Tag: 2024-08-30

7 Attack Reports | 71 Vulnerabilities

Attack reports

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

ESET researchers discovered two code execution vulnerabilities in WPS Office for Windows. CVE-2024-7262 was exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries. The vulnerability allowed arbitrary code execution via a malicious hyperlink in a spreadshee…
windows
vulnerability
plugin
CVE-2024-7262
CVE-2024-7263
2024-08-30
wps office
taskcontroler.dll
hyperlink
spyglace
spreadsheet
code execution
Published: August 30, 2024
Linked vulnerabilities : CVE-2024-7262, CVE-2024-7263, CVE-2024-7672 (CVSS 7.8), CVE-2924-7263, CVE-2022-24934
Downloadable IOCs: 5

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Between April and July 2024, Iranian state-sponsored threat actor Peach Sandstorm deployed a new custom multi-stage backdoor called Tickler. The malware targeted organizations in the satellite, communications equipment, oil and gas, and government sectors in the United States and UAE. Peach Sandsto…
backdoor
2024-08-30
azure abuse
password spray
satellite sector
government targets
tickler
linkedin intelligence gathering
tickler malware
iranian threat actor
Published: August 30, 2024
Downloadable IOCs: 9

StopRansomware: RansomHub Ransomware

RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
privilege-escalation
cobalt strike
encryption
CVE-2020-1472
ransomware-as-a-service
ransomhub
mimikatz
CVE-2023-3519
2024-08-30
metasploit
CVE-2023-22515
CVE-2023-46604
CVE-2017-0144
CVE-2023-48788
double-extortion
CVE-2023-27997
data-exfiltration
CVE-2023-46747
critical-infrastructure
CVE-2020-0787
lateral-movement
Published: August 30, 2024
Linked vulnerabilities : CVE-2020-1472, CVE-2023-46604, CVE-2023-22515, CVE-2020-0787, CVE-2017-0144, CVE-2023-3519, CVE-2023-27997, CVE-2023-48788, CVE-2023-46747
Downloadable IOCs: 14

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infiltrate systems in the Middle East region. The malware leverages a complex command-and-control infrastructure, involving newly registered domains designed to resemble legit…
malware
phishing
evasion
globalprotect
2024-08-30
cnc
globalprotect.exe
Published: August 30, 2024
Linked vulnerabilities : CVE-2023-22527
Downloadable IOCs: 5

Analyzing the Mekotio Trojan

The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. The dropper employs obfuscation techniques, such as custom XOR decryption, to conceal its operations. It collects system information, communicates with a command-and-contro…
malware
obfuscation
powershell
persistence
trojan
2024-08-30
mekotio trojan
Published: August 30, 2024
Downloadable IOCs: 2

Latrodectus Rapid Evolution Continues With Latest New Payload Features

This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
malware
icedid
analysis
payload
latrodectus
2024-08-30
evolution
Published: August 30, 2024
Downloadable IOCs: 10

Deep Analysis of Snake Keylogger’s New Variant

FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malw…
phishing
persistence
credential theft
CVE-2017-0199
keylogger
2024-08-30
process injection
snake keylogger
Published: August 30, 2024
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 8
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-45488

9.8
    One Identity Safeguard for Privileged Passwords
  • Version(s): before 7.5.2, 7.0.5.1 LTS, 7.4.2, 7.5.2
Published: August 30, 2024

CVE-2024-45490

9.8
    Libexpat Project
  • Libexpat
Published: August 30, 2024

CVE-2024-45491

9.8
    Libexpat Project
  • Libexpat
Published: August 30, 2024

CVE-2024-45492

9.8
    Libexpat Project
  • Libexpat
Published: August 30, 2024

CVE-2024-8331

9.8
    Openrapid
  • Rapidcms
Published: August 30, 2024

CVE-2024-8332

9.8
    Master-Nan
  • Sweet-Cms
Published: August 30, 2024

CVE-2024-8335

9.8
    Openrapid
  • Rapidcms
Published: August 30, 2024

CVE-2024-8336

9.8
    Oretnom23
  • Music Gallery Site
Published: August 30, 2024

CVE-2024-8339

9.8
    Oretnom23
  • Electric Billing Management System
Published: August 30, 2024

CVE-2024-8340

9.8
    Oretnom23
  • Electric Billing Management System
Published: August 30, 2024

CVE-2024-8341

9.8
    Nelzkie15
  • Pet Shop Management System
Published: August 30, 2024

CVE-2024-8343

9.8
    Oretnom23
  • Sentiment Based Movie Rating System
Published: August 30, 2024

CVE-2024-8345

9.8
    Oretnom23
  • Music Gallery Site
Published: August 30, 2024

CVE-2024-8346

9.8
    Oretnom23
  • Computer Laboratory Management System
Published: August 30, 2024

CVE-2024-8347

9.8
    Oretnom23
  • Computer Laboratory Management System
Published: August 30, 2024

CVE-2024-8348

9.8
    Oretnom23
  • Computer Laboratory Management System
Published: August 30, 2024

CVE-2024-3673

9.1
    Web Directory Free WordPress plugin
  • Version(s): before 1.7.3
Published: August 30, 2024

CVE-2024-2881

8.8
    Wolfssl
  • Wolfssl
    Linux
    Microsoft
Published: August 30, 2024

CVE-2024-8327

8.8
    Easy Test Online Learning And Testing Platform Project
  • Easy Test Online Learning And Testing Platform
Published: August 30, 2024

