Tag: 2024-09-26

5 Attack Reports | 120 Vulnerabilities

Attack reports

WalletConnect Scam: A Case Study in Crypto Drainer Tactics

An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a legitimate WalletConnect tool, used advanced evasion techniques to avoid detection for nearly five months. It achieved over 10,000 downloads through fake reviews and brandi…
android
cryptocurrency
mobile malware
2024-09-26
ms drainer
Published: September 26, 2024
Downloadable IOCs: 6

Unraveling Tool Set: KLogEXE and FPSpy

Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsen…
2024-09-26
fpspy
klogexe
Published: September 26, 2024
Downloadable IOCs: 8

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsen…
2024-09-26
fpspy
klogexe
Published: September 26, 2024
Downloadable IOCs: 0

A hard look at BBTok

This analysis dissects the infection chain of BBTok, a Brazilian-targeted threat. The malware utilizes an ISO image containing a shortcut file and various components. It employs the Microsoft Build Engine to compile and execute malicious C# code on the victim's machine. The core component, Trammy.d…
bbtok
2024-09-26
Published: September 26, 2024
Downloadable IOCs: 19

BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell

This analysis dissects the infection chain of BBTok, a Brazilian-targeted threat. The malware utilizes an ISO image containing a shortcut file and various components. It employs the Microsoft Build Engine to compile and execute malicious C# code on the victim's machine. The core component, Trammy.d…
bbtok
2024-09-26
Published: September 26, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-7772

9.8
    Artbees
  • Jupiter X Core
Published: September 26, 2024

CVE-2024-7781

9.8
    Artbees
  • Jupiter X Core
Published: September 26, 2024

CVE-2024-7108

9.8
    Nationalkeep
  • Cybermath
Published: September 26, 2024

CVE-2024-46628

9.8
    Tendacn
  • G3 Firmware
  • G3
Published: September 26, 2024

CVE-2024-46627

9.1
    DATAGERRY
Published: September 26, 2024

CVE-2024-47177

9.0
    CUPS
    cups-filters
Published: September 26, 2024

CVE-2024-47330

8.8
    Supsystic
  • Slider
  • Social Share Buttons
Published: September 26, 2024

CVE-2024-8126

8.8
    Advancedfilemanager
  • Advanced File Manager
Published: September 26, 2024

CVE-2024-45979

8.8
    Lines Police CAD
Published: September 26, 2024

CVE-2024-45980

8.8
    MEANStore
Published: September 26, 2024

CVE-2024-45981

8.8
    BookReviewLibrary
Published: September 26, 2024

CVE-2024-45982

8.8
    scheduleR
Published: September 26, 2024

CVE-2024-47126

8.8
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47169

8.8
    Agnai
Published: September 26, 2024

CVE-2024-47179

8.8
    RSSHub
Published: September 26, 2024

CVE-2024-47180

8.8
    Shields.io
Published: September 26, 2024

CVE-2024-47076

8.6
    CUPS
Published: September 26, 2024

CVE-2024-47175

8.6
    CUPS
Published: September 26, 2024

CVE-2024-41605

8.4
    Foxit PDF Reader
Published: September 26, 2024

CVE-2024-0132

8.3
    Nvidia
  • Nvidia Container Toolkit
  • Nvidia Gpu Operator
    Linux
Published: September 26, 2024

CVE-2023-52946

8.2
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2024-46328

8.0
    VONETS VAP11G-300
Published: September 26, 2024

CVE-2024-46329

8.0
    VONETS VAP11G-300
Published: September 26, 2024

CVE-2024-8404

7.8
    Papercut
  • Papercut Mf
  • Papercut Ng
Published: September 26, 2024

CVE-2022-49038

7.8
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2024-47045

7.8
    NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Home GateWay/Hikari Denwa routers
    NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Home GateWay/Hikari Denwa routers
    e-Tax software
Published: September 26, 2024

