Tag: 2024-08-02

7 Attack Reports | 67 Vulnerabilities

Attack reports

BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…
backdoor
espionage
exfiltration
persistence
lateral movement
2024-08-02
bitsloth
Published: August 2, 2024
Downloadable IOCs: 8

Brief Overview of the DeerStealer Distribution Campaign

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…
phishing
stealer
c2
deerstealer
2024-08-02
xfiles
xor
Published: August 2, 2024
Downloadable IOCs: 28

BingoMod: The new android RAT that steals money and wipes data

In late May 2024, a new Android Remote Access Trojan (RAT) named BingoMod emerged, aiming to initiate fraudulent money transfers from compromised devices using a technique called On-Device Fraud (ODF). After installation, BingoMod steals sensitive information, conducts overlay attacks, and provides…
rat
android
fraud
banking
2024-08-02
bingomod
Published: August 2, 2024
Downloadable IOCs: 3

DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain

This intelligence analysis examines the Black Basta ransomware campaign, which has significantly impacted businesses and critical infrastructure across North America, Europe, and Australia. The report highlights Infoblox's ability to identify and block over 78% of the malicious domains associated w…
ransomware
dns
black basta
2024-08-02
threat intelligence
Published: August 2, 2024
Downloadable IOCs: 1

MirrorFace Attack against Japanese Organisations

The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese organizations. It describes the NOOPDOOR malware's execution flow, obfuscation techniques, functionality, and the tactics, techniques, and procedures employed by the attac…
malware
apt
2024-08-02
lodeinfo
noopdoor
ttp
Published: August 2, 2024
Downloadable IOCs: 27

Detecting evolving threats: NetSupport RAT campaign

This analysis examines a recent malware campaign that utilizes the NetSupport RAT, a legitimate remote administration tool, for persistent infections. The threat actors behind this campaign employ obfuscation techniques and updates to evade detection. However, by identifying weaknesses in the obfus…
obfuscation
rat
malvertising
powershell
persistence
netsupport rat
2024-08-02
Published: August 2, 2024
Downloadable IOCs: 3

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…
apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn
Published: August 2, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-7314

9.8
    anji-plus AJ-Report
Published: August 2, 2024

CVE-2024-42348

9.3
    FOG Project
  • Version(s): 1.5.10.41.2, 1.5.10.41.3, 1.6.0-beta.1395
Published: August 2, 2024

CVE-2024-3238

8.8
    Superfly Responsive Menu plugin for WordPress
  • Version(s): up to 5.0.29
Published: August 2, 2024

CVE-2024-27181

8.8
    Apache Linkis
  • Version(s): <= 1.5.0
Published: August 2, 2024

CVE-2024-40720

8.8
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-40721

8.8
    TCBServiSign Windows Version
  • Version(s): UNKNOWN
Published: August 2, 2024

CVE-2024-7029

8.8
    UNKNOWN
Published: August 2, 2024

CVE-2024-41127

8.3
    Monkeytype
  • Version(s): before 24.30.0
Published: August 2, 2024

CVE-2024-38877

8.2
    Omnivise T3000 Application Server
  • Version(s): All versions
    Omnivise T3000 Domain Controller
  • Version(s): All versions
    Omnivise T3000 Network Intrusion Detection System (NIDS)
  • Version(s): All versions
    Omnivise T3000 Product Data Management (PDM)
  • Version(s): All versions
    Omnivise T3000 Security Server
  • Version(s): All versions
    Omnivise T3000 Terminal Server
  • Version(s): All versions
    Omnivise T3000 Thin Client
  • Version(s): All versions
    Omnivise T3000 Whitelisting Server
  • Version(s): All versions
Published: August 2, 2024

CVE-2024-39392

7.8
    InDesign Desktop
  • Version(s): 18.5.2, 19.3 and earlier
Published: August 2, 2024

CVE-2024-38876

7.8
    Omnivise T3000 Application Server
  • Version(s): >= R9.2
    Omnivise T3000 Domain Controller
  • Version(s): >= R9.2
    Omnivise T3000 Product Data Management (PDM)
  • Version(s): >= R9.2
    Omnivise T3000 Terminal Server
  • Version(s): >= R9.2
    Omnivise T3000 Thin Client
  • Version(s): >= R9.2
    Omnivise T3000 Whitelisting Server
  • Version(s): >= R9.2
Published: August 2, 2024

