Tag: 2024-09-20

9 Attack Reports | 47 Vulnerabilities

Attack reports

Russia-linked crypto threat actor involved in political spoofing tracked

A Russia-linked threat actor is deploying domains for crypto scams targeting the US Presidential Election and prominent tech brands. The scams involve fake Bitcoin and Ethereum giveaways, asking users to send coins to attacker-controlled wallets with false promises of doubling returns. A large clus…
phishing
cryptocurrency
2024-09-20
political spoofing
us elections
Published: September 20, 2024
Downloadable IOCs: 6

Derailing the Raptor Train

A large, multi-tiered botnet called Raptor Train, likely operated by Chinese threat actors Flax Typhoon, has been discovered. Consisting of over 60,000 compromised SOHO and IoT devices at its peak, it's one of the largest Chinese state-sponsored IoT botnets to date. The botnet uses a sophisticated …
ddos
iot
botnet
2024-09-20
raptor train
Published: September 20, 2024
Linked vulnerabilities : CVE-2024-21887
Downloadable IOCs: 198

Kimsuky: A Gift That Keeps on Giving

This analysis details a sophisticated cyber attack attributed to the North Korean-linked Kimsuky APT group. The attack begins with an LNK file, leading to the execution of obfuscated VBS scripts. These scripts create scheduled tasks, modify registry keys for persistence, and establish communication…
espionage
north korea
kimsuky
2024-09-20
Published: September 20, 2024
Downloadable IOCs: 2

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Earth Baxia, a suspected China-based threat actor, targeted government organizations, telecommunication businesses, and the energy industry in multiple Asia-Pacific countries. The group employed sophisticated techniques, including spear-phishing emails and exploitation of a GeoServer vulnerability …
cobalt strike
geoserver
2024-09-20
spear-phishing
ripcoy
eagledoor
Published: September 20, 2024
Downloadable IOCs: 29

Supershell Malware Being Distributed to Linux SSH Servers

A Chinese-developed Go-based backdoor called Supershell is targeting poorly managed Linux SSH servers. The malware, which supports multiple platforms, primarily functions as a reverse shell for remote system control. Attackers use dictionary attacks from various IP addresses to gain access, then in…
xmrig
ssh
2024-09-20
cryptocurrency mining
supershell
Published: September 20, 2024
Downloadable IOCs: 5

Unicorn: New Spy Scripts Steal Data from Russian Companies

A new malware campaign targeting Russian energy companies, factories, and electronic component suppliers has been detected. The malware, distributed via email attachments or Yandex Disk links, uses RAR archives containing LNK files to download and execute malicious HTA files. These files create VBS…
data theft
2024-09-20
unicorn
Published: September 20, 2024
Downloadable IOCs: 2

Black Basta Ransomware: What You Need to Know

Black Basta is a ransomware-as-a-service group that emerged in April 2022, known for double extortion tactics. They target organizations globally, particularly in North America, Europe, and Australia, affecting over 500 entities across various industries. Initial access is gained through phishing, …
ransomware
black basta
2024-09-20
Published: September 20, 2024
Linked vulnerabilities : CVE-2021-42287, CVE-2021-42278, CVE-2024-1709, CVE-2021-34527, CVE-2020-1472, CVE-2024-26169
Downloadable IOCs: 82

Deep Fake Crypto Scams

Cybercriminals exploited the U.S. presidential debate to launch a cryptocurrency scam using deep fake videos. The scam featured fake streams on hijacked YouTube channels, claiming to show Elon Musk and Donald Trump debating Kamala Harris. The videos directed viewers to invest in cryptocurrency duri…
cryptocurrency
2024-09-20
deep fake
presidential debate
Published: September 20, 2024
Downloadable IOCs: 24

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks

UNC1860 is an Iranian state-sponsored threat actor likely affiliated with Iran's Ministry of Intelligence and Security. It employs specialized tools and passive backdoors to gain initial access and persistent network access, particularly targeting government and telecommunications sectors in the Mi…
2024-09-20
oatboat
basewalk
unc1860
Published: September 20, 2024
Linked vulnerabilities : CVE-2019-0604
Downloadable IOCs: 22
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-9009

