Tag: 2024-08-16

10 Attack Reports | 67 Vulnerabilities

Attack reports

Disrupting a covert Iranian influence operation

OpenAI is committed to preventing abuse and improving transparency around AI-generated content. This includes our work to detect and stop covert influence operations (IO), which try to manipulate public opinion or influence political outcomes while hiding the true identity or intentions of the acto…
social media
2024-08-16
chatgpt
storm-2035
geopolitical
ai-generated content
Published: August 16, 2024
Downloadable IOCs: 5

PrestaShop GTAG Websocket Skimmer

During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website. While PrestaShop is not the most popular eCommerce solution for online stores it is still in the top 10 most common ecommerce p…
2024-08-16
php
base64
credit card skimmer
prestashop
Published: August 16, 2024
Downloadable IOCs: 1

Ransomware attackers introduce new EDR killer to their arsenal

An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
ransomware
ransomhub
privilege escalation
2024-08-16
edr evasion
driver exploitation
edrkillshifter
Published: August 16, 2024
Downloadable IOCs: 2

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

FortiGuard Labs recently encountered an ongoing malware campaign specifically targeting Chinese speakers. The attack utilizes a multi-stage malware named ValleyRAT, which employs diverse techniques to monitor and control victims while deploying arbitrary plugins. A notable characteristic is its hea…
windows registry
shellcode
valleyrat
2024-08-16
sandbox evasion
cmstplua com class
Published: August 16, 2024
Downloadable IOCs: 34

Beyond the wail: deconstructing the BANSHEE infostealer

This analysis details the BANSHEE malware, a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets. Developed by Russian threat actors, it operates across macOS x86_64 and ARM64 architectures. The malware is designed to evade detection through anti-debugg…
infostealer
macos
2024-08-16
c++
banshee stealer
sysctl api
Published: August 16, 2024
Downloadable IOCs: 2

MINT STEALER: Running by a BulletProof Hoster

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…
python
mint stealer
2024-08-16
cash ransomware
Published: August 16, 2024
Downloadable IOCs: 20

2024 Paris Olympic Games Infrastructure Attack Report

This report examines the malicious activities surrounding the 2024 Paris Olympic Games, where adversaries set up fraudulent social media profiles, online stores, ticketing systems, and cryptocurrencies to exploit the event's popularity. Researchers analyzed newly registered domains (NRDs) before th…
phishing
cryptocurrency
cybercrime
fraud
olympics
2024-08-16
Published: August 16, 2024
Downloadable IOCs: 148

Campaign uses infostealers and clippers for financial gain

Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and Stea…
phishing
evasion
infostealer
cryptocurrency
injection
danabot
stealc
russian
2024-08-16
clipper
Published: August 16, 2024
Downloadable IOCs: 68

FIN7: The Truth Doesn't Need to be so STARK

In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating…
cybercrime
2024-08-16
cybersecurity collaboration
financially motivated
threat group
malicious infrastructure
Published: August 16, 2024
Downloadable IOCs: 103

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
extortion
cloud
credentials
aws
2024-08-16
scanning
automation
compromised
Published: August 16, 2024
Downloadable IOCs: 37
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-7851

