Tag: 2024-08-05

5 Attack Reports | 93 Vulnerabilities

Attack reports

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

Volexity detected and responded to multiple incidents involving systems infected with malware linked to StormBamboo, a threat actor known for compromising internet service providers (ISPs) and leveraging DNS poisoning to redirect software update traffic to attacker-controlled servers hosting malici…
malware
dazzlespy
macma
2024-08-05
reloadext
dns poisoning
osx.cdds
pocostick
insecure updates
Published: August 5, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 2

CheckMesh: Hidden Threats in Your FW

This report examines an advanced cyber-attack targeting an Israeli enterprise, where a sophisticated threat actor compromised a Check Point firewall by deploying a malicious ELF implant known as MeshAgent. The implant, disguised as a legitimate process, enabled encrypted communication with the atta…
credential theft
lateral movement
2024-08-05
meshagent
encrypted communication
advanced persistent threat
firewall compromise
Published: August 5, 2024
Downloadable IOCs: 9

RHADAMANTHYS: In-Depth Analysis of a Sophisticated Stealer Targeting Israeli Users

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…
phishing
evasion
rhadamanthys
stealer
persistence
2024-08-05
israeli
Published: August 5, 2024
Downloadable IOCs: 5

Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and...

eSentire's Threat Response Unit (TRU) uncovered a malware campaign affecting a government customer. The infection involved multiple threats - XWorm, VenomRAT, PureLogs Stealer, and AsyncRAT - hosted on a TryCloudflare WebDAV server. The initial vector was a phishing email with a malicious ZIP file.…
xworm
phishing
government
asyncrat
venomrat
2024-08-05
purelogs stealer
Published: August 5, 2024
Downloadable IOCs: 7

Fighting Ursa Luring Targets With Car for Sale

This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofacy. The group utilized a phishing lure disguised as an advertisement for a car sale to distribute the HeadLace backdoor malware, likely targeting diplomats. The lure expl…
malware
backdoor
espionage
phishing
russia
headlace
2024-08-05
diplomats
Published: August 5, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 6
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-6915

9.3
    JFrog Artifactory
  • Version(s): below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18
Published: August 5, 2024

CVE-2024-7462

8.8
    TOTOLINK N350RT
  • Version(s): 9.3.5u.6139_B20201216
Published: August 5, 2024

CVE-2024-7463

8.8
    TOTOLINK CP900
  • Version(s): 6.3c.566
Published: August 5, 2024

CVE-2024-7465

8.8
    TOTOLINK CP450
  • Version(s): 4.1.0cu.747_B20191224
Published: August 5, 2024

CVE-2024-41376

8.8
    dzzoffice
  • Version(s): 2.02.1
Published: August 5, 2024

CVE-2024-23657

8.8
    Nuxt.js
  • Version(s): 1.3.9 and below
Published: August 5, 2024

CVE-2024-34344

8.8
    Nuxt.js
Published: August 5, 2024

CVE-2024-39713

8.6
    Rocket.Chat
  • Version(s): before 6.10.1
Published: August 5, 2024

CVE-2024-42352

8.6
    Nuxt.js
  • Version(s): 1.4.5 and below
Published: August 5, 2024

CVE-2024-21481

8.4
    Qualcomm Resource Manager
Published: August 5, 2024

CVE-2024-23381

8.4
    Qualcomm Snapdragon processors
Published: August 5, 2024

CVE-2024-23382

8.4
    Qualcomm Graphics Kernel Driver
Published: August 5, 2024

CVE-2024-23383

8.4
    Qualcomm Kernel Driver
Published: August 5, 2024

CVE-2024-23384

8.4
    UNKNOWN
Published: August 5, 2024

CVE-2024-33021

8.4
    Qualcomm Product
Published: August 5, 2024

CVE-2024-33022

8.4
    Qualcomm HGSL driver
Published: August 5, 2024

CVE-2024-33023

8.4
    UNKNOWN
Published: August 5, 2024

CVE-2024-33027

8.4
    Qualcomm Snapdragon processors
Published: August 5, 2024

CVE-2024-33028

8.4
    Qualcomm Snapdragon
Published: August 5, 2024

CVE-2024-33034

8.4
    Qualcomm GPU driver
Published: August 5, 2024

CVE-2024-21980

7.9
    AMD Secure Processor (SNP firmware)
Published: August 5, 2024

CVE-2024-2937

7.8
    Arm Bifrost GPU Kernel Driver
  • Version(s): r41p0 - r49p0
    Arm Valhall GPU Kernel Driver
  • Version(s): r41p0 - r49p0
    Arm 5th Gen GPU Architecture Kernel Driver
  • Version(s): r41p0 - r49p0
Published: August 5, 2024

