Tag: 2024-10-01

7 Attack Reports | 111 Vulnerabilities

Attack reports

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. It offers features like Dork-based checker, generator, and SQL v…
sql injection
2024-10-01
2024-10-02
machine learning
vulnerability scanning
telemetry analysis
swiss army suite
underground tools
dork-based checker
s.a.s
web application security
Published: October 2, 2024
Downloadable IOCs: 8

Key Group: another ransomware group using leaked builders

Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tac…
ransomware
persistence
njrat
wiper
github
telegram
chaos
financially motivated
2024-10-01
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry
Published: October 1, 2024
Downloadable IOCs: 0

Unraveling the Sophisticated Attack Leveraging VS Code for Unauthorized Access

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…
apt
python
cyber espionage
lnk file
github
2024-10-01
remote tunnel
unauthorized access
vs code
scheduled task
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

New Android Spyware Campaign Targets South Koreans via AWS

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
android
spyware
south korea
cloud security
data exfiltration
aws
mobile malware
2024-10-01
stealth techniques
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

MDR in Action: Preventing The More_eggs Backdoor From Hatching

A sophisticated spear-phishing attack led to a more_eggs backdoor infection at a company. The attack began with an email to a senior executive, followed by a recruitment officer downloading a fake resume. The malicious file, disguised as a resume, contained obfuscated commands that executed when op…
backdoor
malware-as-a-service
2024-10-01
spear-phishing
skid
more_eggs
vision one
spicyomelette
terra loader
recruitment
golden chickens
mdr
Published: October 1, 2024
Downloadable IOCs: 10

Hadooken and K4Spreader: The 8220 Gang's Latest Arsenal

This analysis uncovers a significant infection chain targeting Windows and Linux systems through Oracle WebLogic vulnerabilities. The attackers, likely the 8220 Gang, exploit CVE-2017-10271 and CVE-2020-14883 to deploy malware including K4Spreader, Tsunami backdoor, and cryptominers. The infection …
china
botnet
cryptomining
brazil
pwnrig
tsunami
k4spreader
weblogic
hadooken
2024-10-01
CVE-2017-10271
CVE-2020-14883
Published: October 1, 2024
Linked vulnerabilities : CVE-2023-46604, CVE-2020-14883, CVE-2017-10271
Downloadable IOCs: 62

Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

A BlackCat ransomware intrusion began with a Nitrogen malware campaign impersonating Advanced IP Scanner. The attackers used Sliver and Cobalt Strike beacons for post-exploitation, leveraging Python scripts for memory loading. They performed network enumeration using various tools and moved lateral…
ransomware
blackcat
alphv
cobalt strike
sliver
credential harvesting
lateral movement
noberus
data exfiltration
2024-10-01
nitrogen
Published: October 1, 2024
Downloadable IOCs: 45
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-9359

