Tag: 2024-09-25

5 Attack Reports | 158 Vulnerabilities

Attack reports

Analysis of the BlackJack group: techniques, tools, and similarities with Twelve

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…
ransomware
lockbit
2024-09-25
shamoon
twelve
Published: September 25, 2024
Downloadable IOCs: 1

SilentSelfie: Revealing a major campaign against Kurdish websites

A large-scale cyber espionage campaign targeting Kurdish websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple location tracking to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, …
cyber espionage
2024-09-25
watering hole
android malware
kurdish
silentselfie
location tracking
rojava
Published: September 25, 2024
Downloadable IOCs: 0

European Banks Already Under Attack by New Malware Variant

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
banking trojan
dga
mobile malware
2024-09-25
zombinder
exobot
coper
exobotcompact
octo2
Published: September 25, 2024
Downloadable IOCs: 0

Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale

A new cryptojacking campaign targeting Docker Engine API has been discovered, with the ability to move laterally to Docker Swarm, Kubernetes, and SSH servers. The attackers exploit exposed Docker API endpoints to deploy cryptocurrency miners and additional malicious payloads. They utilize Docker Hu…
xmrig
kubernetes
cryptojacking
docker
2024-09-25
container security
docker swarm
Published: September 25, 2024
Downloadable IOCs: 41

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz

Unit42 explores Sniper Dz, a popular phishing-as-a-service (PhaaS) platform targeting social media and online services. Over 140,000 phishing websites associated with Sniper Dz were identified in the past year. The platform offers an admin panel with phishing page catalogs, allowing users to host o…
phishing
phaas
credential theft
2024-09-25
victim tracking
sniper dz
Published: September 25, 2024
Downloadable IOCs: 7
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-8436

9.9
    WP Easy Gallery
  • Version(s): up to 4.8.5
Published: September 25, 2024

CVE-2023-26686

9.8
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2023-26689

9.8
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2024-42505

9.8
    Aruba's Access Point
Published: September 25, 2024

CVE-2024-42506

9.8
    Aruba Access Points
Published: September 25, 2024

CVE-2024-42507

9.8
    Aruba Access Points
  • Version(s): UNKNOWN
Published: September 25, 2024

CVE-2024-42797

9.8
    Kashipara Music Management System
  • Version(s): 1.0
Published: September 25, 2024

CVE-2024-43423

9.8
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-43692

9.8
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-43693

9.8
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-45066

9.8
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-46612

9.8
    IceCMS
  • Version(s): 3.4.7 and before
Published: September 25, 2024

CVE-2024-46957

9.8
    mellium.im/xmpp
  • Version(s): 0.0.1, 0.21.4
Published: September 25, 2024

