July 10, 2024
Downloadable IOCs: 7

Distribution of AsyncRAT Disguised as Ebook

This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and PowerShell scripts that ultimately execute AsyncRAT. The malware employs various techniques, such as obfuscation, task scheduling, and anti-VM and anti-AV capabilities, …
obfuscation
powershell
persistence
trojan
asyncrat
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 5
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-6422

9.8
    UNKNOWN
Published: July 10, 2024

CVE-2024-37113

9.8
    WishList Member X
  • Version(s): before 3.26.7
Published: July 10, 2024

CVE-2024-37310

9.0
    EVerest EV charging software stack
  • Version(s): 2024.3.1, 2024.6.0
Published: July 10, 2024

CVE-2024-21417

8.8
    Windows Text Services Framework
Published: July 10, 2024

CVE-2023-7061

8.8
    Advanced File Manager Shortcodes plugin for WordPress
  • Version(s): up to 2.5.3
Published: July 10, 2024

CVE-2023-7062

8.8
    Advanced File Manager Shortcodes plugin for WordPress
  • Version(s): up to 2.4
Published: July 10, 2024

CVE-2024-5792

8.8
    Houzez CRM plugin for WordPress
  • Version(s): up to 1.4.2
Published: July 10, 2024

CVE-2024-6411

8.8
    ProfileGrid WordPress plugin
  • Version(s): up to 5.8.9
Published: July 10, 2024

CVE-2024-28827

8.8
    Checkmk
  • Version(s): < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, <= 2.0.0p39 (EOL)
Published: July 10, 2024

CVE-2024-28828

8.8
    Checkmk
  • Version(s): < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, <= 2.0.0p39
Published: July 10, 2024

CVE-2024-21525

8.3
    node-twain
  • Version(s): All versions
Published: July 10, 2024

CVE-2024-21524

8.2
    node-stringbuilder
Published: July 10, 2024

CVE-2024-37148

8.1
    GLPI
  • Version(s): before 10.0.16
Published: July 10, 2024

CVE-2024-38354

8.1
    CodiMD
  • Version(s): 2.5.4
Published: July 10, 2024

CVE-2024-6433

7.5
    GitHub repository stitionai/devika
  • Version(s): prior to -
Published: July 10, 2024

CVE-2024-21521

7.5
    @discordjs/opus
  • Version(s): All versions
Published: July 10, 2024

CVE-2024-21522

7.5
    audify
  • Version(s): All versions
Published: July 10, 2024

CVE-2024-21523

7.5
    images
Published: July 10, 2024

CVE-2024-21526

7.5
    speaker
Published: July 10, 2024

CVE-2024-6421

7.5
    UNKNOWN
Published: July 10, 2024

CVE-2024-37110

7.5
    WishList Member X
  • Version(s): before 3.26.7
Published: July 10, 2024

CVE-2024-37115

7.5
    Automattic Newspack Blocks
  • Version(s): n/a - 3.0.8
Published: July 10, 2024

CVE-2024-39693

7.5
    Next.js
  • Version(s): 13.5 and later
Published: July 10, 2024

CVE-2024-37149

7.2
    GLPI
  • Version(s): 10.0.16
Published: July 10, 2024

CVE-2024-32469

7.1
    Decidim
  • Version(s): 0.27.6, 0.28.1
Published: July 10, 2024

CVE-2024-38301

6.7
    Dell Alienware Command Center
  • Version(s): 5.7.3.0 and prior
Published: July 10, 2024

CVE-2024-20456

6.7
    Cisco IOS XR Software
Published: July 10, 2024

CVE-2024-4866

6.4
    UltraAddons – Elementor Addons plugin for WordPress
  • Version(s): up to 1.1.6
Published: July 10, 2024

CVE-2024-5664

6.4
    MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress
  • Version(s): up to 5.5
Published: July 10, 2024

CVE-2024-6644

6.3
    zmops ArgusDBM
  • Version(s): up to 0.1.0
Published: July 10, 2024

CVE-2024-6645

6.3
    WuKongOpenSource Wukong_nocode
  • Version(s): up to 20230807
Published: July 10, 2024

CVE-2024-25023

6.2
    IBM Cloud Pak for Security
  • Version(s): 1.10.0.0, 1.10.11.0
    IBM QRadar Suite Software
  • Version(s): 1.10.12.0, 1.10.22.0
Published: July 10, 2024