9.8
    Fabianros
  • Online Quiz Site
Published: September 20, 2024

CVE-2024-9011

9.8
    Code-Projects
  • Crud Operation System
Published: September 20, 2024

CVE-2024-8853

9.8
    Medialibs
  • Webo-Facto
Published: September 20, 2024

CVE-2024-9043

9.8
    Cellopoint
  • Secure Email Gateway
Published: September 20, 2024

CVE-2024-46652

9.8
    Tenda AC8v4
Published: September 20, 2024

CVE-2024-9038

9.8
    Codezips
  • Online Shopping Portal
Published: September 20, 2024

CVE-2024-9039

9.8
    Mayurik
  • Best House Rental Management System
Published: September 20, 2024

CVE-2024-45489

9.8
    Arc
Published: September 20, 2024

CVE-2024-46101

9.8
    GDidees CMS
Published: September 20, 2024

CVE-2024-46103

9.8
    SEMCMS
Published: September 20, 2024

CVE-2024-46640

9.8
    SeaCMS
Published: September 20, 2024

CVE-2024-9032

8.8
    Oretnom23
  • Simple Forum\/Discussion System
Published: September 20, 2024

CVE-2024-9041

8.8
    Mayurik
  • Best House Rental Management System
Published: September 20, 2024

CVE-2023-47480

8.4
    Pure Data
Published: September 20, 2024

CVE-2024-47061

8.3
    Plate
Published: September 20, 2024

CVE-2024-41721

8.1
    FreeBSD
Published: September 20, 2024

CVE-2024-42346

7.6
    Galaxy
Published: September 20, 2024

CVE-2024-45807

7.5
    Envoyproxy
  • Envoy
Published: September 20, 2024

CVE-2024-45809

7.5
    Envoyproxy
  • Envoy
Published: September 20, 2024

CVE-2024-45810

7.5
    Envoyproxy
  • Envoy
Published: September 20, 2024

CVE-2024-47000

7.5
    Zitadel
  • Zitadel
Published: September 20, 2024

CVE-2024-46645

7.5
    eNMS
Published: September 20, 2024

CVE-2024-46648

7.5
    eNMS
Published: September 20, 2024

CVE-2024-46649

7.5
    eNMS
Published: September 20, 2024

CVE-2024-9034

7.3
    code-projects Patient Record Management System
Published: September 20, 2024

CVE-2024-9035

7.3
    Blood Bank Management System
Published: September 20, 2024

CVE-2024-9037

7.3
    Codezips Internal Marks Calculation
Published: September 20, 2024

CVE-2024-45229

6.6
    Versa Director
Published: September 20, 2024

CVE-2024-45806

6.5
    Envoyproxy
  • Envoy
Published: September 20, 2024

CVE-2024-45808

6.5
    Envoyproxy
  • Envoy
Published: September 20, 2024

CVE-2024-46999

6.5
    Zitadel
  • Zitadel
Published: September 20, 2024

CVE-2024-47060

6.5
    Zitadel
  • Zitadel
Published: September 20, 2024

CVE-2024-42351

6.5
    Galaxy
Published: September 20, 2024

CVE-2024-46644

6.5
    eNMS
Published: September 20, 2024

CVE-2024-46646

6.5
    eNMS
Published: September 20, 2024

CVE-2024-46647

6.5
    eNMS
Published: September 20, 2024

CVE-2024-9036

6.3
    itsourcecode Online Bookstore
Published: September 20, 2024

CVE-2024-42697

6.1
    Leo Product Search Module
Published: September 20, 2024

CVE-2024-9040

5.5
    Code-Projects
  • Blood Bank Management System
Published: September 20, 2024

CVE-2024-9030

5.4
    Workdo
  • Crmgo Saas
Published: September 20, 2024

CVE-2024-9031

5.4
    Workdo
  • Crmgo Saas
Published: September 20, 2024

CVE-2024-9033

5.4
    Mayurik
  • Best House Rental Management System
Published: September 20, 2024

CVE-2024-46654

4.8
    Maccms10
Published: September 20, 2024

CVE-2024-45793

4.8
    Confidant
Published: September 20, 2024

CVE-2024-8612

3.8
    QEMU
Published: September 20, 2024

CVE-2024-37879

None
    User-friendly SVN (USVN)
Published: September 20, 2024

CVE-2024-47062

None
    Navidrome
Published: September 20, 2024
Click here to see more Vulnerabilities