Tag: 2024-08-01

5 Attack Reports | 120 Vulnerabilities

Attack reports

Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering

The intelligence report discusses an ongoing malware campaign that targets software developers through social engineering tactics like fake job interviews. The threat actors behind this campaign have upgraded their tools, now supporting multiple operating systems (Windows, Linux, and macOS) and emp…
social engineering
dev#popper
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 14

Threat Actor Abuses Cloudflare Tunnels to Deliver RATs

Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware, particularly remote access trojans (RATs) like Xworm, AsyncRAT, VenomRAT, GuLoader, and Remcos. The campaigns employ various techniques, such as using URL files to establish connectio…
xworm
remcos
asyncrat
venomrat
guloader
rats
webdav
cloudflare
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 13

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

An examination of how threat actors hijack social media pages, rename them to resemble legitimate AI photo editors, and post malicious links to fake websites promoted through paid ads. The links trick users into installing endpoint management software, allowing the execution of credential stealers …
phishing
credential theft
lumma
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 73

Increased Activity Against Apache OFBiz CVE-2024-32113

Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code exe…
vulnerability
CVE-2024-32113
apache
erp
2024-08-01
remote code execution
ofbiz
Published: August 1, 2024
Linked vulnerabilities : CVE-2024-32113
Downloadable IOCs: 5

Strikes with commercial malware against organizations in Kazakhstan

BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies…
phishing
data theft
remote access
2024-08-01
strrat
strigoi master
Published: August 1, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-7332

9.8
    TOTOLINK CP450
  • Version(s): 4.1.0cu.747_B20191224
Published: August 1, 2024

CVE-2024-38770

9.8
    Backup and Staging by WP Time Capsule
  • Version(s): n/a - 1.22.20
Published: August 1, 2024

CVE-2024-41961

9.6
    Elektra
Published: August 1, 2024

CVE-2024-39619

9.0
    CridioStudio ListingPro
  • Version(s): n/a - 2.9.3
Published: August 1, 2024

CVE-2024-7331

8.8
    Totolink
  • A3300r Firmware
  • A3300r
Published: August 1, 2024

CVE-2024-7333

8.8
    TOTOLINK N350RT
  • Version(s): 9.3.5u.6139_B20201216
Published: August 1, 2024

CVE-2024-7334

8.8
    TOTOLINK EX1200L
  • Version(s): 9.3.5u.6146_B20201023
Published: August 1, 2024

CVE-2024-7335

8.8
    TOTOLINK EX200
  • Version(s): 4.0.3c.7646_B20201211
Published: August 1, 2024

CVE-2024-7336

8.8
    TOTOLINK EX200
  • Version(s): 4.0.3c.7646_B20201211
Published: August 1, 2024

CVE-2024-7337

8.8
    TOTOLINK EX1200L
  • Version(s): 9.3.5u.6146_B20201023
Published: August 1, 2024

CVE-2024-6698

8.8
    FundEngine plugin for WordPress
  • Version(s): up to 1.7.0
Published: August 1, 2024

CVE-2024-7338

8.8
    TOTOLINK EX1200L
  • Version(s): 9.3.5u.6146_B20201023
Published: August 1, 2024

CVE-2024-39633

8.8
    PowerPack for Beaver Builder
  • Version(s): n/a - 2.33.0
Published: August 1, 2024

CVE-2024-39634

8.8
    PowerPack Pro for Elementor
  • Version(s): from n/a through 2.10.14
Published: August 1, 2024

CVE-2024-39274

8.7
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1
Published: August 1, 2024

CVE-2024-39777

8.7
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1
Published: August 1, 2024

