Tag: 2024-08-02

7 Attack Reports | 67 Vulnerabilities

Attack reports

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…
backdoor
espionage
exfiltration
persistence
lateral movement
2024-08-02
bitsloth
Published: August 2, 2024
Downloadable IOCs: 8

Brief Overview of the DeerStealer Distribution Campaign

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…
phishing
stealer
c2
deerstealer
2024-08-02
xfiles
xor
Published: August 2, 2024
Downloadable IOCs: 28

BingoMod: The new android RAT that steals money and wipes data

In late May 2024, a new Android Remote Access Trojan (RAT) named BingoMod emerged, aiming to initiate fraudulent money transfers from compromised devices using a technique called On-Device Fraud (ODF). After installation, BingoMod steals sensitive information, conducts overlay attacks, and provides…
rat
android
fraud
banking
2024-08-02
bingomod
Published: August 2, 2024
Downloadable IOCs: 3

DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain

This intelligence analysis examines the Black Basta ransomware campaign, which has significantly impacted businesses and critical infrastructure across North America, Europe, and Australia. The report highlights Infoblox's ability to identify and block over 78% of the malicious domains associated w…
ransomware
dns
black basta
2024-08-02
threat intelligence
Published: August 2, 2024
Linked vulnerabilities : CVE-2024-1700
Downloadable IOCs: 1

MirrorFace Attack against Japanese Organisations

The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese organizations. It describes the NOOPDOOR malware's execution flow, obfuscation techniques, functionality, and the tactics, techniques, and procedures employed by the attac…
malware
apt
2024-08-02
lodeinfo
noopdoor
ttp
Published: August 2, 2024
Linked vulnerabilities : CVE-2022-1388
Downloadable IOCs: 27

Detecting evolving threats: NetSupport RAT campaign

This analysis examines a recent malware campaign that utilizes the NetSupport RAT, a legitimate remote administration tool, for persistent infections. The threat actors behind this campaign employ obfuscation techniques and updates to evade detection. However, by identifying weaknesses in the obfus…
obfuscation
rat
malvertising
powershell
persistence
netsupport rat
2024-08-02
Published: August 2, 2024
Downloadable IOCs: 3

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…
apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn
Published: August 2, 2024
Linked vulnerabilities : CVE-2018-0824
Downloadable IOCs: 13
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-7314

9.8
    anji-plus AJ-Report
Published: August 2, 2024

CVE-2024-42348

9.3
    FOG Project
Published: August 2, 2024

CVE-2024-3238

8.8
    Superfly Responsive Menu plugin for WordPress
Published: August 2, 2024

CVE-2024-27181

8.8
    Apache Linkis
Published: August 2, 2024

CVE-2024-40720

8.8
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-40721

8.8
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-7029

8.8
    UNKNOWN
Published: August 2, 2024

CVE-2024-41127

8.3
    Monkeytype
Published: August 2, 2024

CVE-2024-38877

8.2
    Omnivise T3000 Application Server
    Omnivise T3000 Domain Controller
    Omnivise T3000 Network Intrusion Detection System (NIDS)
    Omnivise T3000 Product Data Management (PDM)
    Omnivise T3000 Security Server
    Omnivise T3000 Terminal Server
    Omnivise T3000 Thin Client
    Omnivise T3000 Whitelisting Server
Published: August 2, 2024

CVE-2024-39392

7.8
    InDesign Desktop
Published: August 2, 2024

CVE-2024-38876

7.8
    Omnivise T3000 Application Server
    Omnivise T3000 Domain Controller
    Omnivise T3000 Product Data Management (PDM)
    Omnivise T3000 Terminal Server
    Omnivise T3000 Thin Client
    Omnivise T3000 Whitelisting Server
Published: August 2, 2024

