Tag: 2024-09-27

8 Attack Reports | 166 Vulnerabilities

Attack reports

Analyzing the Newest Turla Backdoor

The Russian APT group Turla has launched a new campaign using shortcut files to infect systems with a fileless backdoor. The malware employs evasion techniques such as disabling ETW and AMSI, and unhooking. The attack begins with a shortcut file mimicking a PDF, which creates a file executed using …
backdoor
apt
2024-09-27
Published: September 27, 2024
Downloadable IOCs: 5

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

This report provides a comprehensive analysis of the toolset used by the Russia-aligned Gamaredon APT group to conduct cyberespionage activities against Ukraine in 2022 and 2023. The group has been active since 2013 and is currently the most prolific threat actor targeting Ukrainian governmental in…
apt
backdoors
stealers
2024-09-27
Published: September 27, 2024
Downloadable IOCs: 50

MimiStick — imitators of Sticky Werewolf

F.A.C.C.T. Threat Intelligence discovered a malicious file targeting Russian defense industry enterprises. Initially thought to be the work of Sticky Werewolf, further analysis revealed a new threat actor named MimiStick. The attack used a PDF lure mimicking a letter from the Russian Ministry of La…
2024-09-27
mimistick
Published: September 27, 2024
Downloadable IOCs: 14

Unraveling SloppyLemming’s Operations Across South Asia

An investigation reveals SloppyLemming, an advanced threat actor targeting South and East Asian countries, particularly Pakistan. The group uses multiple cloud services for credential harvesting, malware delivery, and command and control. Their operations focus on government, law enforcement, energ…
cobalt strike
havoc
2024-09-27
nekrowire
Published: September 27, 2024
Linked vulnerabilities : CVE-2023-38831
Downloadable IOCs: 96

Inside the Dragon: DragonForce Ransomware Group

In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware. Dr…
2024-09-27
dragonforce
lockbit3.0
Published: September 27, 2024
Downloadable IOCs: 5

Infrastructure linking PandorahVNC and Mesh Central

This analysis investigates PandorahVNC, a sophisticated Hidden Virtual Network Computing tool, and its connections to a new service called AnonVNC. The report explores the online presence of the tool's creator, known as 'All_father', and examines the infrastructure used for both PandorahVNC and Ano…
2024-09-27
meshcentral
pandorahvnc
Published: September 27, 2024
Downloadable IOCs: 11

LummaC2: Obfuscation Through Indirect Control Flow

This analysis examines a control flow obfuscation technique used by recent LummaC2 stealer samples. The malware employs customized control flow indirection to manipulate execution, hindering reverse engineering and automated analysis. The obfuscation transforms functions into 'dispatcher blocks' th…
lummac2
2024-09-27
Published: September 27, 2024
Downloadable IOCs: 0

Wallet Scam: A Case Study in Crypto Drainer Tactics

A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The …
social engineering
mobile malware
2024-09-27
crypto drainer
walletconnect
Published: September 27, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-8607

9.8
    Oceanicsoft
  • Valeapp
Published: September 27, 2024

CVE-2024-8643

9.8
    Oceanicsoft
  • Valeapp
Published: September 27, 2024

CVE-2024-9280

9.8
    Kvf-Admin Project
  • Kvf-Admin
Published: September 27, 2024

CVE-2024-6981

9.8
    OMNTEC Proteus Tank Monitoring OEL8000III Series
Published: September 27, 2024

CVE-2024-8310

9.8
    OPW Fuel Management Systems SiteSentinel
Published: September 27, 2024

CVE-2024-8630

9.8
    Alisonic
  • Sibylla Firmware
  • Sibylla
Published: September 27, 2024

CVE-2024-46256

9.8
    NginxProxyManager
  • Version(s): 2.11.3
Published: September 27, 2024

CVE-2024-46367

9.6
    Webkul Krayin CRM
  • Version(s): 1.3.0
Published: September 27, 2024

CVE-2024-47070

9.0
    authentik
  • Version(s): before 2024.8.3, before 2024.6.5
Published: September 27, 2024

