SecuriTricks - 2024-09-09

Attack Reports

Title	Published	Tags	Description	Number of indicators
Atomic macOS Stealer leads sensitive data theft on macOS	Sept. 9, 2024, 11:16 a.m.	malvertising infostealer cryptocurrency macos 2024-09-09 amos atomic macos stealer passwords	The report discusses the Atomic macOS Stealer (AMOS), an infostealer malware targeting macOS systems. It is designed to steal sen…	17
LummaC2 Malware and Malicious Chrome Extension Delivered	Sept. 9, 2024, 9:34 a.m.	malware lummac2 stealer credentials browser 2024-09-09 crypto remote extension control	In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious…	7
Ailurophile Stealer	Sept. 9, 2024, 9:26 a.m.	malware stealer exfiltration credential browser ailurophile stealer 2024-09-09	This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems …	3
Loki: a new private agent for the popular Mythic framework	Sept. 9, 2024, 9:22 a.m.	malware backdoor loader 2024-09-09 mythic agent hellokitty	Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed …	7
Chinese APT Abuses VSCode to Target Government in Asia	Sept. 9, 2024, 9:05 a.m.	apt exfiltration cyberespionage shadowpad poisonplug.shadow toneshell 2024-09-09 credentialtheft reverseshell visualstudiocode	The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespion…	17
Russian Military Cyber Actors Target US and Global Critical Infrastructure	Sept. 9, 2024, 8:02 a.m.	2024-09-09 cadet blizzard whispergate ember bear frozenvista unc2589 uac-0056 gru unit 29155	The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency …	50
APT Lazarus: Eager Crypto Beavers, Video calls and Games	Sept. 9, 2024, 7:53 a.m.	apt lazarus 2024-09-09 beavertail civetq	Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib exami…	85
Enrichment Data: Keeping it Fresh	Sept. 9, 2024, 7:38 a.m.	threat intelligence 2024-09-09 data enrichment	The article discusses the importance of keeping enrichment data up-to-date for analyzing honeypot attacks. Various sources like I…	5