CVE-2024-8877

9.8
    Riello-Ups
  • Netman 204 Firmware
  • Netman 204
Published: September 25, 2024

CVE-2024-8878

9.8
    Riello-Ups
  • Netman 204 Firmware
  • Netman 204
Published: September 25, 2024

CVE-2024-8940

9.8
    Scriptcase
  • Scriptcase
Published: September 25, 2024

CVE-2024-9142

9.8
    Olgu Computer Systems e-Belediye
  • Version(s): before 2.0.642
Published: September 25, 2024

CVE-2024-8485

9.8
    Jianbo
  • Rest Api To Miniprogram
Published: September 25, 2024

CVE-2024-8275

9.8
    Stellarwp
  • The Events Calendar
Published: September 25, 2024

CVE-2024-7575

9.8
    Telerik
  • Ui For Wpf
Published: September 25, 2024

CVE-2024-7576

9.8
    Telerik
  • Ui For Wpf
Published: September 25, 2024

CVE-2024-47078

9.8
    Meshtastic
  • Meshtastic Firmware
Published: September 25, 2024

CVE-2024-8067

9.4
    Helix Core
  • Version(s): before 2024.1 Patch 2 (2024.1/2655224)
Published: September 25, 2024

CVE-2024-20510

9.3
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-6592

9.1
    Watchguard
  • Authentication Gateway
  • Single Sign-On Client
Published: September 25, 2024

CVE-2024-6593

9.1
    Watchguard
  • Authentication Gateway
Published: September 25, 2024

CVE-2023-26687

8.8
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2023-26690

8.8
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2024-45373

8.8
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-9120

8.8
    Google Chrome
  • Version(s): before 129.0.6668.70
Published: September 25, 2024

CVE-2024-9121

8.8
    Google Chrome
  • Version(s): before 129.0.6668.70
Published: September 25, 2024

CVE-2024-9122

8.8
    Google Chrome
  • Version(s): prior to 129.0.6668.70
Published: September 25, 2024

CVE-2024-8290

8.8
    Wclovers
  • Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
Published: September 25, 2024

CVE-2024-7479

8.8
    TeamViewer Remote Client
  • Version(s): before 15.58.4
Published: September 25, 2024

CVE-2024-7481

8.8
    TeamViewer Remote Clients
  • Version(s): before 15.58.4
Published: September 25, 2024

CVE-2024-20437

8.8
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-46489

8.8
    Ferrislucas
  • Promptr
Published: September 25, 2024

CVE-2024-47305

8.8
    Dineshkarki
  • Use Any Font
Published: September 25, 2024

CVE-2024-47315

8.8
    Givewp
  • Givewp
Published: September 25, 2024

CVE-2024-30128

8.6
    HCL Nomad server on Domino
Published: September 25, 2024

CVE-2024-20455

8.6
    Cisco
  • Ios Xe
  • Ios Xe Sd-Wan
Published: September 25, 2024

CVE-2024-20464

8.6
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-20467

8.6
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-20480

8.6
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-21545

8.2
    Proxmox Virtual Environment
Published: September 25, 2024

CVE-2024-8942

8.2
    Scriptcase
  • Scriptcase
Published: September 25, 2024

CVE-2021-38963

8.0
    Ibm
  • Aspera Console
    Linux
    Microsoft
Published: September 25, 2024

CVE-2024-46461

8.0
    VLC media player
  • Version(s): 3.0.20 and earlier
Published: September 25, 2024

CVE-2024-44678

8.0
    Gigastone TR1 Travel Router R101
  • Version(s): v1.0.2
Published: September 25, 2024

CVE-2024-47082

8.0
    Strawberryrocks
  • Strawberry
Published: September 25, 2024

CVE-2024-7679

7.8
    Telerik
  • Ui For Wpf
Published: September 25, 2024

CVE-2024-8316

7.8
    Telerik
  • Ui For Wpf
Published: September 25, 2024

CVE-2024-8975

7.8
    Grafana
  • Alloy
Published: September 25, 2024

CVE-2024-8996

7.8
    Grafana
  • Agent
    Microsoft
Published: September 25, 2024

CVE-2024-46607

7.6
    IceCMS
  • Version(s): 3.4.7, before 3.4.7
Published: September 25, 2024

CVE-2022-43845

7.5
    Ibm
  • Aspera Console
    Linux
    Microsoft
Published: September 25, 2024

CVE-2023-5359

7.5
    Boldgrid
  • W3 Total Cache
Published: September 25, 2024

CVE-2024-39928

7.5
    Apache Linkis
  • Version(s): <= 1.5.0
Published: September 25, 2024

CVE-2024-46609

7.5
    IceCMS
  • Version(s): 3.4.7 and before
Published: September 25, 2024

CVE-2024-46610

7.5
    Thecosy
  • Icecms
Published: September 25, 2024

CVE-2024-46935

7.5
    Rocket.Chat
  • Rocket.Chat
Published: September 25, 2024

CVE-2024-46936

7.5
    Rocket.Chat
  • Version(s): 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, before 6.7.8
Published: September 25, 2024

CVE-2024-8497

7.5
    Franklin Fueling Systems TS-550 EVO
  • Version(s): before 2.26.4.8967
Published: September 25, 2024

CVE-2024-8484

7.5
    Jianbo
  • Rest Api To Miniprogram
Published: September 25, 2024

CVE-2024-8175

7.5
    CODESYS
Published: September 25, 2024

CVE-2024-31145

7.5
    Xen Hypervisor
Published: September 25, 2024

CVE-2024-31146

7.5
    Xen Hypervisor
  • Version(s): UNKNOWN
Published: September 25, 2024

CVE-2024-6594

7.5
    Watchguard
  • Single Sign-On Client
Published: September 25, 2024

CVE-2024-22892

7.5
    Openslides
  • Openslides
Published: September 25, 2024

CVE-2024-22893

7.5
    OpenSlides
  • Version(s): 4.0.15
Published: September 25, 2024

CVE-2024-44825

7.5
    InVesalius3
  • Version(s): v3.1.99995
Published: September 25, 2024

CVE-2024-20350

7.5
    Cisco Catalyst Center
Published: September 25, 2024

CVE-2024-20433

7.5
    Cisco
  • Ios
  • Ios Xe
Published: September 25, 2024

CVE-2024-20436

7.5
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-41708

7.5
    ada_web_services
  • Version(s): 20.0
Published: September 25, 2024

CVE-2024-47083

7.5
    Microsoft
  • Power Platform Terraform Provider
Published: September 25, 2024

CVE-2024-8481

7.3
    Blogcoding
  • Special Text Boxes
Published: September 25, 2024

CVE-2024-45750

7.3
    TheGreenBow VPN Client for Windows
  • Version(s): 6.87.108, 6.87.109, 7.5.007
    TheGreenBow VPN Client for Android
  • Version(s): 6.4.5
    TheGreenBow VPN Client for Linux
  • Version(s): 3.4
    TheGreenBow VPN Client for MacOS
  • Version(s): 2.4.10
Published: September 25, 2024

