Tag: 2024-07-24

6 Attack Reports | 81 Vulnerabilities

Attack reports

The tapestry of threats targeting Hamster Kombat players

This analysis delves into the various malicious threats capitalizing on the immense popularity of the Hamster Kombat mobile game. It reveals that cybercriminals are exploiting players' interests by distributing Android spyware disguised as the game through unofficial channels, as well as creating f…
android
spyware
2024-07-24
Published: July 24, 2024
Downloadable IOCs: 26

Stargazers Ghost Network

Check Point Research identified a sophisticated network of GitHub accounts distributing malware through malicious repositories. The Stargazers Ghost Network consists of different types of accounts performing various actions like starring, forking, and subscribing to give an appearance of legitimacy…
infostealers
2024-07-24
botnets
Published: July 24, 2024
Downloadable IOCs: 37

Malware Analysis - Accelerating Analysis When It Matters

This report provides information on how security professionals can expedite the analysis of multiple malware samples. By utilizing automated techniques, such as malware configuration parsing, analysts can quickly determine malware families, extract network indicators, and enhance detection and resp…
2024-07-24
malware analysis
Published: July 24, 2024
Downloadable IOCs: 28

Fake update puts visitors at risk

This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerp…
malware
cobalt strike
zloader
lumma stealer
socgholish
wordpress
downloader
redline stealer
2024-07-24
netsupport rat
egregor
ryuk
fake update
badspace
Published: July 24, 2024
Downloadable IOCs: 10

Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
impersonation
stealer
exfiltration
credential
2024-07-24
daolpu
malicious-document
Published: July 24, 2024
Downloadable IOCs: 6

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…
malware
evasion
windows
stealer
CVE-2024-21412
injection
pdf
meduza stealer
2024-07-24
acr stealer
Published: July 24, 2024
Downloadable IOCs: 27
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-6327

9.9
    Progress Telerik Report Server
  • Version(s): before 2024 Q2 (10.1.24.709)
Published: July 24, 2024

CVE-2024-41110

9.9
    Docker Engine
  • Version(s): 18.09.1
Published: July 24, 2024

CVE-2023-45249

9.8
    Acronis Cyber Infrastructure (ACI)
  • Version(s): before build 5.0.1-61, before build 5.1.1-71, before build 5.2.1-69, before build 5.3.1-53, before build 5.4.4-132
Published: July 24, 2024

CVE-2024-6756

8.8
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-6096

8.8
    Telerik Reporting
  • Version(s): before 18.1.24.709
Published: July 24, 2024

CVE-2024-41667

8.8
    OpenAM
  • Version(s): 15.0.3 and prior
Published: July 24, 2024

CVE-2024-41662

8.6
    VNote
  • Version(s): 3.18.1 and prior
Published: July 24, 2024

CVE-2024-41914

8.1
    EdgeConnect SD-WAN Orchestrator
Published: July 24, 2024

CVE-2024-41672

7.5
    DuckDB
  • Version(s): 1.0.0 and prior
Published: July 24, 2024

CVE-2024-6750

7.3
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-7027

7.3
    WooCommerce - PDF Vouchers plugin for WordPress
  • Version(s): up to 4.9.3
Published: July 24, 2024

CVE-2024-7066

7.3
    F-logic DataCube3
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-6753

7.2
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-22443

7.2
    EdgeConnect SD-WAN Orchestrator
Published: July 24, 2024

CVE-2024-33519

7.2
    HPE Aruba Networking EdgeConnect SD-WAN gateway
Published: July 24, 2024

CVE-2024-41133

7.2
    HPE Aruba Networking EdgeConnect SD-WAN gateway
Published: July 24, 2024

CVE-2024-41134

7.2
    HPE Aruba Networking EdgeConnect SD-WAN gateway
Published: July 24, 2024

CVE-2024-41135

7.2
    HPE Aruba Networking EdgeConnect SD-WAN gateway
Published: July 24, 2024

CVE-2024-41136

6.8
    HPE Aruba Networking EdgeConnect SD-WAN gateways
Published: July 24, 2024

CVE-2024-6755

6.5
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-3297

6.5
    Matter protocol
  • Version(s): before 1.1
Published: July 24, 2024

CVE-2024-6752

6.4
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-6629

6.4
    All-in-One Video Gallery plugin for WordPress
  • Version(s): up to 3.7.1
Published: July 24, 2024

CVE-2024-6930

6.4
    WP Booking Calendar plugin
  • Version(s): up to 10.2.1
Published: July 24, 2024

CVE-2024-6896

6.4
    AMP for WP - Accelerated Mobile Pages plugin
  • Version(s): up to 1.0.96.1
Published: July 24, 2024

CVE-2024-3896

6.4
    Rbs Image Gallery plugin for WordPress
  • Version(s): up to 3.2.19
Published: July 24, 2024

CVE-2024-5818

6.4
    Royal Elementor Addons and Templates plugin for WordPress
  • Version(s): up to 1.3.980
Published: July 24, 2024

CVE-2024-6751

6.3
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-7067

6.3
    Ecommerce-Laravel-Bootstrap
Published: July 24, 2024

CVE-2024-7069

6.3
    SourceCodester Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-7081

6.3
    Tailoring Management System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-3246

6.1
    LiteSpeed Cache plugin for WordPress
  • Version(s): up to 6.2.0.1
Published: July 24, 2024

CVE-2024-22444

6.1
    EdgeConnect SD-WAN Orchestrator
Published: July 24, 2024

CVE-2023-32471

6.0
    Dell Edge Gateway BIOS
  • Version(s): 3200, 5200
Published: July 24, 2024

CVE-2023-32466

5.7
    Dell Edge Gateway BIOS
  • Version(s): 3200, 5200
Published: July 24, 2024

CVE-2024-6754

5.4
    Social Auto Poster plugin for WordPress
  • Version(s): up to 5.3.14
Published: July 24, 2024

CVE-2024-7079

5.4
    Openshift console
Published: July 24, 2024

CVE-2024-5861

5.3
    WP EasyPay - Square for WordPress plugin
  • Version(s): up to 4.2.3
Published: July 24, 2024

CVE-2024-6553

5.3
    WP Meteor Website Speed Optimization Addon plugin
  • Version(s): up to 3.4.3
Published: July 24, 2024

CVE-2024-6571

5.3
    Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress
  • Version(s): up to 3.1.1
Published: July 24, 2024