» Click here to see all Attack Reports «

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-6795	10.0	Sept. 9, 2024, 8:15 p.m.	Connex health portal	CWE-89 productsecurity@baxter.com 2024-09-09 CVE-2024-6795
CVE-2024-37288	9.9	Sept. 9, 2024, 9:15 a.m.	Kibana	CWE-502 bressers@elastic.co 2024-09-09 CVE-2024-37288
CVE-2024-8584	9.8	Sept. 9, 2024, 3:15 a.m.	Orca HCM	CWE-284 twcert@cert.org.tw 2024-09-09 CVE-2024-8584
CVE-2024-44721	9.8	Sept. 9, 2024, 4:15 p.m.	SeaCMS	cve@mitre.org CWE-918 2024-09-09 CVE-2024-44721
CVE-2024-44849	9.8	Sept. 9, 2024, 6:15 p.m.	Qualitor	cve@mitre.org CWE-434 2024-09-09 CVE-2024-44849
CVE-2024-40643	9.6	Sept. 9, 2024, 3:15 p.m.	Joplin	security-advisories@github.com CWE-79 2024-09-09 CVE-2024-40643
CVE-2024-42500	9.3	Sept. 9, 2024, 8:15 p.m.	HPE HP-UX System's Network File System (NFSv4) services	security-alert@hpe.com 2024-09-09 CVE-2024-42500
CVE-2024-44333	8.8	Sept. 9, 2024, 5:15 p.m.	D-Link DI-7003GV2	cve@mitre.org CWE-78 2024-09-09 CVE-2024-44333
CVE-2024-44334	8.8	Sept. 9, 2024, 6:15 p.m.	D-Link DI-7003GV2	cve@mitre.org CWE-77 2024-09-09 CVE-2024-44334
CVE-2024-44335	8.8	Sept. 9, 2024, 6:15 p.m.	D-Link DI-7003GV2	cve@mitre.org CWE-77 2024-09-09 CVE-2024-44335
CVE-2024-45411	8.5	Sept. 9, 2024, 7:15 p.m.	Twig	security-advisories@github.com CWE-693 2024-09-09 CVE-2024-45411
CVE-2024-45041	8.3	Sept. 9, 2024, 3:15 p.m.	External Secrets Operator	security-advisories@github.com CWE-269 2024-09-09 CVE-2024-45041
CVE-2024-6796	8.2	Sept. 9, 2024, 8:15 p.m.	Baxter Connex health portal	CWE-284 productsecurity@baxter.com 2024-09-09 CVE-2024-6796
CVE-2024-44720	7.5	Sept. 9, 2024, 4:15 p.m.	SeaCMS	cve@mitre.org CWE-22 2024-09-09 CVE-2024-44720
CVE-2024-45296	7.5	Sept. 9, 2024, 7:15 p.m.	path-to-regexp	security-advisories@github.com CWE-1333 2024-09-09 CVE-2024-45296
CVE-2024-6572	7.4	Sept. 9, 2024, 10:15 a.m.	Checkmk	CWE-322 security@checkmk.com 2024-09-09 CVE-2024-6572
CVE-2024-44724	7.2	Sept. 9, 2024, 8:15 p.m.	AutoCMS	cve@mitre.org CWE-94 2024-09-09 CVE-2024-44724
CVE-2024-44725	7.2	Sept. 9, 2024, 8:15 p.m.	AutoCMS	cve@mitre.org CWE-89 2024-09-09 CVE-2024-44725
CVE-2024-7341	7.1	Sept. 9, 2024, 7:15 p.m.	Keycloak	secalert@redhat.com CWE-384 2024-09-09 CVE-2024-7341
CVE-2024-27383	6.7	Sept. 9, 2024, 8:15 p.m.	Samsung Mobile Processor Exynos 980	cve@mitre.org 2024-09-09 CVE-2024-27383
CVE-2024-27387	6.7	Sept. 9, 2024, 8:15 p.m.	Samsung Mobile Processor Exynos 980	cve@mitre.org 2024-09-09 CVE-2024-27387
CVE-2024-8585	6.5	Sept. 9, 2024, 3:15 a.m.	Orca HCM	CWE-22 twcert@cert.org.tw 2024-09-09 CVE-2024-8585
CVE-2024-7688	6.5	Sept. 9, 2024, 6:15 a.m.	AZIndex WordPress plugin	contact@wpscan.com CWE-352 2024-09-09 CVE-2024-7688
CVE-2024-8611	6.3	Sept. 9, 2024, 9:15 p.m.	Tailoring Management System	CWE-89 cna@vuldb.com 2024-09-09 CVE-2024-8611
CVE-2024-8586	6.1	Sept. 9, 2024, 3:15 a.m.	WebITR	CWE-601 twcert@cert.org.tw 2024-09-09 CVE-2024-8586
CVE-2024-7687	6.1	Sept. 9, 2024, 6:15 a.m.	AZIndex WordPress plugin	CWE-79 contact@wpscan.com 2024-09-09 CVE-2024-7687
CVE-2024-45406	5.5	Sept. 9, 2024, 5:15 p.m.	Craft CMS	security-advisories@github.com CWE-79 2024-09-09 CVE-2024-45406
CVE-2024-6910	4.8	Sept. 9, 2024, 6:15 a.m.	EventON WordPress plugin	CWE-79 contact@wpscan.com 2024-09-09 CVE-2024-6910