CVE-2024-47197

7.5
    Apache
  • Maven Archetype
Published: September 26, 2024

CVE-2024-9199

7.5
    Clibomanager
  • Clibo Manager
Published: September 26, 2024

CVE-2024-7107

7.5
    Nationalkeep
  • Cybermath
Published: September 26, 2024

CVE-2024-37125

7.5
    Dell SmartFabric OS10 Software
Published: September 26, 2024

CVE-2024-44860

7.5
    Solvait
Published: September 26, 2024

CVE-2024-7594

7.5
    Vault
Published: September 26, 2024

CVE-2024-46330

7.4
    VONETS VAP11G-300
Published: September 26, 2024

CVE-2024-40506

7.3
    openPetra
Published: September 26, 2024

CVE-2024-40507

7.3
    openPetra
Published: September 26, 2024

CVE-2024-40508

7.3
    openPetra
Published: September 26, 2024

CVE-2024-8704

7.2
    Advancedfilemanager
  • Advanced File Manager
Published: September 26, 2024

CVE-2024-43191

7.2
    IBM ManageIQ
Published: September 26, 2024

CVE-2024-39577

7.1
    Dell SmartFabric OS10 Software
Published: September 26, 2024

CVE-2022-49039

6.7
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2024-30134

6.7
    HCL Traveler for Microsoft Outlook
Published: September 26, 2024

CVE-2024-6769

6.7
    Microsoft Windows
Published: September 26, 2024

CVE-2022-49037

6.5
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2024-45372

6.5
    Planex
  • Mzk-Dp300n Firmware
  • Mzk-Dp300n
Published: September 26, 2024

CVE-2024-47003

6.5
    Mattermost
  • Mattermost Server
Published: September 26, 2024

CVE-2024-41722

6.5
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-43108

6.5
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-43694

6.5
    Gotenna
  • Atak Plugin
Published: September 26, 2024

CVE-2024-45374

6.5
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-45723

6.5
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-45987

6.5
    Online Voting System Project
  • Online Voting System
Published: September 26, 2024

CVE-2024-47121

6.5
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47122

6.5
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47124

6.5
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47130

6.5
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47075

6.4
    LayUI
Published: September 26, 2024

CVE-2024-45983

6.3
    kishan0725's Hospital Management System
Published: September 26, 2024

CVE-2024-8803

6.1
    Madfishdigital
  • Bulk Noindex \& Nofollow Toolkit
Published: September 26, 2024

CVE-2024-45836

6.1
    Planex
  • Cs-Qr10 Firmware
  • Cs-Qr10
  • Cs-Qr20 Firmware
  • Cs-Qr20
  • Cs-Qr22 Firmware
  • Cs-Qr22
  • Cs-Qr220 Firmware
  • Cs-Qr220
  • Cs-Qr300 Firmware
  • Cs-Qr300
Published: September 26, 2024