9.8
    Oretnom23
  • Yoga Class Registration System
Published: August 16, 2024

CVE-2024-6460

9.8
    Grow by Tradedoubler WordPress plugin
  • Version(s): 2.0.21
Published: August 16, 2024

CVE-2024-42462

9.8
    Upkeeper
  • Upkeeper Manager
Published: August 16, 2024

CVE-2024-42465

9.8
    Upkeeper
  • Upkeeper Manager
Published: August 16, 2024

CVE-2024-42466

9.8
    Upkeeper
  • Upkeeper Manager
Published: August 16, 2024

CVE-2024-42634

9.8
    Tenda AC9
  • Version(s): v15.03.06.42
Published: August 16, 2024

CVE-2024-42637

9.8
    H3C R3010
  • Version(s): v100R002L02
Published: August 16, 2024

CVE-2024-42638

9.8
    H3c
  • Magic B1st Firmware
  • Magic B1st
Published: August 16, 2024

CVE-2024-42639

9.8
    H3C GR1100-P
  • Version(s): v100R009
Published: August 16, 2024

CVE-2022-33162

9.8
    Ibm
  • Security Directory Integrator
  • Security Verify Directory Integrator
Published: August 16, 2024

CVE-2024-42850

9.8
    Silverpeas
  • Version(s): 6.4.2 and lower
Published: August 16, 2024

CVE-2024-43042

9.8
    Pluck-Cms
  • Pluck
Published: August 16, 2024

CVE-2024-7849

8.8
    D-Link DNS-120
  • Version(s): up to 20240814
    D-Link DNR-202L
  • Version(s): up to 20240814
    D-Link DNS-315L
  • Version(s): up to 20240814
    D-Link DNS-320
  • Version(s): up to 20240814
    D-Link DNS-320L
  • Version(s): up to 20240814
    D-Link DNS-320LW
  • Version(s): up to 20240814
    D-Link DNS-321
  • Version(s): up to 20240814
    D-Link DNR-322L
  • Version(s): up to 20240814
    D-Link DNS-323
  • Version(s): up to 20240814
    D-Link DNS-325
  • Version(s): up to 20240814
    D-Link DNS-326
  • Version(s): up to 20240814
    D-Link DNS-327L
  • Version(s): up to 20240814
    D-Link DNR-326
  • Version(s): up to 20240814
    D-Link DNS-340L
  • Version(s): up to 20240814
    D-Link DNS-343
  • Version(s): up to 20240814
    D-Link DNS-345
  • Version(s): up to 20240814
    D-Link DNS-726-4
  • Version(s): up to 20240814
    D-Link DNS-1100-4
  • Version(s): up to 20240814
    D-Link DNS-1200-05
  • Version(s): up to 20240814
    D-Link DNS-1550-04
  • Version(s): up to 20240814
Published: August 16, 2024

CVE-2024-7853

8.8
    Oretnom23
  • Yoga Class Registration System
Published: August 16, 2024

CVE-2024-7146

8.8
    JetTabs for Elementor plugin for WordPress
  • Version(s): up to 2.2.3
Published: August 16, 2024

CVE-2024-7145

8.8
    Crocoblock
  • Jetelements
Published: August 16, 2024

CVE-2024-7646

8.8
    ingress-nginx
Published: August 16, 2024

CVE-2024-42995

8.3
    VTiger CRM
  • Version(s): <= 8.1.0
Published: August 16, 2024

CVE-2024-43472

8.3
    Microsoft
  • Edge Chromium
Published: August 16, 2024

CVE-2024-43395

8.2
    CraftOS-PC 2
  • Version(s): before 2.8.3
Published: August 16, 2024

CVE-2024-43378

7.8
    calamares-nixos-extensions
  • Version(s): < 0.3.17
Published: August 16, 2024

CVE-2024-2175

7.8
    Lenovo Display Control Center (LDCC)
    Lenovo Accessories and Display Manager (LADM)
Published: August 16, 2024

CVE-2024-4763

7.8
    Lenovo Display Control Center (LDCC)
    Lenovo Accessories and Display Manager (LADM)
Published: August 16, 2024