9.8
    Code-Projects
  • Restaurant Reservation System
Published: October 1, 2024

CVE-2024-9360

9.8
    Code-Projects
  • Restaurant Reservation System
Published: October 1, 2024

CVE-2024-9106

9.8
    Wechat Social login plugin for WordPress
Published: October 1, 2024

CVE-2024-9108

9.8
    Wechat Social login plugin for WordPress
Published: October 1, 2024

CVE-2024-9265

9.8
    Coderevolution
  • Echo Rss Feed Post Generator
Published: October 1, 2024

CVE-2024-9289

9.8
    Redefiningtheweb
  • Affiliate Pro
Published: October 1, 2024

CVE-2024-41276

9.8
    Kaiten
Published: October 1, 2024

CVE-2024-9392

9.8
    Mozilla Firefox
    Mozilla Thunderbird
Published: October 1, 2024

CVE-2024-9401

9.8
    Thunderbird
    Firefox
Published: October 1, 2024

CVE-2024-9402

9.8
    Thunderbird
    Firefox
Published: October 1, 2024

CVE-2024-47608

9.8
    Definetlynotai
  • Logicytics
Published: October 1, 2024

CVE-2024-45999

9.8
    Magicbug
  • Cloudlog
Published: October 1, 2024

CVE-2024-25660

9.0
    Infinera TNMS (Transcend Network Management System)
Published: October 1, 2024

CVE-2024-7432

8.8
    WordPress Unseen Blog theme
Published: October 1, 2024

CVE-2024-7433

8.8
    WordPress Empowerment theme
Published: October 1, 2024

CVE-2024-7434

8.8
    UltraPress theme for WordPress
Published: October 1, 2024

CVE-2024-9018

8.8
    Plugingarden
  • Wp Easy Gallery
Published: October 1, 2024

CVE-2024-9396

8.8
    Firefox
    Firefox ESR
    Thunderbird
Published: October 1, 2024

CVE-2024-9400

8.8
    Firefox
    Firefox ESR
    Thunderbird
Published: October 1, 2024

CVE-2024-25632

8.6
    eLabFTW
Published: October 1, 2024

CVE-2024-21489

8.2
    uplot
Published: October 1, 2024

CVE-2024-47604

8.2
    NuGet Gallery
Published: October 1, 2024

CVE-2024-47295

8.1
    SEIKO EPSON Web Config
Published: October 1, 2024

CVE-2024-8548

8.1
    KB Support - WordPress Help Desk and Knowledge Base plugin
Published: October 1, 2024

CVE-2024-42514

8.1
    Mitel MiContact Center Business
Published: October 1, 2024

CVE-2024-46080

8.0
    Scriptcase
Published: October 1, 2024

CVE-2024-46084

8.0
    Scriptcase
Published: October 1, 2024

CVE-2024-47560

7.8
    RevoWorks Cloud Client
Published: October 1, 2024

CVE-2024-46258

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46259

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46261

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46263

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46264

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46267

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46274

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-46276

7.8
    Randygaul
  • Cute Png
Published: October 1, 2024

CVE-2024-25661

7.7
    Infinera TNMS (Transcend Network Management System)
Published: October 1, 2024

CVE-2024-45408

7.5
    eLabFTW
Published: October 1, 2024

CVE-2024-9393

7.5
    Mozilla
  • Firefox
  • Firefox Esr
  • Thunderbird
Published: October 1, 2024

CVE-2024-9394

7.5
    Mozilla
  • Firefox
  • Firefox Esr
  • Thunderbird
Published: October 1, 2024

CVE-2024-9399

7.5
    Mozilla
  • Firefox
  • Thunderbird
Published: October 1, 2024

CVE-2024-9403

7.3
    Firefox
    Thunderbird
Published: October 1, 2024

CVE-2024-7869

7.2
    WordPress 123.chat - Video Chat plugin
Published: October 1, 2024

CVE-2024-25659

7.2
    Infinera TNMS (Transcend Network Management System)
Published: October 1, 2024

CVE-2024-47524

7.2
    LibreNMS
Published: October 1, 2024

CVE-2024-8981

7.1
    Broken Link Checker plugin for WordPress
Published: October 1, 2024

CVE-2024-41673

7.1
    Decidim
Published: October 1, 2024

CVE-2023-7273

6.8
    Kiteworks OwnCloud
Published: October 1, 2024

CVE-2024-47071

6.8
    FreePBX OSS Endpoint Manager
Published: October 1, 2024

CVE-2023-3441

6.6
    GitLab EE/CE
Published: October 1, 2024

CVE-2024-47396

6.5
    Move Addons for Elementor
Published: October 1, 2024

CVE-2024-8632

6.5
    KB Support - WordPress Help Desk and Knowledge Base plugin
Published: October 1, 2024

CVE-2024-9224

6.5
    Kau-Boys
  • Hello World
Published: October 1, 2024

CVE-2024-9355

6.5
    UNKNOWN
Published: October 1, 2024

CVE-2024-8107

6.4
    Slider Revolution plugin for WordPress
Published: October 1, 2024

CVE-2024-8720

6.4
    RumbleTalk Live Group Chat - HTML5 plugin for WordPress
Published: October 1, 2024

CVE-2024-8989

6.4
    Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress
Published: October 1, 2024

CVE-2024-8990

6.4
    Geo Mashup plugin for WordPress
Published: October 1, 2024

CVE-2024-9119

6.4
    WordPress SVG Complete plugin
Published: October 1, 2024

CVE-2024-9269

6.4
    Relogo plugin for WordPress
Published: October 1, 2024

CVE-2024-9272

6.4
    R Animated Icon Plugin plugin for WordPress
Published: October 1, 2024

CVE-2024-9274

6.4
    Elastik Page Builder plugin for WordPress
Published: October 1, 2024

CVE-2024-9304

6.4
    WordPress LocateAndFilter plugin
Published: October 1, 2024

CVE-2024-8288

6.4
    Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin
Published: October 1, 2024