CVE-2024-7918	4.8	Sept. 9, 2024, 6:15 a.m.	Pocket Widget WordPress plugin	CWE-79 contact@wpscan.com 2024-09-09 CVE-2024-7918
CVE-2024-8372	4.8	Sept. 9, 2024, 3:15 p.m.	AngularJS	36c7be3b-2937-45df-85ea-ca7133ea542c CWE-1289 2024-09-09 CVE-2024-8372
CVE-2024-8373	4.8	Sept. 9, 2024, 3:15 p.m.	AngularJS	36c7be3b-2937-45df-85ea-ca7133ea542c CWE-791 2024-09-09 CVE-2024-8373
CVE-2024-7318	4.8	Sept. 9, 2024, 7:15 p.m.	Keycloak	secalert@redhat.com CWE-324 2024-09-09 CVE-2024-7318
CVE-2024-7689	4.7	Sept. 9, 2024, 6:15 a.m.	Snapshot Backup WordPress plugin	contact@wpscan.com 2024-09-09 CVE-2024-7689
CVE-2024-7260	4.4	Sept. 9, 2024, 7:15 p.m.	Keycloak	secalert@redhat.com CWE-601 2024-09-09 CVE-2024-7260
CVE-2024-27364	4.4	Sept. 9, 2024, 8:15 p.m.	Mobile Processor	cve@mitre.org 2024-09-09 CVE-2024-27364
CVE-2024-27366	4.4	Sept. 9, 2024, 8:15 p.m.	Samsung Exynos Mobile Processor	cve@mitre.org 2024-09-09 CVE-2024-27366
CVE-2024-27367	4.4	Sept. 9, 2024, 8:15 p.m.	Samsung Mobile Processor	cve@mitre.org 2024-09-09 CVE-2024-27367
CVE-2024-27368	4.4	Sept. 9, 2024, 8:15 p.m.	Samsung Mobile Processor Exynos	cve@mitre.org 2024-09-09 CVE-2024-27368
CVE-2024-27365	4.4	Sept. 9, 2024, 9:15 p.m.	Samsung Exynos Processors	cve@mitre.org 2024-09-09 CVE-2024-27365
CVE-2024-8604	4.3	Sept. 9, 2024, 4:15 p.m.	SourceCodester Online Food Ordering System	CWE-79 cna@vuldb.com 2024-09-09 CVE-2024-8604
CVE-2024-8605	4.3	Sept. 9, 2024, 4:15 p.m.	code-projects Inventory Management	CWE-79 cna@vuldb.com 2024-09-09 CVE-2024-8605
CVE-2024-8610	3.5	Sept. 9, 2024, 9:15 p.m.	SourceCodester Best House Rental Management System	CWE-79 cna@vuldb.com 2024-09-09 CVE-2024-8610
CVE-2024-8042	2.4	Sept. 9, 2024, 3:15 p.m.	Rapid7 Insight Platform	CWE-862 cve@rapid7.com 2024-09-09 CVE-2024-8042
CVE-2024-45625	None	Sept. 9, 2024, 5:15 a.m.	Forminator	vultures@jpcert.or.jp 2024-09-09 CVE-2024-45625
CVE-2024-5561	None	Sept. 9, 2024, 6:15 a.m.	Popup Maker WordPress plugin	contact@wpscan.com 2024-09-09 CVE-2024-5561
CVE-2024-45203	None	Sept. 9, 2024, 7:15 a.m.	@cosme App for Android	vultures@jpcert.or.jp 2024-09-09 CVE-2024-45203
CVE-2024-8601	None	Sept. 9, 2024, 10:15 a.m.	TechExcel Back Office Software	CWE-639 vdisclose@cert-in.org.in 2024-09-09 CVE-2024-8601
CVE-2024-44375	None	Sept. 9, 2024, 2:15 p.m.	D-Link DI-8100	cve@mitre.org 2024-09-09 CVE-2024-44375
CVE-2024-7015	None	Sept. 9, 2024, 2:15 p.m.	PassBox	CWE-285 iletisim@usom.gov.tr 2024-09-09 CVE-2024-7015
CVE-2024-24510	None	Sept. 9, 2024, 7:15 p.m.	Alinto SOGo	cve@mitre.org 2024-09-09 CVE-2024-24510
CVE-2024-42759	None	Sept. 9, 2024, 7:15 p.m.	Ellevo	cve@mitre.org 2024-09-09 CVE-2024-42759
CVE-2023-50883	None	Sept. 9, 2024, 8:15 p.m.	ONLYOFFICE Docs	cve@mitre.org 2024-09-09 CVE-2023-50883
CVE-2024-44085	None	Sept. 9, 2024, 8:15 p.m.	ONLYOFFICE Docs	cve@mitre.org 2024-09-09 CVE-2024-44085
CVE-2024-44902	None	Sept. 9, 2024, 8:15 p.m.	ThinkPHP	cve@mitre.org 2024-09-09 CVE-2024-44902
CVE-2024-44410	None	Sept. 9, 2024, 9:15 p.m.	D-Link DI-8300	cve@mitre.org 2024-09-09 CVE-2024-44410
CVE-2024-44411	None	Sept. 9, 2024, 9:15 p.m.	D-Link DI-8300	cve@mitre.org 2024-09-09 CVE-2024-44411

» Click here to see all Vulnerabilities «

Tag : 2024-09-09