CVE-2023-6813

6.1
    Login by Auth0 plugin for WordPress
  • Version(s): up to 4.6.0
Published: July 10, 2024

CVE-2023-32467

5.7
    Dell Edge Gateway BIOS
  • Version(s): 3200, 5200
Published: July 10, 2024

CVE-2023-32472

5.7
    Dell Edge Gateway BIOS
  • Version(s): 3200, 5200
Published: July 10, 2024

CVE-2023-35006

5.4
    IBM Security QRadar EDR
  • Version(s): 3.12
Published: July 10, 2024

CVE-2024-27095

5.4
    Decidim
  • Version(s): 0.27.6, 0.28.1
Published: July 10, 2024

CVE-2024-6550

5.3
    Gravity Forms: Multiple Form Instances plugin for WordPress
  • Version(s): up to 1.1.1
Published: July 10, 2024

CVE-2024-6556

5.3
    SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress
  • Version(s): up to 3.10.8
Published: July 10, 2024

CVE-2023-33859

5.3
    IBM Security QRadar EDR
  • Version(s): 3.12
Published: July 10, 2024

CVE-2023-33860

5.3
    IBM Security QRadar EDR
  • Version(s): 3.12
Published: July 10, 2024

CVE-2024-37205

5.3
    affiliate-toolkit
  • Version(s): from n/a, 3.4.4
Published: July 10, 2024

CVE-2024-37270

5.3
    TrustedLogin Vendor
  • Version(s): n/a before 1.1.1
Published: July 10, 2024

CVE-2024-37498

5.3
    Table & Contact Form 7 Database - Tablesome
  • Version(s): n/a, 1.0.33
Published: July 10, 2024

CVE-2024-37504

5.3
    Ninja Team FileBird Document Library
  • Version(s): n/a - 2.0.6
Published: July 10, 2024

CVE-2024-6646

5.3
    Netgear WN604
  • Version(s): up to 20240710
Published: July 10, 2024

CVE-2024-27090

5.3
    Decidim participatory democracy framework
  • Version(s): 0.0.1 - 0.27.6
Published: July 10, 2024

CVE-2024-38353

5.3
    CodiMD
  • Version(s): before 2.5.4
Published: July 10, 2024

CVE-2024-6647

4.7
    Croogo
  • Version(s): up to 4.0.7
Published: July 10, 2024

CVE-2024-5677

4.3
    Featured Image Generator plugin for WordPress
  • Version(s): up to 1.3.1
Published: July 10, 2024

CVE-2024-6410

4.3
    ProfileGrid - User Profiles, Groups and Communities plugin for WordPress
  • Version(s): up to 5.8.9
Published: July 10, 2024

CVE-2024-37147

4.3
    GLPI
  • Version(s): 10.0.16
Published: July 10, 2024

CVE-2024-6649

4.3
    SourceCodester Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
Published: July 10, 2024

CVE-2024-22018

2.9
    Node.js
  • Version(s): 20, 21
Published: July 10, 2024

CVE-2024-32670

None
    Samsung Galaxy SmartTag2
  • Version(s): before 0.20.04
Published: July 10, 2024

CVE-2024-38875

None
    Django
  • Version(s): 4.2 before 4.2.14, 5.0 before 5.0.7
Published: July 10, 2024

CVE-2024-39329

None
    Django
  • Version(s): 5.0 before 5.0.7, 4.2 before 4.2.14
Published: July 10, 2024

CVE-2024-39330

None
    Django
  • Version(s): 5.0 - 5.0.6, 4.2 - 4.2.13
Published: July 10, 2024

CVE-2024-39614

None
    Django
  • Version(s): 5.0 - 5.0.6, 4.2 - 4.2.13
Published: July 10, 2024

CVE-2024-36450

None
    Webmin
  • Version(s): before 1.910
Published: July 10, 2024

CVE-2024-36451

None
    Webmin
  • Version(s): before 2.003
Published: July 10, 2024

CVE-2024-36452

None
    Webmin
  • Version(s): before 2.003
Published: July 10, 2024

CVE-2024-36453

None
    Webmin
  • Version(s): before 1.970
    Usermin
  • Version(s): before 1.820
Published: July 10, 2024

