SecuriTricks - 2024-09-19

Attack Reports

Title	Published	Tags	Description	Number of indicators
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog	Sept. 19, 2024, 7:34 p.m.	darkgate dcrat webdav 2024-09-19 marko polo zgrat google cloud clearfake emmenhtal peaklight selfau3	The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is…	120
SambaSpy – a new RAT targeting Italian users	Sept. 19, 2024, 7:35 a.m.	rat phishing java 2024-09-19 credential stealing sambaspy	A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed Samba…	24
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors	Sept. 19, 2024, 7:33 a.m.	rat cryptocurrency macos poolrat pondrat 2024-09-19 applejeus	Unit 42 researchers have uncovered an ongoing campaign involving poisoned Python packages that deliver Linux and macOS backdoors.…	16

» Click here to see all Attack Reports «

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-33109	9.9	Sept. 19, 2024, 7:15 p.m.	Tiptel IP 286	cve@mitre.org 2024-09-19 CVE-2024-33109
CVE-2024-46946	9.8	Sept. 19, 2024, 5:15 a.m.	LangChain Experimental	cve@mitre.org CWE-20 2024-09-19 CVE-2024-46946
CVE-2024-8963	9.4	Sept. 19, 2024, 6:15 p.m.	Ivanti CSA	CWE-22 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 2024-09-19 CVE-2024-8963
CVE-2024-7736	8.7	Sept. 19, 2024, 4:15 p.m.	ENOVIA Collaborative Industry Innovator	CWE-79 3DS.Information-Security@3ds.com 2024-09-19 CVE-2024-7736
CVE-2024-7737	8.7	Sept. 19, 2024, 4:15 p.m.	3DSwym	CWE-79 3DS.Information-Security@3ds.com 2024-09-19 CVE-2024-7737
CVE-2024-45752	8.5	Sept. 19, 2024, 4:15 p.m.	logiops	cve@mitre.org CWE-269 2024-09-19 CVE-2024-45752
CVE-2024-46394	8.0	Sept. 19, 2024, 2:15 p.m.	FrogCMS	cve@mitre.org CWE-352 2024-09-19 CVE-2024-46394
CVE-2024-38016	7.8	Sept. 19, 2024, 5:15 p.m.	Microsoft Office Visio	CWE-284 secure@microsoft.com 2024-09-19 CVE-2024-38016
CVE-2024-8698	7.7	Sept. 19, 2024, 4:15 p.m.	Keycloak	secalert@redhat.com CWE-347 2024-09-19 CVE-2024-8698
CVE-2024-40125	7.3	Sept. 19, 2024, 7:15 p.m.	Closed-Loop Technology CLESS Server	cve@mitre.org CWE-94 2024-09-19 CVE-2024-40125
CVE-2024-8883	6.8	Sept. 19, 2024, 4:15 p.m.	Keycloak	secalert@redhat.com CWE-601 2024-09-19 CVE-2024-8883
CVE-2024-46382	6.5	Sept. 19, 2024, 1:15 p.m.	linlinjava litemall	cve@mitre.org CWE-89 2024-09-19 CVE-2024-46382
CVE-2024-43489	6.5	Sept. 19, 2024, 9:15 p.m.	Microsoft Edge (Chromium-based)	CWE-843 secure@microsoft.com 2024-09-19 CVE-2024-43489
CVE-2024-43496	6.5	Sept. 19, 2024, 9:15 p.m.	Microsoft Edge	CWE-787 secure@microsoft.com 2024-09-19 CVE-2024-43496
CVE-2024-8364	6.4	Sept. 19, 2024, 4:15 a.m.	WP Custom Fields Search plugin for WordPress	CWE-79 security@wordfence.com 2024-09-19 CVE-2024-8364
CVE-2024-9001	6.3	Sept. 19, 2024, 8:15 p.m.	TOTOLINK T10	CWE-78 cna@vuldb.com 2024-09-19 CVE-2024-9001
CVE-2024-9004	6.3	Sept. 19, 2024, 9:15 p.m.	D-Link DAR-7000	CWE-78 cna@vuldb.com 2024-09-19 CVE-2024-9004
CVE-2024-8850	6.1	Sept. 19, 2024, 4:15 a.m.	MC4WP: Mailchimp for WordPress plugin	CWE-79 security@wordfence.com 2024-09-19 CVE-2024-8850