CVE-2024-8922

8.8
    Piwebsolution
  • Product Enquiry For Woocommerce
Published: September 27, 2024

CVE-2024-46441

8.8
    YPay
  • Version(s): 1.2.0
Published: September 27, 2024

CVE-2024-7149

8.8
    Themewinter
  • Eventin
Published: September 27, 2024

CVE-2024-6983

8.8
    mudler/localai
  • Version(s): 2.17.1
Published: September 27, 2024

CVE-2024-46366

8.8
    Webkul Krayin CRM
  • Version(s): 1.3.0
Published: September 27, 2024

CVE-2024-28948

8.8
    Advantech
  • Adam-5630 Firmware
  • Adam-5630
Published: September 27, 2024

CVE-2024-39275

8.8
    Advantech
  • Adam-5630 Firmware
  • Adam-5630
Published: September 27, 2024

CVE-2024-33368

8.8
    UNKNOWN
Published: September 27, 2024

CVE-2024-33369

8.8
    Plasmoapp RPShare Fabric
  • Version(s): 1.0.0
Published: September 27, 2024

CVE-2024-9293

8.8
    Skyselang
  • Yyladmin
Published: September 27, 2024

CVE-2024-46472

8.6
    CodeAstro Membership Management System
  • Version(s): 1.0
Published: September 27, 2024

CVE-2024-40510

8.2
    Openpetra
  • Openpetra
Published: September 27, 2024

CVE-2024-46097

8.1
    TestLink
  • Version(s): 1.9.20
Published: September 27, 2024

CVE-2024-39435

7.8
    Google
  • Android
    Unisoc
Published: September 27, 2024

CVE-2024-46804

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46811

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46813

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46814

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46818

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46821

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46831

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46833

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46836

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46844

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46845

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46849

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46852

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46853

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46859

7.8
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-7713

7.5
    Ays-Pro
  • Chatgpt Assistant
Published: September 27, 2024

CVE-2024-7714

7.5
    Ays-Pro
  • Chatgpt Assistant
Published: September 27, 2024

CVE-2024-9029

7.5
    FreeImage
Published: September 27, 2024

CVE-2024-47293

7.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-47294

7.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-9136

7.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-8609

7.5
    Oceanicsoft
  • Valeapp
Published: September 27, 2024

CVE-2024-8644

7.5
    Oceanicsoft
  • Valeapp
Published: September 27, 2024

CVE-2024-45773

7.5
    Facebook Thrift
  • Version(s): before v2024.09.09.00
Published: September 27, 2024

CVE-2024-47182

7.5
    Amirraminfar
  • Dozzle
Published: September 27, 2024

CVE-2024-44910

7.5
    Nasa
  • Cryptolib
Published: September 27, 2024

CVE-2024-44911

7.5
    Nasa
  • Cryptolib
Published: September 27, 2024

CVE-2024-44912

7.5
    Nasa
  • Cryptolib
Published: September 27, 2024

CVE-2024-46471

7.5
    CodeAstro Membership Management System
  • Version(s): 1.0
Published: September 27, 2024

CVE-2024-9301

7.5
    Netflix
  • E2nest
Published: September 27, 2024

CVE-2024-23586

7.5
    Hcltech
  • Hcl Nomad
  • Domino
Published: September 27, 2024

CVE-2024-40511

7.3
    openPetra
  • Version(s): v.2023.02
Published: September 27, 2024

CVE-2024-40512

7.3
    openPetra
  • Version(s): v.2023.02
Published: September 27, 2024

CVE-2024-40509

7.3
    openPetra
  • Version(s): 2023.02
Published: September 27, 2024

CVE-2024-9130

7.2
    Givewp
  • Givewp
Published: September 27, 2024

CVE-2024-46331

7.2
    ModStartCMS
  • Version(s): 8.8.0
Published: September 27, 2024

CVE-2024-46854

7.1
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46865

7.1
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46858

7.0
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-47077

6.5
    authentik
  • Version(s): < 2024.8.3, < 2024.6.5
Published: September 27, 2024

CVE-2024-9284

6.5
    TP-LINK TL-WR841ND
  • Version(s): up to 20240920
Published: September 27, 2024

CVE-2024-9275

6.3
    jeanmarc77 123solar
  • Version(s): up to 1.8.4.5
Published: September 27, 2024