CVE-2024-7389

7.5
    Forminator plugin for WordPress
Published: August 2, 2024

CVE-2024-38879

7.5
    Omnivise T3000 Application Server
Published: August 2, 2024

CVE-2024-7319

7.4
    openstack-heat
Published: August 2, 2024

CVE-2024-38878

7.2
    Omnivise T3000 Application Server
Published: August 2, 2024

CVE-2024-38776

7.1
    WP GoToWebinar
Published: August 2, 2024

CVE-2024-38482

6.6
    CloudLink
Published: August 2, 2024

CVE-2024-40719

6.5
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-7323

6.5
    Digiwin EasyFlow .NET
Published: August 2, 2024

CVE-2024-3827

6.4
    Spectra Pro plugin for WordPress
Published: August 2, 2024

CVE-2024-4643

6.4
    Element Pack Elementor Addons plugin for WordPress
Published: August 2, 2024

CVE-2024-7372

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7373

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7374

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7375

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7376

6.3
    Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7377

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7378

6.3
    SourceCodester Simple Realtime Quiz System
Published: August 2, 2024

CVE-2024-7204

6.1
    Ai3 QbiBot
Published: August 2, 2024

CVE-2024-39396

5.5
    InDesign Desktop
Published: August 2, 2024

CVE-2024-22278

5.4
    Harbor
Published: August 2, 2024

CVE-2024-5595

5.4
    Essential Blocks WordPress plugin
Published: August 2, 2024

CVE-2024-6567

5.3
    Ebook Store plugin for WordPress
Published: August 2, 2024

CVE-2024-42459

5.3
    Node.js
Published: August 2, 2024

CVE-2024-42460

5.3
    Node.js Elliptic package
Published: August 2, 2024

CVE-2024-6704

5.3
    Comments - wpDiscuz plugin for WordPress
Published: August 2, 2024

CVE-2024-42349

5.3
    FOG
Published: August 2, 2024

CVE-2024-3056

4.8
    Podman
Published: August 2, 2024

CVE-2024-40722

4.3
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-40723

4.3
    HWATAIServiSign
Published: August 2, 2024

CVE-2024-42458

None
    Neat VNC
Published: August 2, 2024

CVE-2024-42461

None
    Node.js Elliptic package
Published: August 2, 2024

CVE-2024-27182

None
    Apache Linkis
Published: August 2, 2024

CVE-2024-36268

None
    Apache InLong
Published: August 2, 2024

CVE-2024-38890

None
    Horizon Business Services Inc. Caterease Software
Published: August 2, 2024

CVE-2024-41310

None
    AndServer
Published: August 2, 2024

CVE-2024-41517

None
    Feripro
Published: August 2, 2024

CVE-2024-41518

None
    Feripro
Published: August 2, 2024

CVE-2024-41519

None
    Feripro
Published: August 2, 2024

CVE-2024-33892

None
    Cosy+
Published: August 2, 2024

CVE-2024-33893

None
    Cosy+
Published: August 2, 2024

CVE-2024-33894

None
    Cosy+
Published: August 2, 2024

CVE-2024-33895

None
    Cosy+
Published: August 2, 2024

CVE-2024-33896

None
    Cosy+
Published: August 2, 2024

CVE-2024-38881

None
    Caterease
Published: August 2, 2024

CVE-2024-38882

None
    Caterease
Published: August 2, 2024

CVE-2024-38883

None
    Caterease by Horizon Business Services Inc.
Published: August 2, 2024

CVE-2024-38884

None
    Caterease
Published: August 2, 2024

CVE-2024-38885

None
    Caterease
Published: August 2, 2024

CVE-2024-38886

None
    Caterease
Published: August 2, 2024

CVE-2024-22169

None
    WD Discovery
Published: August 2, 2024

CVE-2024-28297

None
    AzureSoft MyHorus
Published: August 2, 2024

CVE-2024-28298

None
    BM SOFT BMPlanning
Published: August 2, 2024

CVE-2024-38888

None
    Caterease
Published: August 2, 2024

CVE-2024-38889

None
    Caterease
Published: August 2, 2024

CVE-2024-38887

None
    Caterease
Published: August 2, 2024

CVE-2024-38891

None
    Caterease
Published: August 2, 2024
Click here to see more Vulnerabilities