CVE-2024-7389

7.5
    Forminator plugin for WordPress
  • Version(s): up to 1.29.1
Published: August 2, 2024

CVE-2024-38879

7.5
    Omnivise T3000 Application Server
  • Version(s): All versions
Published: August 2, 2024

CVE-2024-7319

7.4
    openstack-heat
Published: August 2, 2024

CVE-2024-38878

7.2
    Omnivise T3000 Application Server
  • Version(s): All versions
Published: August 2, 2024

CVE-2024-38776

7.1
    WP GoToWebinar
  • Version(s): from n/a, through 15.7
Published: August 2, 2024

CVE-2024-38482

6.6
    CloudLink
  • Version(s): 7.1.x, 8.x
Published: August 2, 2024

CVE-2024-40719

6.5
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-7323

6.5
    Digiwin EasyFlow .NET
Published: August 2, 2024

CVE-2024-3827

6.4
    Spectra Pro plugin for WordPress
  • Version(s): up to 1.1.4
Published: August 2, 2024

CVE-2024-4643

6.4
    Element Pack Elementor Addons plugin for WordPress
  • Version(s): up to 5.7.1
Published: August 2, 2024

CVE-2024-7372

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7373

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7374

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7375

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7376

6.3
    Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7377

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7378

6.3
    SourceCodester Simple Realtime Quiz System
  • Version(s): 1.0
Published: August 2, 2024

CVE-2024-7204

6.1
    Ai3 QbiBot
Published: August 2, 2024

CVE-2024-39396

5.5
    InDesign Desktop
  • Version(s): ID18.5.2, ID19.3 and earlier
Published: August 2, 2024

CVE-2024-22278

5.4
    Harbor
  • Version(s): <2.9.5, <2.10.3
Published: August 2, 2024

CVE-2024-5595

5.4
    Essential Blocks WordPress plugin
  • Version(s): before 4.7.0
Published: August 2, 2024

CVE-2024-6567

5.3
    Ebook Store plugin for WordPress
  • Version(s): up to 5.8001
Published: August 2, 2024

CVE-2024-42459

5.3
    Node.js
  • Version(s): 6.5.6
Published: August 2, 2024

CVE-2024-42460

5.3
    Node.js Elliptic package
  • Version(s): 6.5.6
Published: August 2, 2024

CVE-2024-6704

5.3
    Comments - wpDiscuz plugin for WordPress
  • Version(s): up to 7.6.21
Published: August 2, 2024

CVE-2024-42349

5.3
    FOG
  • Version(s): 1.5.10.41.4 and earlier
Published: August 2, 2024

CVE-2024-3056

4.8
    Podman
Published: August 2, 2024

CVE-2024-40722

4.3
    TCBServiSign Windows Version
Published: August 2, 2024

CVE-2024-40723

4.3
    HWATAIServiSign
  • Version(s): UNKNOWN
Published: August 2, 2024

CVE-2024-42458

None
    Neat VNC
  • Version(s): before 0.8.1
Published: August 2, 2024

CVE-2024-42461

None
    Node.js Elliptic package
  • Version(s): 6.5.6
Published: August 2, 2024

CVE-2024-27182

None
    Apache Linkis
  • Version(s): <= 1.5.0
Published: August 2, 2024

CVE-2024-36268

None
    Apache InLong
  • Version(s): 1.10.0 - 1.12.0
Published: August 2, 2024

CVE-2024-38890

None
    Horizon Business Services Inc. Caterease Software
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-41310

None
    AndServer
  • Version(s): 2.1.12
Published: August 2, 2024

CVE-2024-41517

None
    Feripro
  • Version(s): <= v2.2.3
Published: August 2, 2024

CVE-2024-41518

None
    Feripro
  • Version(s): <= v2.2.3
Published: August 2, 2024

CVE-2024-41519

None
    Feripro
  • Version(s): <= v2.2.3
Published: August 2, 2024

CVE-2024-33892

None
    Cosy+
  • Version(s): 21.x - 21.2s10, 22.x - 22.1s3
Published: August 2, 2024

CVE-2024-33893

None
    Cosy+
  • Version(s): below 21.2s10, below 22.1s3
Published: August 2, 2024

CVE-2024-33894

None
    Cosy+
  • Version(s): 21.2s10, 22.1s3
Published: August 2, 2024

CVE-2024-33895

None
    Cosy+
  • Version(s): below 21.2s10, below 22.1s3
Published: August 2, 2024

CVE-2024-33896

None
    Cosy+
  • Version(s): below 21.2s10, below 22.1s3
Published: August 2, 2024

CVE-2024-38881

None
    Caterease
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-38882

None
    Caterease
  • Version(s): 16.0.1.1663, 24.0.1.2405
Published: August 2, 2024

CVE-2024-38883

None
    Caterease by Horizon Business Services Inc.
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-38884

None
    Caterease
  • Version(s): 16.0.1.1663, 24.0.1.2405
Published: August 2, 2024

CVE-2024-38885

None
    Caterease
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-38886

None
    Caterease
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-22169

None
    WD Discovery
  • Version(s): before 5.0.589
Published: August 2, 2024

CVE-2024-28297

None
    AzureSoft MyHorus
  • Version(s): 4.3.5
Published: August 2, 2024

CVE-2024-28298

None
    BM SOFT BMPlanning
  • Version(s): 1.0.0.1
Published: August 2, 2024

CVE-2024-38888

None
    Caterease
  • Version(s): 16.0.1.1663, 24.0.1.2405
Published: August 2, 2024

CVE-2024-38889

None
    Caterease
  • Version(s): 16.0.1.1663 through 24.0.1.2405
Published: August 2, 2024

CVE-2024-38887

None
    Caterease
  • Version(s): 16.0.1.1663 - 24.0.1.2405
Published: August 2, 2024

CVE-2024-38891

None
    Caterease
  • Version(s): 16.0.1.1663 through 24.0.1.2405
Published: August 2, 2024
Click here to see more Vulnerabilities