CVE-2024-8324

6.4
    XO Slider plugin for WordPress
Published: October 1, 2024

CVE-2024-9060

6.4
    AVIF & SVG Uploader plugin for WordPress
Published: October 1, 2024

CVE-2024-9118

6.4
    QS Dark Mode Plugin plugin for WordPress
Published: October 1, 2024

CVE-2024-8718

6.1
    Gravity Forms Toolbar plugin for WordPress
Published: October 1, 2024

CVE-2024-8727

6.1
    DK PDF plugin for WordPress
Published: October 1, 2024

CVE-2024-8728

6.1
    Easy Load More plugin for WordPress
Published: October 1, 2024

CVE-2024-9267

6.1
    Easy WordPress Subscribe - Optin Hound plugin for WordPress
Published: October 1, 2024

CVE-2024-8786

6.1
    Auto Featured Image from Title plugin for WordPress
Published: October 1, 2024

CVE-2024-8793

6.1
    Visser
  • Store Exporter For Woocommerce
Published: October 1, 2024

CVE-2024-8799

6.1
    Goldplugins
  • Custom Banners
Published: October 1, 2024

CVE-2024-9209

6.1
    Cornelraiu
  • Wp Search Analytics
Published: October 1, 2024

CVE-2024-9220

6.1
    Petershaw
  • Lh Copy Media File
Published: October 1, 2024

CVE-2024-9228

6.1
    Duckdev
  • Loggedin
Published: October 1, 2024

CVE-2024-9241

6.1
    Contempo
  • Pdf Image Generator
Published: October 1, 2024

CVE-2024-9397

6.1
    Mozilla
  • Firefox
  • Firefox Esr
  • Thunderbird
Published: October 1, 2024

CVE-2024-46079

6.1
    Scriptcase
Published: October 1, 2024

CVE-2024-44744

5.7
    Malwarebytes Premium Security
Published: October 1, 2024

CVE-2024-44610

5.6
    PCAN-Ethernet Gateway FD
    PCAN-Ethernet Gateway
Published: October 1, 2024

CVE-2024-46081

5.4
    Scriptcase
Published: October 1, 2024

CVE-2024-46083

5.4
    Scriptcase IDE
Published: October 1, 2024

CVE-2024-9341

5.4
    Docker
Published: October 1, 2024

CVE-2024-46082

5.4
    Scriptcase
Published: October 1, 2024

CVE-2024-47523

5.4
    Librenms
  • Librenms
Published: October 1, 2024

CVE-2024-47525

5.4
    Librenms
  • Librenms
Published: October 1, 2024

CVE-2024-47527

5.4
    Librenms
  • Librenms
Published: October 1, 2024

CVE-2024-47528

5.4
    LibreNMS
Published: October 1, 2024

CVE-2024-9358

5.3
    ThingsBoard
Published: October 1, 2024

CVE-2024-21531

5.3
    git-shallow-clone
Published: October 1, 2024

CVE-2024-8430

5.3
    Spice Starter Sites plugin for WordPress
Published: October 1, 2024

CVE-2024-9405

5.3
    Pluck CMS
Published: October 1, 2024

CVE-2024-9398

5.3
    Mozilla
  • Firefox
  • Firefox Esr
  • Thunderbird
Published: October 1, 2024

CVE-2024-0116

4.9
    NVIDIA Triton Inference Server
Published: October 1, 2024

CVE-2024-31835

4.8
    Flatpress
  • Flatpress
Published: October 1, 2024

CVE-2024-45967

4.7
    Pagekit
Published: October 1, 2024

CVE-2024-9407

4.7
    Docker
Published: October 1, 2024

CVE-2024-8675

4.3
    WordPress Soumettre.fr plugin
Published: October 1, 2024

CVE-2024-30132

3.7
    HCL Nomad server
    Domino
Published: October 1, 2024

CVE-2024-9411

3.5
    OFCMS
Published: October 1, 2024

CVE-2024-47526

3.5
    LibreNMS
Published: October 1, 2024

CVE-2024-9145

0.0
    Wiz Code Visual Studio Code extension
    Wiz (legacy) Visual Studio Code extension
Published: October 1, 2024

CVE-2024-47534

0.0
    go-tuf
Published: October 1, 2024

CVE-2024-47609

0.0
    Tonic
Published: October 1, 2024

CVE-2024-8421

None
    UNKNOWN
Published: October 1, 2024

CVE-2021-37577

None
    Bluetooth Core Specifications
Published: October 1, 2024

CVE-2024-25658

None
    Infinera TNMS (Transcend Network Management System) Server
Published: October 1, 2024

CVE-2024-9391

None
    Firefox Focus for Android
    Firefox
Published: October 1, 2024

CVE-2024-9395

None
    Firefox for Android
Published: October 1, 2024
Click here to see more Vulnerabilities