CVE-2024-7080

5.3
    SourceCodester Insurance Management System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-41666

4.7
    Argo CD
  • Version(s): 2.11.7, 2.10.16, 2.9.21
Published: July 24, 2024

CVE-2024-6836

4.3
    Funnel Builder for WordPress by FunnelKit
  • Version(s): up to 3.4.6
Published: July 24, 2024

CVE-2024-7065

4.3
    Spina CMS
  • Version(s): up to 2.18.0
Published: July 24, 2024

CVE-2024-3454

3.5
    Connectivity Standards Alliance Matter protocol
  • Version(s): 1.2
Published: July 24, 2024

CVE-2024-7068

3.5
    SourceCodester Insurance Management System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-21684

3.1
    Bitbucket Data Center
  • Version(s): 8.0.0 - 8.9.12, 8.19.0 - 8.19.1
Published: July 24, 2024

CVE-2024-37533

2.4
    IBM InfoSphere Information Server
  • Version(s): 11.7
Published: July 24, 2024

CVE-2024-40767

None
    OpenStack Nova
  • Version(s): <27.4.1, 28 <28.2.1, 29 <29.1.1
Published: July 24, 2024

CVE-2024-6094

None
    WP ULike WordPress plugin
  • Version(s): before 4.7.1
Published: July 24, 2024

CVE-2023-48362

None
    Apache Drill
  • Version(s): 1.19.0, 1.20.0, 1.21.1
Published: July 24, 2024

CVE-2024-39676

None
    Apache Pinot
  • Version(s): 0.1 - 1.0.0
Published: July 24, 2024

CVE-2024-6197

None
    libcurl
Published: July 24, 2024

CVE-2024-6874

None
    libcurl
Published: July 24, 2024

CVE-2024-31971

None
    AdTran NetVanta 3120
  • Version(s): 18.01.01.00.E
Published: July 24, 2024

CVE-2024-31977

None
    Adtran 834-5
  • Version(s): 11.1.0.101-202106231430
    SmartOS
  • Version(s): 12.5.5.1
Published: July 24, 2024

CVE-2024-39345

None
    AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices
Published: July 24, 2024

CVE-2024-31970

None
    AdTran SRG 834-5 HDC17600021F1 devices
  • Version(s): 11.1.1.1, 12.1.3.1
Published: July 24, 2024

CVE-2024-36541

None
    logging-operator
  • Version(s): 4.6.0
Published: July 24, 2024

CVE-2024-40422

None
    stitionai devika v1
Published: July 24, 2024

CVE-2024-40575

None
    Huawei Technologies opengauss
  • Version(s): 5.0.0 build 7.3.0
Published: July 24, 2024

CVE-2024-36539

None
    contour
  • Version(s): 1.28.3
Published: July 24, 2024

CVE-2024-36540

None
    external-secrets
  • Version(s): 0.9.16
Published: July 24, 2024

CVE-2024-36536

None
    fabedge
  • Version(s): 0.8.1
Published: July 24, 2024

CVE-2024-36537

None
    cert-manager
  • Version(s): 1.14.4
Published: July 24, 2024

CVE-2024-36538

None
    Chaos Mesh
  • Version(s): 2.6.3
Published: July 24, 2024

CVE-2024-40137

None
    Dolibarr ERP CRM
  • Version(s): before 19.0.2-php8.2
Published: July 24, 2024

CVE-2024-40495

None
    Linksys Router E2500
  • Version(s): 2.0.00
Published: July 24, 2024

CVE-2024-36533

None
    volcano
  • Version(s): 1.8.2
Published: July 24, 2024

CVE-2024-36534

None
    hwameistor
  • Version(s): 0.14.3
Published: July 24, 2024

CVE-2024-36535

None
    meshery
  • Version(s): 0.7.51
Published: July 24, 2024

CVE-2024-41550

None
    CampCodes Supplier Management System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-41551

None
    CampCodes Supplier Management System
  • Version(s): 1.0
Published: July 24, 2024

CVE-2024-41459

None
    Tenda FH1201
  • Version(s): 1.2.0.14
Published: July 24, 2024

CVE-2024-41460

None
    Tenda FH1201
  • Version(s): v1.2.0.14
Published: July 24, 2024

CVE-2024-41461

None
    Tenda FH1201
  • Version(s): 1.2.0.14
Published: July 24, 2024

CVE-2024-41462

None
    Tenda FH1201
  • Version(s): 1.2.0.14
Published: July 24, 2024

CVE-2024-41463

None
    Tenda FH1201
  • Version(s): 1.2.0.14
Published: July 24, 2024

CVE-2024-41464

None
    Tenda FH1201
  • Version(s): v1.2.0.14
Published: July 24, 2024

CVE-2024-41465

None
    Tenda FH1201
  • Version(s): v1.2.0.14
Published: July 24, 2024

CVE-2024-41466

None
    Tenda FH1201
  • Version(s): v1.2.0.14
Published: July 24, 2024
Click here to see more Vulnerabilities