CVE-2024-4607

7.8
    Arm Bifrost GPU Kernel Driver
  • Version(s): r41p0 - r49p0
    Arm Valhall GPU Kernel Driver
  • Version(s): r41p0 - r49p0
    Arm 5th Gen GPU Architecture Kernel Driver
  • Version(s): r41p0 - r49p0
Published: August 5, 2024

CVE-2024-6472

7.8
    LibreOffice
  • Version(s): 24.2, before 24.2.5
Published: August 5, 2024

CVE-2024-23355

7.8
    UNKNOWN
Published: August 5, 2024

CVE-2024-23356

7.8
    UNKNOWN
Published: August 5, 2024

CVE-2024-41959

7.6
    mailcow: dockerized
  • Version(s): 2024-07
Published: August 5, 2024

CVE-2024-7409

7.5
    QEMU
Published: August 5, 2024

CVE-2024-21479

7.5
    Unknown
Published: August 5, 2024

CVE-2024-23352

7.5
    UNKNOWN
Published: August 5, 2024

CVE-2024-23353

7.5
    Qualcomm
Published: August 5, 2024

CVE-2024-33010

7.5
    Qualcomm WiFi driver
Published: August 5, 2024

CVE-2024-33011

7.5
    Qualcomm Atheros WiFi Driver
Published: August 5, 2024

CVE-2024-33012

7.5
    Qualcomm WiFi Chipsets
Published: August 5, 2024

CVE-2024-33013

7.5
    Qualcomm driver
Published: August 5, 2024

CVE-2024-33014

7.5
    QUALCOMM WiFi driver
Published: August 5, 2024

CVE-2024-33015

7.5
    Qualcomm Wi-Fi driver
Published: August 5, 2024

CVE-2024-33018

7.5
    QUALCOMM products
  • Version(s): UNKNOWN
Published: August 5, 2024

CVE-2024-33019

7.5
    Qualcomm WiFi SoC
Published: August 5, 2024

CVE-2024-33020

7.5
    UNKNOWN
Published: August 5, 2024

CVE-2024-33024

7.5
    Qualcomm products
Published: August 5, 2024

CVE-2024-33025

7.5
    Qualcomm products
Published: August 5, 2024

CVE-2024-33026

7.5
    Qualcomm WiFi driver for Linux
Published: August 5, 2024

CVE-2024-7461

7.3
    ForIP Tecnologia Administração PABX
  • Version(s): 1.x
Published: August 5, 2024

CVE-2024-41958

6.6
    mailcow: dockerized
  • Version(s): 2024-07
Published: August 5, 2024

CVE-2024-21459

6.5
    Qualcomm WiFi chipset driver
Published: August 5, 2024

CVE-2024-21467

6.5
    Qualcomm WiFi drivers
Published: August 5, 2024

CVE-2024-23350

6.5
    UNKNOWN
Published: August 5, 2024

CVE-2024-7464

6.3
    TOTOLINK CP900
  • Version(s): 6.3c.566
Published: August 5, 2024

CVE-2024-7467

6.3
    Raisecom MSG1200
  • Version(s): 3.90
    Raisecom MSG2100E
  • Version(s): 3.90
    Raisecom MSG2200
  • Version(s): 3.90
    Raisecom MSG2300
  • Version(s): 3.90
Published: August 5, 2024

CVE-2024-7468

6.3
    Raisecom MSG1200, MSG2100E, MSG2200, MSG2300
  • Version(s): 3.90
Published: August 5, 2024

CVE-2024-7469

6.3
    Raisecom MSG1200, MSG2100E, MSG2200, MSG2300
  • Version(s): 3.90
Published: August 5, 2024

CVE-2024-7470

6.3
    Raisecom MSG1200
  • Version(s): 3.90
    Raisecom MSG2100E
  • Version(s): 3.90
    Raisecom MSG2200
  • Version(s): 3.90
    Raisecom MSG2300
  • Version(s): 3.90
Published: August 5, 2024