CVE-2024-8329

8.8
    6shr System Project
  • 6shr System
Published: August 30, 2024

CVE-2024-8330

8.8
    6shr System Project
  • 6shr System
Published: August 30, 2024

CVE-2024-2694

8.8
    Muffingroup
  • Betheme
Published: August 30, 2024

CVE-2024-8252

8.8
    Codection
  • Clean Login
Published: August 30, 2024

CVE-2024-8338

8.8
    Hfo4
  • Shudong-Share
Published: August 30, 2024

CVE-2024-8342

8.8
    Nelzkie15
  • Petshop Management System
Published: August 30, 2024

CVE-2024-8344

8.8
    Campcodes
  • Supplier Management System
Published: August 30, 2024

CVE-2024-38868

8.3
    Zohocorp
  • Manageengine Endpoint Central
Published: August 30, 2024

CVE-2024-8334

8.1
    Master-Nan
  • Sweet-Cms
Published: August 30, 2024

CVE-2024-6204

8.1
    Zohocorp
  • Manageengine Exchange Reporter Plus
Published: August 30, 2024

CVE-2024-8234

7.5
    Zyxel NWA1100-N firmware
  • Version(s): 1.00(AACE.1)C0
Published: August 30, 2024

CVE-2024-8260

7.3
    Openpolicyagent
  • Open Policy Agent
    Microsoft
Published: August 30, 2024

CVE-2024-6586

7.3
    Lightdash
  • Version(s): 0.1024.6
Published: August 30, 2024

CVE-2024-8016

7.2
    Theeventscalendar
  • Events Calendar Pro
Published: August 30, 2024

CVE-2024-44916

7.2
    Seacms
  • Version(s): 13.1
Published: August 30, 2024

CVE-2024-5784

6.3
    Tutorlms
  • Tutor Lms Pro
Published: August 30, 2024

CVE-2024-7858

6.3
    Maxfoundry
  • Media Library Folders
Published: August 30, 2024

CVE-2024-8235

6.2
    Redhat
  • Libvirt
  • Enterprise Linux
Published: August 30, 2024

CVE-2024-5024

6.1
    Memberpress
  • Memberpress
Published: August 30, 2024

CVE-2024-34577

6.1
    Elecom
  • Wrc-X3000gs2-B Firmware
  • Wrc-X3000gs2-B
  • Wrc-X3000gs2-W Firmware
  • Wrc-X3000gs2-W
  • Wrc-X3000gs2a-B Firmware
  • Wrc-X3000gs2a-B
Published: August 30, 2024

CVE-2024-42412

6.1
    Elecom
  • Wab-S1167-Ps Firmware
  • Wab-S1167-Ps
  • Wab-I1750-Ps Firmware
  • Wab-I1750-Ps
Published: August 30, 2024

CVE-2024-8274

6.1
    Wpbookingcalendar
  • Wp Booking Calendar
Published: August 30, 2024

CVE-2024-45047

6.1
    Svelte
  • Svelte
Published: August 30, 2024

CVE-2024-44682

6.1
    Shopxo
  • Shopxo
Published: August 30, 2024

CVE-2024-44683

6.1
    Seacms
  • Seacms
Published: August 30, 2024

CVE-2024-44684

6.1
    Tpmecms
  • Tpmecms
Published: August 30, 2024

CVE-2024-8285

5.9
    Redhat
  • Kroxylicious
Published: August 30, 2024

CVE-2024-44944

5.5
    Linux
  • Linux Kernel
Published: August 30, 2024

CVE-2022-48944

5.5
    Linux
  • Linux Kernel
Published: August 30, 2024

CVE-2024-8328

5.4
    Easy Test Online Learning And Testing Platform Project
  • Easy Test Online Learning And Testing Platform
Published: August 30, 2024

CVE-2024-4401

5.4
    Wpvibes
  • Elementor Addon Elements
Published: August 30, 2024

CVE-2024-5061

5.4
    Kriesi
  • Enfold
Published: August 30, 2024

CVE-2024-3998

5.4
    Muffingroup
  • Betheme
Published: August 30, 2024

CVE-2024-5879

5.4
    Hubspot
  • Hubspot
Published: August 30, 2024

CVE-2024-7122

5.4
    Wpvibes
  • Elementor Addon Elements
Published: August 30, 2024

CVE-2024-8337

5.4
    Rems
  • Contact Manager With Export To Vcf
Published: August 30, 2024

CVE-2024-6585

5.4
    Lightdash
  • Version(s): 0.1024.6
Published: August 30, 2024

CVE-2024-8319

4.3
    Themeific
  • Tourfic
Published: August 30, 2024

CVE-2024-21658

4.3
    Discourse
  • Discourse Calendar
Published: August 30, 2024

CVE-2024-39300

3.7
    Elecom
  • Wab-I1750-Ps Firmware
  • Wab-I1750-Ps
Published: August 30, 2024

CVE-2024-44918

3.5
    SeaCMS
  • Version(s): 12.9
Published: August 30, 2024

CVE-2024-8333

None
    UNKNOWN
Published: August 30, 2024

CVE-2024-7051

None
    UNKNOWN
Published: August 30, 2024

CVE-2024-7712

None
    UNKNOWN
Published: August 30, 2024

CVE-2024-8064

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4424

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4530

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4540

None
    UNKNOWN
Published: August 30, 2024

CVE-2024-42379

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4412

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4528

None
    UNKNOWN
Published: August 30, 2024

CVE-2022-4538

None
    UNKNOWN
Published: August 30, 2024
Click here to see more Vulnerabilities