SecuriTricks - 2024-10-02

Title	Published	Tags	Description	Number of indicators
Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware	Oct. 2, 2024, 4:09 p.m.	obfuscation phishing github 2024-10-02 prince ransomware destructive attack royal mail open-source malware prince contact forms	A campaign impersonating Royal Mail was identified delivering Prince ransomware, an open-source variant available on GitHub. The …	3
People's Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations	Oct. 2, 2024, 12:14 p.m.	china ddos iot botnet cyber espionage mirai CVE-2024-29973 CVE-2024-4577 CVE-2024-5217 routers CVE-2023-3519 CVE-2023-46604 CVE-2023-46747 2024-10-02 CVE-2023-43478 CVE-2023-3852 CVE-2023-36844 network compromise CVE-2024-29269 CVE-2023-36542 CVE-2023-35885 CVE-2024-21762 CVE-2023-38035 CVE-2023-35843 CVE-2023-37582 CVE-2023-38646 CVE-2023-50386 CVE-2023-47218	PRC-linked cyber actors have compromised thousands of Internet-connected devices to create a botnet for malicious activities. Int…	169
Key Group uses leaked builders of ransomware and wipers	Oct. 2, 2024, 8:51 a.m.	phishing ransomware persistence njrat wiper telegram chaos 2024-10-02 xorist slam hakuna matata annabelle ruransom ux-cryptor multi-stage loaders leaked builders russian-speaking judge/nocry	Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group ha…	24
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning	Oct. 2, 2024, 1:12 a.m.	sql injection 2024-10-01 2024-10-02 machine learning vulnerability scanning telemetry analysis swiss army suite underground tools dork-based checker s.a.s web application security	Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services. T…	8

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-45519	10.0	Oct. 2, 2024, 10:15 p.m.	Zimbra Collaboration	cve@mitre.org 2024-10-02 CVE-2024-45519
CVE-2024-20432	9.9	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Fabric Controller	ykramarz@cisco.com CWE-77 2024-10-02 CVE-2024-20432
CVE-2024-45186	9.8	Oct. 2, 2024, 5:15 a.m.	FileSender	cve@mitre.org CWE-94 2024-10-02 CVE-2024-45186
CVE-2024-44097	9.8	Oct. 2, 2024, 2:15 p.m.	UNKNOWN	CWE-269 dsap-vuln-management@google.com 2024-10-02 CVE-2024-44097
CVE-2024-9441	9.8	Oct. 2, 2024, 7:15 p.m.	Linear eMerge e3-Series	CWE-78 disclosure@vulncheck.com 2024-10-02 CVE-2024-9441
CVE-2024-35293	9.1	Oct. 2, 2024, 10:15 a.m.	UNKNOWN	CWE-306 info@cert.vde.com 2024-10-02 CVE-2024-35293
CVE-2024-7855	8.8	Oct. 2, 2024, 5:15 a.m.	WP Hotel Booking plugin for WordPress	security@wordfence.com CWE-434 2024-10-02 CVE-2024-7855
CVE-2024-8885	8.8	Oct. 2, 2024, 1:15 p.m.	Sophos Intercept X for Windows with Central Device Encryption	CWE-1104 2024-10-02 CVE-2024-8885 security-alert@sophos.com
CVE-2024-20393	8.8	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers	CWE-285 ykramarz@cisco.com 2024-10-02 CVE-2024-20393
CVE-2024-20449	8.8	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Fabric Controller (NDFC)	ykramarz@cisco.com CWE-23 2024-10-02 CVE-2024-20449
CVE-2024-46626	8.8	Oct. 2, 2024, 5:15 p.m.	OS4ED openSIS-Classic	cve@mitre.org CWE-89 2024-10-02 CVE-2024-46626
CVE-2024-28888	8.8	Oct. 2, 2024, 9:15 p.m.	Foxit Reader	talos-cna@cisco.com CWE-416 2024-10-02 CVE-2024-28888
CVE-2024-7558	8.7	Oct. 2, 2024, 11:15 a.m.	Juju	security@ubuntu.com CWE-1391 2024-10-02 CVE-2024-7558
CVE-2024-20498	8.6	Oct. 2, 2024, 7:15 p.m.	Cisco AnyConnect VPN server of Cisco Meraki MX	ykramarz@cisco.com CWE-415 2024-10-02 CVE-2024-20498
CVE-2024-20499	8.6	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	ykramarz@cisco.com CWE-787 2024-10-02 CVE-2024-20499
CVE-2024-20501	8.6	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	ykramarz@cisco.com CWE-787 2024-10-02 CVE-2024-20501
CVE-2024-47806	8.1	Oct. 2, 2024, 4:15 p.m.	Jenkins OpenId Connect Authentication Plugin	jenkinsci-cert@googlegroups.com CWE-287 2024-10-02 CVE-2024-47806
CVE-2024-47807	8.1	Oct. 2, 2024, 4:15 p.m.	Jenkins OpenId Connect Authentication Plugin	jenkinsci-cert@googlegroups.com CWE-287 2024-10-02 CVE-2024-47807
CVE-2024-41290	8.1	Oct. 2, 2024, 5:15 p.m.	FlatPress CMS	cve@mitre.org 2024-10-02 CVE-2024-41290 CWE-315
CVE-2024-8733	8.0	Oct. 2, 2024, 8:15 p.m.	HP One Agent	hp-security-alert@hp.com CWE-426 2024-10-02 CVE-2024-8733
CVE-2024-8038	7.9	Oct. 2, 2024, 11:15 a.m.	juju	security@ubuntu.com CWE-420 2024-10-02 CVE-2024-8038