CVE-2024-34343

6.3
    Nuxt.js
  • Version(s): 3.12.4
Published: August 5, 2024

CVE-2024-23357

6.2
    UNKNOWN
Published: August 5, 2024

CVE-2024-5081

6.1
    WP eMember WordPress plugin
  • Version(s): before v10.7.0
Published: August 5, 2024

CVE-2023-31355

6.0
    AMD Secure Nested Paging (SNP) firmware
Published: August 5, 2024

CVE-2024-21978

6.0
    AMD SEV-SNP
Published: August 5, 2024

CVE-2024-41820

6.0
    Kubean
  • Version(s): 0.18.0
Published: August 5, 2024

CVE-2024-7383

5.9
    libnbd
Published: August 5, 2024

CVE-2024-41816

5.4
    Cooked plugin for WordPress
  • Version(s): up to 1.8.0
Published: August 5, 2024

CVE-2024-6270

4.8
    Community Events WordPress plugin
  • Version(s): before 1.5.1
Published: August 5, 2024

CVE-2024-41811

3.9
    ipl/web
  • Version(s): 0.10.1
    icinga-php-library
  • Version(s): before 0.14.1
Published: August 5, 2024

CVE-2024-41960

3.8
    mailcow: dockerized
  • Version(s): 2024-07
Published: August 5, 2024

CVE-2024-42350

3.0
    Biscuit Token
  • Version(s): 4.x
Published: August 5, 2024

CVE-2024-7466

2.4
    PMWeb
  • Version(s): 7.2.00
Published: August 5, 2024

CVE-2024-39838

None
    ZWX-2000CSW2-HN firmware
  • Version(s): before Ver.0.3.15
Published: August 5, 2024

CVE-2024-41720

None
    ZWX-2000CSW2-HN
  • Version(s): before Ver.0.3.15
Published: August 5, 2024

CVE-2024-41889

None
    Pimax products
Published: August 5, 2024

CVE-2024-6117

None
    Hamastar MeetingHub Paperless Meetings
  • Version(s): 2021
Published: August 5, 2024

CVE-2024-6118

None
    Hamastar MeetingHub Paperless Meetings
  • Version(s): 2021
Published: August 5, 2024

CVE-2024-2232

None
    WordPress
Published: August 5, 2024

CVE-2024-3636

None
    Pinpoint Booking System WordPress plugin
  • Version(s): before 2.9.9.4.8
Published: August 5, 2024

CVE-2024-6498

None
    Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin
  • Version(s): before 2.4.4
Published: August 5, 2024

CVE-2024-6710

None
    Ditty WordPress plugin
  • Version(s): before 3.1.45
Published: August 5, 2024

CVE-2024-42447

None
    Apache Airflow Providers FAB
  • Version(s): 1.2.1 (when used with Apache Airflow 2.9.3), 1.2.0 for all Airflow versions
Published: August 5, 2024

CVE-2024-38856

None
    Apache OFBiz
  • Version(s): through 18.12.14
Published: August 5, 2024

CVE-2024-36448

None
    Apache IoTDB Workbench
  • Version(s): 0.13.0+
Published: August 5, 2024

CVE-2024-40096

None
    Who - Caller ID, Spam Block
  • Version(s): 15.0
Published: August 5, 2024

CVE-2024-6865

None
    UNKNOWN
Published: August 5, 2024

CVE-2024-7395

None
    Korenix JetPort 5601v3
  • Version(s): through 1.2
Published: August 5, 2024

CVE-2024-7396

None
    Korenix JetPort 5601v3
  • Version(s): up to 1.2
Published: August 5, 2024

CVE-2024-7397

None
    Korenix JetPort 5601v3
  • Version(s): through 1.2
Published: August 5, 2024

CVE-2024-40530

None
    UAB Lexita PanteraCRM CMS
  • Version(s): v.401.152, v.402.072
Published: August 5, 2024

CVE-2024-40531

None
    Lexita PanteraCRM CMS
  • Version(s): v.401.152
    Patera CRM CMS
  • Version(s): v.402.072
Published: August 5, 2024

CVE-2024-40498

None
    PuneethReddyHC Online Shopping sysstem advanced
  • Version(s): 1.0
Published: August 5, 2024

CVE-2024-41200

None
    KMPlayer
  • Version(s): 4.2.2.65
Published: August 5, 2024

CVE-2024-41380

None
    microweber
  • Version(s): 2.0.16
Published: August 5, 2024

CVE-2024-41381

None
    microweber
  • Version(s): 2.0.16
Published: August 5, 2024

CVE-2024-42008

None
    Roundcube
  • Version(s): 1.5.7, 1.6.x - 1.6.7
Published: August 5, 2024

CVE-2024-42009

None
    Roundcube
  • Version(s): 1.5.7, 1.6.x - 1.6.7
Published: August 5, 2024

CVE-2024-42010

None
    Roundcube
  • Version(s): 1.5.7, 1.6.x - 1.6.7
Published: August 5, 2024

CVE-2024-6361

None
    OpenText ALM Octane
  • Version(s): before 23.4
Published: August 5, 2024
Click here to see more Vulnerabilities