CVE-2023-26691

7.2
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2024-8914

7.2
    Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress
  • Version(s): up to 2.0.1
Published: September 25, 2024

CVE-2024-8349

7.2
    Uncannyowl
  • Uncanny Groups For Learndash
Published: September 25, 2024

CVE-2024-7385

7.2
    Freelancer-Coder
  • Wordpress Simple Html Sitemap
Published: September 25, 2024

CVE-2024-8514

7.2
    Prisna
  • Google Website Translator
Published: September 25, 2024

CVE-2024-9123

7.1
    Google Chrome
  • Version(s): before 129.0.6668.70
Published: September 25, 2024

CVE-2024-43959

7.1
    Themepoints Testimonials
  • Version(s): n/a, 3.0.8
Published: September 25, 2024

CVE-2024-38324

6.5
    Ibm
  • Storage Defender
Published: September 25, 2024

CVE-2024-8483

6.5
    Madrasthemes
  • Mas Static Content
Published: September 25, 2024

CVE-2024-8621

6.5
    Mmrs151
  • Daily Prayer Time
Published: September 25, 2024

CVE-2024-6512

6.5
    Devolutions
  • Devolutions Server
Published: September 25, 2024

CVE-2024-20414

6.5
    Cisco
  • Ios Xe
  • Ios
Published: September 25, 2024

CVE-2024-20508

6.5
    Cisco
  • Unified Threat Defense Snort Intrusion Prevention System Engine
Published: September 25, 2024

CVE-2024-41445

6.5
    Ihedvall
  • Mdf Library
Published: September 25, 2024

CVE-2024-8267

6.4
    Radio Player - Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin
  • Version(s): up to 2.0.78
Published: September 25, 2024

CVE-2024-46485

6.3
    dingfanzu CMS
  • Version(s): 1.0
Published: September 25, 2024

CVE-2024-41725

6.1
    Doverfuelingsolutions
  • Progauge Maglink Lx Console Firmware
  • Progauge Maglink Lx Console
  • Progauge Maglink Lx4 Console Firmware
  • Progauge Maglink Lx4 Console
Published: September 25, 2024

