Tag: 2024-07-17

5 Attack Reports | 84 Vulnerabilities

Attack reports

Private HTS Program Continuously Used in Attacks

This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk soft…
south korea
quasar rat
2024-07-17
Published: July 17, 2024
Downloadable IOCs: 1

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks

This report provides an in-depth analysis of the FIN7 cybercrime group's evolving tactics, techniques, and procedures. It highlights the group's adoption of automated SQL injection attacks, the development of specialized tools like AvNeutralizer for evading security solutions, and the use of multip…
2024-07-17
powertrash
diceloader
avneutralizer
Published: July 17, 2024
Linked vulnerabilities : CVE-2021-34473, CVE-2021-31207, CVE-2021-34523
Downloadable IOCs: 99

Suspected Cyber Espionage Campaign Targeting Global Organizations

An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade…
CVE-2024-3400
exploitation
cyberespionage
backdoors
2024-07-17
sparkrat
pantegana
intergovernmental
opensource
Published: July 17, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 25

'Evil Twin' Apps Spread for Multiple Fraud Schemes

HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
obfuscation
impersonation
malvertising
2024-07-17
mobile
konfety
ad fraud
Published: July 17, 2024
Downloadable IOCs: 0

Who You Gonna Call? AndroxGh0st Busters!

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…
python
botnet
credential theft
2024-07-17
androxgh0st
CVE-2021-41773
rce exploitation
CVE-2017-9841
web exploitation
CVE-2018-15133
Published: July 17, 2024
Linked vulnerabilities : CVE-2021-41773, CVE-2018-15133, CVE-2017-9841
Downloadable IOCs: 7
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-20419