CVE-2024-6517

6.1
    Dotsquares
  • Contact Form 7 Math Captcha
Published: September 26, 2024

CVE-2024-8872

6.1
    Bizswoop
  • Store Hours For Woocommerce
Published: September 26, 2024

CVE-2022-4541

6.1
    Nitinmaurya
  • Wordpress Visitors
Published: September 26, 2024

CVE-2024-47174

5.9
    Nix Package Manager
Published: September 26, 2024

CVE-2024-46327

5.7
    VONETS VAP11G-300
Published: September 26, 2024

CVE-2024-8405

5.5
    Papercut
  • Papercut Mf
  • Papercut Ng
Published: September 26, 2024

CVE-2023-52949

5.5
    Synology
  • Active Backup For Business Agent
Published: September 26, 2024

CVE-2024-8723

5.4
    Wangbin
  • 012 Ps Multi Languages
Published: September 26, 2024

CVE-2024-42406

5.4
    Mattermost
  • Mattermost Server
Published: September 26, 2024

CVE-2024-45843

5.4
    Mattermost
  • Mattermost Server
Published: September 26, 2024

CVE-2024-8861

5.4
    Metagauss
  • Profilegrid
Published: September 26, 2024

CVE-2024-9115

5.4
    Chetanvaghela
  • Common Tools For Site
Published: September 26, 2024

CVE-2024-9117

5.4
    Mapplic
  • Mapplic
Published: September 26, 2024

CVE-2024-9125

5.4
    Kingblack
  • King Ie
Published: September 26, 2024

CVE-2024-9127

5.4
    Codecabin
  • Super Testimonials
Published: September 26, 2024

CVE-2024-9173

5.4
    Alefypimentel
  • Gf Custom Style
Published: September 26, 2024

CVE-2024-9198

5.4
    Clibomanager
  • Clibo Manager
Published: September 26, 2024

CVE-2024-8725

5.4
    Advancedfilemanager
  • Advanced File Manager
Published: September 26, 2024

CVE-2024-9177

5.4
    Themedy
  • Toolbox
Published: September 26, 2024

CVE-2024-47125

5.4
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-45986

5.4
    Projectworld Online Voting System
Published: September 26, 2024

CVE-2023-52950

5.3
    Synology
  • Active Backup For Business Agent
Published: September 26, 2024

CVE-2024-47044

5.3
    Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
Published: September 26, 2024

CVE-2024-9025

5.3
    Codesupply
  • Sight
Published: September 26, 2024

CVE-2024-39319

5.3
    aimeos/ai-controller-frontend
Published: September 26, 2024

CVE-2024-47176

5.3
    CUPS
Published: September 26, 2024

CVE-2024-4099

5.3
    Gitlab
  • Gitlab
Published: September 26, 2024

CVE-2023-52948

5.0
    Synology
  • Active Backup For Business Agent
Published: September 26, 2024

CVE-2024-8633

4.8
    10web
  • Form Maker
Published: September 26, 2024

CVE-2024-45984

4.7
    Blood Bank And Donation Management System
Published: September 26, 2024

CVE-2024-45985

4.7
    Blood Bank and Donation Management System
Published: September 26, 2024

CVE-2022-49040

4.4
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2022-49041

4.4
    Synology
  • Drive Client
Published: September 26, 2024

CVE-2023-46175

4.4
    IBM Cloud Pak for Multicloud Management
Published: September 26, 2024

CVE-2024-7259

4.4
    oVirt
Published: September 26, 2024

CVE-2024-45042

4.4
    Ory Kratos
Published: September 26, 2024

CVE-2024-8552

4.3
    Wpchill
  • Download Monitor
Published: September 26, 2024

CVE-2024-47145

4.3
    Mattermost
  • Mattermost Server
Published: September 26, 2024

CVE-2024-47337

4.3
    Joy Of Text Lite
Published: September 26, 2024

CVE-2024-31899

4.3
    IBM Cognos Command Center
Published: September 26, 2024

CVE-2024-9155

4.3
    Mattermost
Published: September 26, 2024

CVE-2024-46632

4.3
    Assimp
Published: September 26, 2024

CVE-2024-8771

4.3
    Email Subscribers by Icegram
Published: September 26, 2024

CVE-2024-41715

4.3
    Gotenna
  • Atak Plugin
Published: September 26, 2024

CVE-2024-41931

4.3
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-43814

4.3
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-45838

4.3
    Gotenna
  • Gotenna
Published: September 26, 2024

CVE-2024-47128

4.3
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47129

4.3
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47170

4.3
    Agnai
Published: September 26, 2024

CVE-2024-47171

4.3
    Agnai
Published: September 26, 2024

CVE-2024-8974

4.3
    Gitlab
  • Gitlab
Published: September 26, 2024

CVE-2024-45989

4.0
    Monica AI Assistant desktop application
Published: September 26, 2024

CVE-2024-0133

3.4
    Nvidia
  • Nvidia Container Toolkit
  • Nvidia Gpu Operator
    Linux
Published: September 26, 2024

CVE-2023-52947

3.3
    Synology
  • Active Backup For Business Agent
Published: September 26, 2024

CVE-2024-47123

3.1
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-47127

3.1
    Gotenna
  • Gotenna Pro
Published: September 26, 2024

CVE-2024-4278

2.7
    Gitlab
  • Gitlab
Published: September 26, 2024

CVE-2024-9203

2.5
    Enpass Password Manager
Published: September 26, 2024

CVE-2024-9166

None
    UNKNOWN
Published: September 26, 2024

CVE-2024-8118

None
    Grafana
Published: September 26, 2024
Click here to see more Vulnerabilities