CVE-2024-39364

6.3
    Advantech ADAM-5630
Published: September 27, 2024

CVE-2024-46257

6.3
    NginxProxyManager
  • Version(s): 2.11.3
Published: September 27, 2024

CVE-2024-9294

6.3
    dingfanzu CMS
  • Version(s): UNKNOWN
Published: September 27, 2024

CVE-2024-6931

6.1
    Stellarwp
  • The Events Calendar
Published: September 27, 2024

CVE-2024-46470

6.1
    CodeAstro Membership Management System
  • Version(s): 1.0
Published: September 27, 2024

CVE-2024-25411

6.1
    Flatpress
  • Version(s): 1.3
Published: September 27, 2024

CVE-2024-25412

6.1
    Flatpress
  • Flatpress
Published: September 27, 2024

CVE-2024-38308

6.1
    Advantech
  • Adam 5550-Firmware
  • Adam-5550
Published: September 27, 2024

CVE-2024-46453

6.1
    Honeywell
  • Iq3xcite Firmware
  • Iq3xcite
Published: September 27, 2024

CVE-2024-47186

6.1
    Filamentphp
  • Filament
Published: September 27, 2024

CVE-2024-38796

5.9
    EDK2
Published: September 27, 2024

CVE-2024-34542

5.7
    Advantech
  • Adam-5630 Firmware
  • Adam-5630
Published: September 27, 2024

CVE-2024-37187

5.7
    Advantech
  • Adam-5550 Firmware
  • Adam-5550
Published: September 27, 2024

CVE-2024-47290

5.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-47291

5.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-47292

5.5
    Huawei
  • Emui
  • Harmonyos
Published: September 27, 2024

CVE-2024-46802

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46803

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46805

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46806

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46807

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46808

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46809

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46810

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46819

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46822

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46824

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46829

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46832

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46834

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46835

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46837

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46838

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46840

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46841

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46842

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46843

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46846

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46847

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46848

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46855

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46856

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46857

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46860

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46861

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46862

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46863

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46864

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46866

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46867

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46868

5.5
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-8965

5.4
    Codesupply
  • Absolute Reviews
Published: September 27, 2024

CVE-2024-8681

5.4
    Leap13
  • Premium Addons For Elementor
Published: September 27, 2024

CVE-2024-8991

5.4
    Hyumika
  • Openstreetmap
Published: September 27, 2024

CVE-2024-9049

5.4
    Fastlinemedia
  • Beaver Builder
Published: September 27, 2024

CVE-2024-8608

5.4
    Oceanicsoft
  • Valeapp
Published: September 27, 2024

CVE-2024-9291

5.4
    Kvf-Admin Project
  • Kvf-Admin
Published: September 27, 2024

CVE-2024-45863

5.3
    Facebook Thrift
  • Version(s): v2024.09.09.00, v2024.09.23.00
Published: September 27, 2024

CVE-2024-38809

5.3
    UNKNOWN
Published: September 27, 2024

CVE-2024-45745

5.0
    TopQuadrant TopBraid EDG
  • Version(s): before 8.0.1
Published: September 27, 2024

CVE-2024-9279

4.8
    Funnyzpc
  • Mee-Admin
Published: September 27, 2024

CVE-2024-47184

4.8
    Ampache
  • Ampache
Published: September 27, 2024

CVE-2024-46333

4.8
    Piwigo
  • Version(s): 14.5.0
Published: September 27, 2024

CVE-2024-9278

4.7
    HuankeMao SCRM
  • Version(s): up to 0.0.3
Published: September 27, 2024

CVE-2024-46850

4.7
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-46851

4.7
    Linux
  • Linux Kernel
Published: September 27, 2024

CVE-2024-39431

4.5
    Google
  • Android
    Unisoc
Published: September 27, 2024

CVE-2024-39432

4.5
    Google
  • Android
    Unisoc
Published: September 27, 2024

CVE-2024-39433

4.4
    Google
  • Android
    Unisoc
Published: September 27, 2024

CVE-2024-39434

4.4
    Google
  • Android
    Unisoc
Published: September 27, 2024

CVE-2024-9281

4.3
    Bg5sbk
  • Minicms
Published: September 27, 2024

CVE-2024-9282

4.3
    Bg5sbk
  • Minicms
Published: September 27, 2024

CVE-2024-9276

3.5
    TMsoft MyAuth Gateway
  • Version(s): 3
Published: September 27, 2024

CVE-2024-9277

3.5
    Langflow
  • Version(s): up to 1.0.18
Published: September 27, 2024

CVE-2024-9283

3.3
    RelaxedJS ReLaXed
  • Version(s): up to 0.2.2
Published: September 27, 2024

CVE-2024-45744

3.0
    TopQuadrant TopBraid EDG
  • Version(s): 7.1.3, 7.3
Published: September 27, 2024

CVE-2024-7011

None
    Sharp NEC Projectors
Published: September 27, 2024

CVE-2024-7400

None
    ESET Antivirus
Published: September 27, 2024

CVE-2024-38861

None
    MikroTik
  • Version(s): 2.0.0 - 2.5.5, 0.4a_mk - 2.0a
Published: September 27, 2024

CVE-2024-41930

None
    MF Teacher Performance Management System
  • Version(s): 6
Published: September 27, 2024

CVE-2024-6654

None
    ESET security product for macOS
Published: September 27, 2024

CVE-2024-9202

None
    Eclipse Dataspace Components
  • Version(s): 0.1.3, 0.9.0
Published: September 27, 2024

CVE-2024-46812

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46815

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46816

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46817

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46820

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46823

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46825

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46826

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46827

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46828

None
    Linux kernel
Published: September 27, 2024

CVE-2024-46830

None
    Linux kernel
  • Version(s): 6.10.0-rc7-332d2c1d713e-next-vm #552 and prior
Published: September 27, 2024

CVE-2024-46839

None
    UNKNOWN
Published: September 27, 2024

CVE-2024-3373

None
    RSM Design Website Template
  • Version(s): before 1.2
Published: September 27, 2024

CVE-2024-22170

None
    Western Digital My Cloud
  • Version(s): before 5.29.102
Published: September 27, 2024

CVE-2024-9171

None
    UNKNOWN
Published: September 27, 2024

CVE-2024-9268

None
    UNKNOWN
Published: September 27, 2024

CVE-2024-9273

None
    UNKNOWN
Published: September 27, 2024

CVE-2024-9160

None
    PEADM Forge Module
  • Version(s): before 3.24.0
Published: September 27, 2024

CVE-2024-6436

None
    Rockwell Automation Sequence Manager
Published: September 27, 2024
Click here to see more Vulnerabilities