CVE-2024-39624

8.5
    ListingPro
  • Version(s): from n/a, 2.9.3
Published: August 1, 2024

CVE-2024-39636

8.3
    Better Find and Replace
  • Version(s): n/a, 1.6.1
Published: August 1, 2024

CVE-2024-3983

8.1
    WooCommerce Customers Manager WordPress plugin
  • Version(s): before 30.1
Published: August 1, 2024

CVE-2024-6873

8.1
    ClickHouse
Published: August 1, 2024

CVE-2024-41956

8.1
    Soft Serve
  • Version(s): before 0.7.5
Published: August 1, 2024

CVE-2023-52209

8.0
    WPForms User Registration
  • Version(s): n/a, 2.1.0
Published: August 1, 2024

CVE-2024-39621

8.0
    ListingPro
  • Version(s): n/a, 2.9.3
Published: August 1, 2024

CVE-2024-7358

7.8
    Getscreen Agent
  • Version(s): 2.19.6
Published: August 1, 2024

CVE-2024-38761

7.5
    Dylan James Zephyr Project Manager
  • Version(s): n/a, 3.3.99
Published: August 1, 2024

CVE-2024-36492

7.4
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1
Published: August 1, 2024

CVE-2024-7366

7.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7369

7.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-38775

7.2
    CTX Feed
  • Version(s): from n/a through 6.5.6
Published: August 1, 2024

CVE-2024-6529

7.1
    Ultimate Classified Listings WordPress plugin
  • Version(s): before 1.4
Published: August 1, 2024

CVE-2024-38746

7.1
    MakeStories (for Google Web Stories)
  • Version(s): n/a - 3.0.3
Published: August 1, 2024

CVE-2024-39652

7.1
    WooCommerce PDF Vouchers
  • Version(s): before 4.9.5
Published: August 1, 2024

CVE-2024-39656

7.1
    Tin Canny Reporting for LearnDash
  • Version(s): n/a, 4.3.0.7
Published: August 1, 2024

CVE-2024-39663

7.1
    WP Fast Total Search
  • Version(s): n/a, 1.68.232
Published: August 1, 2024

CVE-2024-34021

6.8
    ELECOM wireless LAN routers
Published: August 1, 2024

CVE-2024-39607

6.8
    ELECOM wireless LAN routers
Published: August 1, 2024

CVE-2024-39832

6.8
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1
Published: August 1, 2024

CVE-2024-32863

6.8
    exacqVision Web Services
Published: August 1, 2024

CVE-2024-32862

6.8
    ExacqVision Web Services
Published: August 1, 2024

CVE-2024-1747

6.5
    WooCommerce Customers Manager WordPress plugin
  • Version(s): before 3.0.2
Published: August 1, 2024

CVE-2024-38772

6.5
    JetWidgets for Elementor and WooCommerce
  • Version(s): n/a - 1.1.7
Published: August 1, 2024

CVE-2024-39649

6.5
    Essential Addons for Elementor
  • Version(s): n/a through 5.9.26
Published: August 1, 2024

CVE-2024-39655

6.5
    LiquidPoll
  • Version(s): unknown, up to 3.3.77
Published: August 1, 2024

CVE-2024-39659

6.5
    WP-PostRatings
  • Version(s): n/a - 1.91.1
Published: August 1, 2024

CVE-2024-39661

6.5
    Kubio AI Page Builder
  • Version(s): n/a, 2.2.4
Published: August 1, 2024

CVE-2024-39662

6.5
    Black Widgets For Elementor
  • Version(s): from n/a through 1.3.5
Published: August 1, 2024

CVE-2024-39665

6.5
    YMC Filter & Grids
  • Version(s): n/a, 2.9.2
Published: August 1, 2024

CVE-2024-39667

6.5
    Element Pack Elementor Addons
  • Version(s): n/a, 5.6.11
Published: August 1, 2024

CVE-2024-39668

6.5
    Extensions for Elementor
  • Version(s): n/a - 2.0.31
Published: August 1, 2024

CVE-2024-2090

6.4
    Remote Content Shortcode plugin for WordPress
  • Version(s): up to 1.5
Published: August 1, 2024

CVE-2024-5330

6.4
    Breakdance plugin for WordPress
  • Version(s): up to 1.7.2
Published: August 1, 2024

CVE-2024-7302

6.4
    Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress
  • Version(s): up to 7.5.4
Published: August 1, 2024