CVE-2024-46934

6.1
    Rocket.Chat
  • Rocket.Chat
Published: September 25, 2024

CVE-2024-9148

6.1
    Flowiseai
  • Embed
  • Flowise
Published: September 25, 2024

CVE-2024-7617

6.1
    Itpathsolutions
  • Contact Form To Any Api
Published: September 25, 2024

CVE-2024-8549

6.1
    Xtendify
  • Simple Calendar
Published: September 25, 2024

CVE-2024-8713

6.1
    Pierros
  • Kodex Posts Likes
Published: September 25, 2024

CVE-2024-8741

6.1
    Outtheboxthemes
  • Beam Me Up Scotty
Published: September 25, 2024

CVE-2024-3866

6.1
    Ninjaforms
  • Ninja Forms
Published: September 25, 2024

CVE-2024-45613

6.1
    Ckeditor
  • Ckeditor5
Published: September 25, 2024

CVE-2024-20496

6.1
    Cisco SD-WAN vEdge Software
Published: September 25, 2024

CVE-2024-46655

6.1
    Ellevo
  • Ellevo
Published: September 25, 2024

CVE-2024-20465

5.8
    Cisco
  • Ios
Published: September 25, 2024

CVE-2024-9169

5.5
    LiteSpeed Cache plugin for WordPress
  • Version(s): up to 6.4.1
Published: September 25, 2024

CVE-2024-7421

5.5
    Devolutions
  • Remote Desktop Manager
Published: September 25, 2024

CVE-2024-46488

5.5
    Asg017
  • Sqlite-Vec
Published: September 25, 2024

CVE-2023-26688

5.4
    CS-Cart MultiVendor
  • Version(s): 4.16.1
Published: September 25, 2024

CVE-2024-47048

5.4
    Rocket.Chat
  • Rocket.Chat
Published: September 25, 2024

CVE-2024-7398

5.4
    Concretecms
  • Concrete Cms
Published: September 25, 2024

CVE-2024-8103

5.4
    Gcsdesign
  • Wp Category Dropdown
Published: September 25, 2024

CVE-2024-8917

5.4
    Anwp
  • Football Leagues
Published: September 25, 2024

CVE-2024-8919

5.4
    Wpdeveloperr
  • Confetti Fall Animation
Published: September 25, 2024

CVE-2024-9141

5.4
    Oct8ne
Published: September 25, 2024

CVE-2024-9024

5.4
    Braginteractive
  • Material Design Icons
Published: September 25, 2024

CVE-2024-9027

5.4
    Wpzoom
  • Wpzoom Shortcodes
Published: September 25, 2024

CVE-2024-9028

5.4
    Devfarm
  • Wp Gpx Maps
Published: September 25, 2024

CVE-2024-9068

5.4
    Themexclub
  • Oneelements
Published: September 25, 2024

CVE-2024-9069

5.4
    Graphicsly
  • Graphicsly
Published: September 25, 2024

CVE-2024-9073

5.4
    Gutengeek
  • Free Gutenberg Blocks
Published: September 25, 2024

CVE-2024-8515

5.4
    Themesflat
  • Themesflat Addons For Elementor
Published: September 25, 2024

CVE-2024-8668

5.4
    Hasthemes
  • Woolentor - Woocommerce Elementor Addons \+ Builder
Published: September 25, 2024

CVE-2024-47303

5.4
    Livemeshelementor
  • Addons For Elementor
Published: September 25, 2024

CVE-2024-8858

5.4
    Livemeshelementor
  • Addons For Elementor
Published: September 25, 2024

CVE-2024-8546

5.4
    Wpmet
  • Elementskit Elementor Addons
Published: September 25, 2024

CVE-2024-20475

5.4
    Cisco
  • Catalyst Sd-Wan Manager
Published: September 25, 2024

CVE-2023-51157

5.4
    Zkteco
  • Wdms
Published: September 25, 2024

CVE-2024-8941

5.3
    Scriptcase
  • Scriptcase
Published: September 25, 2024

CVE-2024-7426

5.3
    Peepso
  • Peepso
Published: September 25, 2024

CVE-2024-7491

5.3
    HUSKY - Products Filter Professional for WooCommerce plugin for WordPress
  • Version(s): up to 1.3.6.1
Published: September 25, 2024

CVE-2024-6845

5.3
    Smartsearchwp
  • Smartsearchwp
Published: September 25, 2024

CVE-2024-8658

5.3
    Mycred
  • Mycred
Published: September 25, 2024

CVE-2024-8678

5.3
    Revolut
  • Revolut Gateway For Woocommerce
Published: September 25, 2024

CVE-2024-40761

5.3
    Apache Answer
  • Version(s): through 1.3.5
Published: September 25, 2024

CVE-2024-43237

5.3
    TaxoPress WordPress Tag Cloud Plugin - Tag Groups
  • Version(s): n/a - 2.0.3
Published: September 25, 2024

CVE-2024-43990

5.3
    StylemixThemes Masterstudy LMS Starter
  • Version(s): n/a, 1.1.8
Published: September 25, 2024

CVE-2024-8291

4.8
    Concretecms
  • Concrete Cms
Published: September 25, 2024

CVE-2024-7878

4.8
    Technowich
  • Wp Ulike
Published: September 25, 2024

CVE-2024-46600

4.7
    dingfanzu CMS
  • Version(s): 1.0
Published: September 25, 2024

CVE-2024-8437

4.3
    WP Easy Gallery - WordPress Gallery Plugin
  • Version(s): up to 4.8.5
Published: September 25, 2024

CVE-2024-8801

4.3
    Wedevs
  • Happy Addons For Elementor
Published: September 25, 2024

CVE-2024-6590

4.3
    Javmah
  • Spreadsheet Integration
Published: September 25, 2024

CVE-2024-7386

4.3
    Premium Packages – Sell Digital Products Securely plugin for WordPress
  • Version(s): up to 5.9.1
Published: September 25, 2024

CVE-2024-8434

4.3
    Themehunk
  • Easy Mega Menu Plugin
Published: September 25, 2024

CVE-2024-8476

4.3
    Wpplugin
  • Easy Paypal Events
Published: September 25, 2024

CVE-2024-8516

4.3
    Themesflat
  • Themesflat Addons For Elementor
Published: September 25, 2024

CVE-2024-7892

4.3
    Vladyslavbondarenko
  • Adstxt
Published: September 25, 2024

CVE-2024-8910

4.3
    Hasthemes
  • Ht Mega
Published: September 25, 2024

CVE-2024-20434

4.3
    Cisco
  • Ios Xe
Published: September 25, 2024

CVE-2024-45599

3.8
    Cursor
  • Version(s): before 0.41.0
Published: September 25, 2024

CVE-2023-25189

3.3
    UNKNOWN
Published: September 25, 2024

CVE-2024-8350

2.7
    Uncannyowl
  • Uncanny Groups For Learndash
Published: September 25, 2024

CVE-2024-9063

None
    UNKNOWN
Published: September 25, 2024

CVE-2024-23454

None
    Apache Hadoop
Published: September 25, 2024

CVE-2024-45817

None
    Xen Hypervisor
Published: September 25, 2024

CVE-2024-4657

None
    Talent Software BAP Automation
  • Version(s): before 30840
Published: September 25, 2024
Click here to see more Vulnerabilities