CVE-2024-39886

None
    TONE store App
  • Version(s): 3.4.2 and earlier
Published: July 10, 2024

CVE-2024-39927

None
    Ricoh MFPs and printers
Published: July 10, 2024

CVE-2024-39488

None
    Linux kernel
Published: July 10, 2024

CVE-2024-39489

None
    Linux kernel
Published: July 10, 2024

CVE-2024-39490

None
    Linux kernel
Published: July 10, 2024

CVE-2024-39491

None
    Linux kernel
Published: July 10, 2024

CVE-2024-39492

None
    Linux Kernel
Published: July 10, 2024

CVE-2024-39493

None
    Linux kernel
Published: July 10, 2024

CVE-2024-3798

None
    Phoniebox
  • Version(s): <= 2.7
Published: July 10, 2024

CVE-2024-3799

None
    Phoniebox
  • Version(s): 0.1, 1.0, 2.0, 2.7
Published: July 10, 2024

CVE-2024-40328

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40329

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40333

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40334

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-6642

None
    UNKNOWN
Published: July 10, 2024

CVE-2024-40331

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40332

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40336

None
    idccms
  • Version(s): 1.35
Published: July 10, 2024

CVE-2024-40412

None
    Tenda AX12
  • Version(s): v1.0 v22.03.01.46
Published: July 10, 2024

CVE-2024-40417

None
    Tenda AX1806
  • Version(s): 1.0.0.1
Published: July 10, 2024

CVE-2024-3325

None
    Jaspersoft JasperReport Server
  • Version(s): 8.0.4 - 9.0.0
Published: July 10, 2024

CVE-2024-4879

None
    ServiceNow Now Platform
  • Version(s): Vancouver, Washington, D.C.
Published: July 10, 2024

CVE-2024-5178

None
    ServiceNow
  • Version(s): Washington DC, Vancouver, Utah
Published: July 10, 2024

CVE-2024-5217

None
    ServiceNow
  • Version(s): Washington DC, Vancouver, and earlier Now Platform releases
Published: July 10, 2024

CVE-2024-32759

None
    C●CURE 9000
Published: July 10, 2024

CVE-2024-37770

None
    14Finger
  • Version(s): 1.1
Published: July 10, 2024

CVE-2024-6630

None
    UNKNOWN
Published: July 10, 2024

CVE-2024-5491

None
    NetScaler ADC
    NetScaler Gateway
Published: July 10, 2024

CVE-2024-5492

None
    Citrix NetScaler ADC
    Citrix NetScaler Gateway
Published: July 10, 2024

CVE-2024-5910

None
    Palo Alto Networks Expedition
Published: July 10, 2024

CVE-2024-5911

None
    Palo Alto Networks Panorama software
Published: July 10, 2024

CVE-2024-5912

None
    Palo Alto Networks Cortex XDR agent
Published: July 10, 2024

CVE-2024-5913

None
    Palo Alto Networks PAN-OS
Published: July 10, 2024

CVE-2024-6235

None
    NetScaler
Published: July 10, 2024

CVE-2024-25076

None
    Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices
Published: July 10, 2024

CVE-2024-25077

None
    Renesas SmartBond DA14691
    Renesas SmartBond DA14695
    Renesas SmartBond DA14697
    Renesas SmartBond DA14699
Published: July 10, 2024

CVE-2024-6148

None
    Citrix Workspace app for HTML5
Published: July 10, 2024

CVE-2024-6149

None
    Citrix Workspace app for HTML5
Published: July 10, 2024

CVE-2024-6150

None
    Citrix Provisioning
Published: July 10, 2024

CVE-2024-6151

None
    Citrix Virtual Apps and Desktops
Published: July 10, 2024

CVE-2024-6236

None
    Citrix NetScaler Console (NetScaler ADM)
  • Version(s): Unknown
    Citrix NetScaler Agent
  • Version(s): Unknown
    Citrix NetScaler SDX
  • Version(s): Unknown
Published: July 10, 2024

CVE-2024-6286

None
    Citrix Workspace app for Windows
Published: July 10, 2024

CVE-2024-6663

None
    UNKNOWN
Published: July 10, 2024

CVE-2024-6664

None
    UNKNOWN
Published: July 10, 2024
Click here to see more Vulnerabilities