CVE-2024-6346

6.4
    Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress
  • Version(s): up to 2.2.85a
Published: August 1, 2024

CVE-2024-2455

6.4
    Element Pack - Addon for Elementor Page Builder WordPress Plugin
  • Version(s): up to 7.9.0
Published: August 1, 2024

CVE-2024-32864

6.4
    exacqVision Web Services
Published: August 1, 2024

CVE-2024-32865

6.4
    exacqVision Server
Published: August 1, 2024

CVE-2024-7330

6.3
    YouDianCMS
  • Version(s): 7
Published: August 1, 2024

CVE-2024-7357

6.3
    D-Link DIR-600
  • Version(s): up to 2.18
Published: August 1, 2024

CVE-2024-7361

6.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7362

6.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7363

6.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7364

6.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7365

6.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-28972

5.9
    Dell InsightIQ
  • Version(s): 5.0.0
Published: August 1, 2024

CVE-2024-39648

5.9
    Eventin
  • Version(s): n/a, 4.0.5
Published: August 1, 2024

CVE-2024-39660

5.9
    Jordy Meow Photo Engine
  • Version(s): n/a - 6.3.1
Published: August 1, 2024

CVE-2024-38490

5.8
    Dell iDRAC Service Module
  • Version(s): 5.3.0.0 and prior
Published: August 1, 2024

CVE-2024-32931

5.7
    exacqVision Web Service
Published: August 1, 2024

CVE-2024-6923

5.5
    CPython
Published: August 1, 2024

CVE-2024-41144

5.5
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1
Published: August 1, 2024

CVE-2024-39630

5.5
    MotoPress Timetable and Event Schedule
  • Version(s): n/a - 2.4.13
Published: August 1, 2024

CVE-2024-39637

5.4
    Edubin
  • Version(s): n/a, 9.2.0
Published: August 1, 2024

CVE-2024-6687

5.3
    CTT Expresso para WooCommerce plugin for WordPress
  • Version(s): up to 3.2.12
Published: August 1, 2024

CVE-2024-1715

5.3
    AdFoxly - Ad Manager, AdSense Ads & Ads.txt plugin for WordPress
  • Version(s): up to 1.8.5
Published: August 1, 2024