CVE-2024-45769	5.5	Sept. 19, 2024, 9:15 a.m.	Performance Co-Pilot (PCP)	secalert@redhat.com CWE-787 2024-09-19 CVE-2024-45769
CVE-2022-4533	5.3	Sept. 19, 2024, 4:15 a.m.	Limit Login Attempts Plus plugin for WordPress	security@wordfence.com CWE-348 2024-09-19 CVE-2022-4533
CVE-2024-8354	4.7	Sept. 19, 2024, 11:15 a.m.	QEMU	secalert@redhat.com CWE-617 2024-09-19 CVE-2024-8354
CVE-2024-45770	4.4	Sept. 19, 2024, 9:15 a.m.	Performance Co-Pilot (PCP)	secalert@redhat.com CWE-59 2024-09-19 CVE-2024-45770
CVE-2024-47159	4.3	Sept. 19, 2024, 6:15 p.m.	JetBrains YouTrack	CWE-863 cve@jetbrains.com 2024-09-19 CVE-2024-47159
CVE-2024-47160	4.3	Sept. 19, 2024, 6:15 p.m.	JetBrains YouTrack	CWE-863 cve@jetbrains.com 2024-09-19 CVE-2024-47160
CVE-2024-38221	4.3	Sept. 19, 2024, 9:15 p.m.	Microsoft Edge (Chromium-based)	CWE-79 secure@microsoft.com 2024-09-19 CVE-2024-38221
CVE-2024-9003	4.3	Sept. 19, 2024, 9:15 p.m.	JFlow	CWE-284 cna@vuldb.com 2024-09-19 CVE-2024-9003
CVE-2024-47162	4.1	Sept. 19, 2024, 6:15 p.m.	JetBrains YouTrack	CWE-522 cve@jetbrains.com 2024-09-19 CVE-2024-47162
CVE-2024-7254	None	Sept. 19, 2024, 1:15 a.m.	Protocol Buffers	CWE-20 cve-coordination@google.com 2024-09-19 CVE-2024-7254
CVE-2024-47085	None	Sept. 19, 2024, 6:15 a.m.	LD DP Back Office	vdisclose@cert-in.org.in CWE-359 2024-09-19 CVE-2024-47085
CVE-2024-47086	None	Sept. 19, 2024, 6:15 a.m.	LD DP Back Office	vdisclose@cert-in.org.in 2024-09-19 CVE-2024-47086 CWE-302
CVE-2024-47087	None	Sept. 19, 2024, 7:15 a.m.	Apex Softcell LD Geo	vdisclose@cert-in.org.in CWE-359 2024-09-19 CVE-2024-47087
CVE-2024-47088	None	Sept. 19, 2024, 7:15 a.m.	Apex Softcell LD Geo	vdisclose@cert-in.org.in CWE-307 2024-09-19 CVE-2024-47088
CVE-2024-47089	None	Sept. 19, 2024, 7:15 a.m.	Apex Softcell LD Geo	CWE-354 vdisclose@cert-in.org.in 2024-09-19 CVE-2024-47089
CVE-2024-8986	None	Sept. 19, 2024, 11:15 a.m.	Grafana	CWE-522 security@grafana.com 2024-09-19 CVE-2024-8986
CVE-2024-7785	None	Sept. 19, 2024, 2:15 p.m.	Electronic Ticket System	CWE-79 iletisim@usom.gov.tr 2024-09-19 CVE-2024-7785
CVE-2024-45861	None	Sept. 19, 2024, 4:15 p.m.	Kastle Systems firmware	CWE-798 ics-cert@hq.dhs.gov 2024-09-19 CVE-2024-45861
CVE-2024-45862	None	Sept. 19, 2024, 4:15 p.m.	Kastle Systems firmware	ics-cert@hq.dhs.gov CWE-312 2024-09-19 CVE-2024-45862
CVE-2024-8375	None	Sept. 19, 2024, 4:15 p.m.	Reverb	cve-coordination@google.com CWE-502 2024-09-19 CVE-2024-8375
CVE-2024-31570	None	Sept. 19, 2024, 5:15 p.m.	FreeImage	cve@mitre.org 2024-09-19 CVE-2024-31570
CVE-2024-8651	None	Sept. 19, 2024, 5:15 p.m.	NetCat CMS	CWE-204 vulnerability@kaspersky.com 2024-09-19 CVE-2024-8651
CVE-2024-8652	None	Sept. 19, 2024, 5:15 p.m.	NetCat CMS	CWE-79 vulnerability@kaspersky.com 2024-09-19 CVE-2024-8652
CVE-2024-8653	None	Sept. 19, 2024, 5:15 p.m.	NetCat CMS	CWE-79 vulnerability@kaspersky.com 2024-09-19 CVE-2024-8653
CVE-2024-25673	None	Sept. 19, 2024, 7:15 p.m.	Couchbase Server	cve@mitre.org 2024-09-19 CVE-2024-25673

» Click here to see all Vulnerabilities «

Tag : 2024-09-19