CVE-2024-7886

7.8
    Beyond Compare
  • Version(s): up to 3.3.5.15075
Published: August 16, 2024

CVE-2024-7845

7.5
    Tamparongj 03
  • Online Graduate Tracer System
Published: August 16, 2024

CVE-2024-43369

7.2
    Ibexa Platform
  • Version(s): 4.6.0 - 4.6.9
Published: August 16, 2024

CVE-2024-43370

7.2
    gettext.js
  • Version(s): 2.0.3
Published: August 16, 2024

CVE-2024-7301

7.2
    WordPress File Upload plugin
  • Version(s): up to 4.24.8
Published: August 16, 2024

CVE-2024-42994

7.2
    VTiger CRM
  • Version(s): <= 8.1.0
Published: August 16, 2024

CVE-2024-25008

6.8
    Ericsson RAN Compute and Site Controller 6610
Published: August 16, 2024

CVE-2024-42463

6.5
    Upkeeper
  • Upkeeper Manager
Published: August 16, 2024

CVE-2024-42464

6.5
    Upkeeper
  • Upkeeper Manager
Published: August 16, 2024

CVE-2024-4781

6.5
    Lenovo printers
Published: August 16, 2024

CVE-2024-4782

6.5
    Lenovo printers
Published: August 16, 2024

CVE-2024-5209

6.5
    Lenovo printers
Published: August 16, 2024

CVE-2024-5210

6.5
    Lenovo printers
Published: August 16, 2024

CVE-2024-6004

6.5
    Lenovo printers
Published: August 16, 2024

CVE-2024-42849

6.5
    Silverpeas
  • Version(s): 6.4.2 and lower
Published: August 16, 2024

CVE-2023-47728

6.5
    Ibm
  • Cloud Pak For Security
  • Qradar Suite
Published: August 16, 2024

CVE-2024-7136

6.4
    JetSearch plugin for WordPress
  • Version(s): up to 3.5.2
Published: August 16, 2024

CVE-2024-7147

6.4
    JetBlocks for Elementor plugin for WordPress
  • Version(s): up to 1.3.12
Published: August 16, 2024

CVE-2024-43809

6.1
    Jetbrains
  • Teamcity
Published: August 16, 2024

CVE-2024-7852

5.4
    Oretnom23
  • Yoga Class Registration System
Published: August 16, 2024

CVE-2024-7144

5.4
    Crocoblock
  • Jetelements
Published: August 16, 2024

CVE-2024-42486

5.4
    Cilium
  • Version(s): 1.15.8, 1.16.1
Published: August 16, 2024

CVE-2024-43381

5.4
    Yogeshojha
  • Rengine
Published: August 16, 2024

CVE-2024-43807

5.4
    Jetbrains
  • Teamcity
Published: August 16, 2024

CVE-2024-43808

5.4
    Jetbrains
  • Teamcity
Published: August 16, 2024

CVE-2024-43810

5.4
    Jetbrains
  • Teamcity
Published: August 16, 2024

CVE-2024-42758

5.4
    Dokuwiki
  • Version(s): v2024-01-05
Published: August 16, 2024

CVE-2024-43006

5.4
    ZZCMS
  • Version(s): 2023
Published: August 16, 2024

CVE-2024-7630

5.3
    Relevanssi – A Better Search plugin for WordPress
  • Version(s): up to 4.22.2
Published: August 16, 2024

CVE-2024-6098

5.3
    Kepware
Published: August 16, 2024

CVE-2024-43011

4.9
    ZZCMS
  • Version(s): 2023 and earlier
Published: August 16, 2024

CVE-2024-43005

4.7
    ZZCMS
  • Version(s): v2023
Published: August 16, 2024

CVE-2024-43009

4.7
    ZZCMS
  • Version(s): 2023 and earlier
Published: August 16, 2024

CVE-2024-43374

4.5
    Vim
  • Version(s): before 9.1.0678
Published: August 16, 2024

CVE-2022-3399

4.4
    Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress
  • Version(s): up to 2.4.17.1
Published: August 16, 2024

CVE-2023-7049

4.3
    Custom Field For WP Job Manager plugin for WordPress
  • Version(s): up to 1.2
Published: August 16, 2024

CVE-2024-7422

4.3
    Theme My Login plugin for WordPress
  • Version(s): up to 7.1.7
Published: August 16, 2024

CVE-2024-7501

4.2
    Download Plugins and Themes in ZIP from Dashboard plugin for WordPress
  • Version(s): up to 1.8.7
Published: August 16, 2024

CVE-2023-2920

None
    UNKNOWN
Published: August 16, 2024

CVE-2024-25837

None
    October CMS Bloghub Plugin
  • Version(s): 1.3.8 and lower
Published: August 16, 2024

CVE-2022-4405

None
    UNKNOWN
Published: August 16, 2024

CVE-2023-5888

None
    UNKNOWN
Published: August 16, 2024

CVE-2023-3207

None
    UNKNOWN
Published: August 16, 2024

CVE-2023-4717

None
    UNKNOWN
Published: August 16, 2024
Click here to see more Vulnerabilities