CVE-2024-7339

5.3
    UNKNOWN
Published: August 1, 2024

CVE-2024-41123

5.3
    REXML gem for Ruby
  • Version(s): before 3.3.2
Published: August 1, 2024

CVE-2024-41946

5.3
    REXML gem for Ruby
  • Version(s): 3.3.2
Published: August 1, 2024

CVE-2024-38791

4.9
    Jordy Meow AI Engine: ChatGPT Chatbot
  • Version(s): n/a through 2.4.7
Published: August 1, 2024

CVE-2024-4090

4.8
    WordPress plugin - Floating Notification Bar
  • Version(s): before 2.7.2
Published: August 1, 2024

CVE-2024-25947

4.8
    Dell iDRAC Service Module
  • Version(s): 5.3.0.0 and prior
Published: August 1, 2024

CVE-2024-25948

4.8
    Dell iDRAC Service Module
  • Version(s): 5.3.0.0 and prior
Published: August 1, 2024

CVE-2024-38481

4.8
    Dell iDRAC Service Module
  • Version(s): 5.3.0.0 and prior
Published: August 1, 2024

CVE-2024-5678

4.7
    ManageEngine Applications Manager
  • Version(s): below 170900
Published: August 1, 2024

CVE-2024-7211

4.7
    1E Platform
Published: August 1, 2024

CVE-2024-41962

4.6
    Bostr
  • Version(s): 3.0.10
Published: August 1, 2024

CVE-2024-41957

4.5
    Vim
  • Version(s): < 9.1.0647
Published: August 1, 2024

CVE-2024-6040

4.4
    lollms-webui
  • Version(s): 9.8
Published: August 1, 2024

CVE-2024-5331

4.3
    Breakdance plugin for WordPress
  • Version(s): up to 1.7.2
Published: August 1, 2024

CVE-2024-39839

4.3
    Mattermost
  • Version(s): 9.5.0 - 9.5.6, 9.7.0 - 9.7.5, 9.8.0 - 9.8.1, 9.9.0
Published: August 1, 2024

CVE-2024-7360

4.3
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-38768

4.3
    The Pack Elementor addons
  • Version(s): n/a, 2.0.8.6
Published: August 1, 2024

CVE-2024-7367

4.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-41965

4.2
    Vim
  • Version(s): 9.1.0648 and below
Published: August 1, 2024

CVE-2024-41162

4.1
    Mattermost
  • Version(s): 9.9.0, 9.5.6, 9.7.5, 9.8.1
Published: August 1, 2024

CVE-2024-39837

3.8
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6
Published: August 1, 2024

CVE-2024-7342

3.5
    Baidu UEditor
  • Version(s): 1.4.3.3
Published: August 1, 2024

CVE-2024-7343

3.5
    Baidu UEditor
  • Version(s): 1.4.2
Published: August 1, 2024

CVE-2024-7359

3.5
    SourceCodester Tracking Monitoring Management System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-7368

3.5
    Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 1, 2024

CVE-2024-38489

3.1
    Dell iDRAC Service Module
  • Version(s): 5.3.0.0 and prior
Published: August 1, 2024

CVE-2024-41948

3.0
    biscuit-java
  • Version(s): before 4.0.0
Published: August 1, 2024

CVE-2024-41949

3.0
    biscuit-rust
Published: August 1, 2024

CVE-2024-29977

2.7
    Mattermost
  • Version(s): 9.9.x <= 9.9.0, 9.5.x <= 9.5.6
Published: August 1, 2024

CVE-2024-41926

2.7
    Mattermost
  • Version(s): 9.9.0, 9.5.6
Published: August 1, 2024

CVE-2024-23600

2.7
    PingIDM OPENIDM
Published: August 1, 2024

CVE-2024-40883

None
    ELECOM wireless LAN routers
Published: August 1, 2024

CVE-2024-2843

None
    WooCommerce Customers Manager WordPress plugin
  • Version(s): before 30.1
Published: August 1, 2024

CVE-2024-2872

None
    socialdriver-framework WordPress plugin
  • Version(s): before 2024.04.30
Published: August 1, 2024

CVE-2024-6496

None
    Light Poll WordPress plugin
  • Version(s): through 1.0.0
Published: August 1, 2024

CVE-2024-41260

None
    netbird
  • Version(s): 0.28.4
Published: August 1, 2024

CVE-2024-41264

None
    casdoor
  • Version(s): 1.636.0
Published: August 1, 2024

CVE-2024-41265

None
    cortex
  • Version(s): 0.42.1
Published: August 1, 2024

CVE-2024-6242

None
    Rockwell Automation ControlLogix controller
Published: August 1, 2024

CVE-2024-6990

None
    Google Chrome on Android
  • Version(s): prior to 127.0.6533.88
Published: August 1, 2024

CVE-2024-7255

None
    Google Chrome
  • Version(s): before 127.0.6533.88
Published: August 1, 2024

CVE-2024-7256

None
    Google Chrome on Android
  • Version(s): prior to 127.0.6533.88
Published: August 1, 2024

CVE-2024-4353

None
    Concrete CMS
  • Version(s): 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.3.0, 9.3.1, 9.3.2
Published: August 1, 2024

CVE-2024-41259

None
    Navidrome
  • Version(s): 0.52.3
Published: August 1, 2024

CVE-2024-7093

None
    Dispatch notification service
Published: August 1, 2024

CVE-2024-32758

None
    ExacqVision
Published: August 1, 2024
Click here to see more Vulnerabilities