10.0
    Cisco Smart Software Manager On-Prem
Published: July 17, 2024

CVE-2024-6220

9.8
    WordPress 简数采集器 (Keydatas) plugin
Published: July 17, 2024

CVE-2024-20401

9.8
    Cisco Secure Email Gateway
Published: July 17, 2024

CVE-2024-23466

9.6
    SolarWinds Access Rights Manager (ARM)
Published: July 17, 2024

CVE-2024-23467

9.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-23469

9.6
    SolarWinds Access Rights Manager (ARM)
Published: July 17, 2024

CVE-2024-23470

9.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-23471

9.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-23472

9.6
    SolarWinds Access Rights Manager (ARM)
Published: July 17, 2024

CVE-2024-23475

9.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-28074

9.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-6834

9.0
    APIML Spring Cloud Gateway
Published: July 17, 2024

CVE-2024-6467

8.8
    BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin
Published: July 17, 2024

CVE-2024-6660

8.8
    BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin
Published: July 17, 2024

CVE-2024-5471

8.8
    Zohocorp ManageEngine DDI Central
Published: July 17, 2024

CVE-2024-20435

8.8
    Cisco AsyncOS for Secure Web Appliance
Published: July 17, 2024

CVE-2023-7272

8.6
    Eclipse Parsson
Published: July 17, 2024

CVE-2024-23465

8.3
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-23468

7.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-23474

7.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-28992

7.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-28993

7.6
    SolarWinds Access Rights Manager
Published: July 17, 2024

CVE-2024-20323

7.5
    Cisco Intelligent Node (iNode) Software
Published: July 17, 2024

CVE-2024-40641

7.4
    Nuclei
Published: July 17, 2024

CVE-2024-20416

6.5
    Cisco RV340 Dual WAN Gigabit VPN Router
    Cisco RV345 Dual WAN Gigabit VPN Router
Published: July 17, 2024

CVE-2024-20429

6.5
    Cisco AsyncOS for Secure Email Gateway
Published: July 17, 2024

CVE-2024-5251

6.4
    Ultimate Addons for WPBakery
Published: July 17, 2024

CVE-2024-5252

6.4
    Ultimate Addons for WPBakery plugin for WordPress
Published: July 17, 2024

CVE-2024-5253

6.4
    Ultimate Addons for WPBakery
Published: July 17, 2024

CVE-2024-5254

6.4
    Ultimate Addons for WPBakery plugin for WordPress
Published: July 17, 2024

CVE-2024-5255

6.4
    Ultimate Addons for WPBakery
Published: July 17, 2024

CVE-2024-5582

6.4
    Schema & Structured Data for WP & AMP plugin for WordPress
Published: July 17, 2024

CVE-2024-20395

6.4
    Cisco Webex App
Published: July 17, 2024

CVE-2024-28796

6.4
    IBM ClearQuest
Published: July 17, 2024

CVE-2024-6801

6.3
    SourceCodester Online Student Management System
Published: July 17, 2024

CVE-2024-6802

6.3
    SourceCodester Computer Laboratory Management System
Published: July 17, 2024

CVE-2024-6808

6.3
    Simple Task List
Published: July 17, 2024

CVE-2024-6830

6.3
    Simple Inventory Management System
Published: July 17, 2024

CVE-2024-6535

5.9
    Skupper
Published: July 17, 2024

CVE-2024-6833

5.9
    Zowe CLI
Published: July 17, 2024

CVE-2024-6803

5.5
    itsourcecode Document Management System
Published: July 17, 2024

CVE-2024-6669

5.5
    ChatBot for WordPress – WPBot plugin
Published: July 17, 2024

CVE-2024-27311

5.5
    Zohocorp ManageEngine DDI Central
Published: July 17, 2024

CVE-2024-32981

5.4
    Silverstripe framework
Published: July 17, 2024

CVE-2024-20396

5.3
    Cisco Webex App
Published: July 17, 2024

CVE-2024-40633

5.3
    Sylius
Published: July 17, 2024

CVE-2024-40636

5.3
    Steeltoe.Discovery.Eureka
Published: July 17, 2024

CVE-2024-20296

4.7
    Cisco Identity Services Engine (ISE)
Published: July 17, 2024

CVE-2024-20400

4.7
    Cisco Expressway Series
Published: July 17, 2024

CVE-2024-6033

4.3
    Eventin plugin for WordPress
Published: July 17, 2024

CVE-2024-5703

4.3
    Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Published: July 17, 2024

CVE-2024-29885

4.3
    Silverstripe Framework
Published: July 17, 2024

CVE-2024-38870

3.5
    Zohocorp ManageEngine OpManager
Published: July 17, 2024

CVE-2023-42010

3.1
    IBM Sterling B2B Integrator Standard Edition
Published: July 17, 2024

CVE-2024-6595

3.0
    GitLab CE/EE
Published: July 17, 2024

CVE-2024-40640

2.9
    vodozemac
Published: July 17, 2024

CVE-2024-6807

2.4
    SourceCodester Student Study Center Desk Management System
Published: July 17, 2024

CVE-2024-41009

None
    Linux Kernel
Published: July 17, 2024

CVE-2024-41010

None
    Linux kernel
Published: July 17, 2024

CVE-2024-39863

None
    Apache Airflow
Published: July 17, 2024

CVE-2024-39877

None
    Apache Airflow
Published: July 17, 2024

CVE-2023-52291

None
    streampark
Published: July 17, 2024

CVE-2024-29737

None
    streampark
Published: July 17, 2024

CVE-2024-30471

None
    Apache StreamPipes
Published: July 17, 2024

CVE-2024-31070

None
    FutureNet NXR series
    VXR series
    WXR series
Published: July 17, 2024

CVE-2024-31979

None
    Apache StreamPipes
Published: July 17, 2024

CVE-2024-36475

None
    FutureNet NXR series
    VXR series
    WXR series
Published: July 17, 2024

CVE-2024-36491

None
    FutureNet NXR series
    VXR series
    WXR series
Published: July 17, 2024

CVE-2024-40617

None
    FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS)
Published: July 17, 2024

CVE-2024-31411

None
    Apache StreamPipes
Published: July 17, 2024

CVE-2024-6765

None
    UNKNOWN
Published: July 17, 2024

CVE-2024-29120

None
    Streampark
Published: July 17, 2024

CVE-2023-4976

None
    Purity//FB
Published: July 17, 2024

CVE-2024-38446

None
    UNKNOWN
Published: July 17, 2024

CVE-2024-38447

None
    NATO NCI ANET
Published: July 17, 2024

CVE-2024-40639

None
    Gotenberg
Published: July 17, 2024

CVE-2024-40420

None
    openCart
Published: July 17, 2024

CVE-2024-39124

None
    Roundup
Published: July 17, 2024

CVE-2024-39125

None
    Roundup
Published: July 17, 2024

CVE-2024-39126

None
    Roundup
Published: July 17, 2024

CVE-2024-40119

None
    Nepstech Wifi Router Xpon (Terminal) Model NTPL-Xpon1GFEVN
Published: July 17, 2024

CVE-2024-40402

None
    Simple Library Management System
Published: July 17, 2024

CVE-2023-43971

None
    ACG-faka
Published: July 17, 2024

CVE-2024-40492

None
    Heartbeat Chat
Published: July 17, 2024
Click here to see more Vulnerabilities