CVE-2024-7315	7.5	Oct. 2, 2024, 6:15 a.m.	Migration, Backup, Staging WordPress plugin	contact@wpscan.com 2024-10-02 CVE-2024-7315
CVE-2024-44017	7.5	Oct. 2, 2024, 10:15 a.m.	MH Board	audit@patchstack.com CWE-22 2024-10-02 CVE-2024-44017
CVE-2024-44030	7.2	Oct. 2, 2024, 10:15 a.m.	Mestres do WP Checkout Mestres WP	audit@patchstack.com CWE-22 2024-10-02 CVE-2024-44030
CVE-2024-20516	6.8	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042 Router	ykramarz@cisco.com CWE-122 2024-10-02 CVE-2024-20516
CVE-2024-20517	6.8	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042 Router	ykramarz@cisco.com CWE-122 2024-10-02 CVE-2024-20517
CVE-2024-20523	6.8	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20523
CVE-2024-20524	6.8	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042 Router	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20524
CVE-2024-47616	6.8	Oct. 2, 2024, 10:15 p.m.	Pomerium	security-advisories@github.com CWE-863 2024-10-02 CVE-2024-47616
CVE-2024-35294	6.5	Oct. 2, 2024, 11:15 a.m.	UNKNOWN	CWE-306 info@cert.vde.com 2024-10-02 CVE-2024-35294
CVE-2024-8037	6.5	Oct. 2, 2024, 11:15 a.m.	juju	security@ubuntu.com 2024-10-02 CVE-2024-8037
CVE-2024-20365	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco UCS B-Series	ykramarz@cisco.com CWE-77 2024-10-02 CVE-2024-20365
CVE-2024-20470	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV Series Dual WAN Gigabit VPN Routers	ykramarz@cisco.com 2024-10-02 CVE-2024-20470 CWE-146
CVE-2024-20515	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Identity Services Engine (ISE)	ykramarz@cisco.com CWE-311 2024-10-02 CVE-2024-20515
CVE-2024-20518	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20518
CVE-2024-20519	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042 Router	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20519
CVE-2024-20520	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20520
CVE-2024-20521	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers	ykramarz@cisco.com CWE-121 2024-10-02 CVE-2024-20521
CVE-2024-20522	6.5	Oct. 2, 2024, 5:15 p.m.	Cisco Small Business RV042, RV042G, RV320, and RV325 Routers	ykramarz@cisco.com CWE-122 2024-10-02 CVE-2024-20522
CVE-2024-8967	6.4	Oct. 2, 2024, 8:15 a.m.	WordPress Plugin - PWA - easy way to Progressive Web App	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-8967
CVE-2024-9172	6.4	Oct. 2, 2024, 8:15 a.m.	Demo Importer Plus plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9172
CVE-2024-8282	6.4	Oct. 2, 2024, 10:15 a.m.	Ibtana WordPress Website Builder plugin	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-8282
CVE-2024-8505	6.4	Oct. 2, 2024, 10:15 a.m.	WordPress Infinite Scroll - Ajax Load More plugin	security@wordfence.com 2024-10-02 CVE-2024-8505 CWE-87
CVE-2024-9429	6.3	Oct. 2, 2024, 1:15 p.m.	Restaurant Reservation System	CWE-89 cna@vuldb.com 2024-10-02 CVE-2024-9429
CVE-2024-20438	6.3	Oct. 2, 2024, 5:15 p.m.	Cisco NDFC	ykramarz@cisco.com CWE-693 2024-10-02 CVE-2024-20438
CVE-2024-20448	6.3	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Fabric Controller	ykramarz@cisco.com CWE-313 2024-10-02 CVE-2024-20448
CVE-2024-20490	6.3	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Fabric Controller (NDFC)	CWE-200 ykramarz@cisco.com 2024-10-02 CVE-2024-20490
CVE-2024-20491	6.3	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Insights	CWE-200 ykramarz@cisco.com 2024-10-02 CVE-2024-20491
CVE-2024-8800	6.1	Oct. 2, 2024, 8:15 a.m.	RabbitLoader - Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-8800
CVE-2024-9210	6.1	Oct. 2, 2024, 8:15 a.m.	MC4WP: Mailchimp Top Bar plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9210
CVE-2024-9222	6.1	Oct. 2, 2024, 8:15 a.m.	Paid Membership Subscriptions Plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9222
CVE-2024-9225	6.1	Oct. 2, 2024, 8:15 a.m.	SEOPress - On-site SEO plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9225
CVE-2024-9218	6.1	Oct. 2, 2024, 9:15 a.m.	Magazine Blocks - Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9218
CVE-2024-9344	6.1	Oct. 2, 2024, 9:15 a.m.	BerqWP Plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9344
CVE-2024-9378	6.1	Oct. 2, 2024, 9:15 a.m.	YML for Yandex Market plugin for WordPress	CWE-79 security@wordfence.com 2024-10-02 CVE-2024-9378
CVE-2024-20492	6.0	Oct. 2, 2024, 5:15 p.m.	Cisco Expressway Series	ykramarz@cisco.com CWE-77 2024-10-02 CVE-2024-20492
CVE-2024-20385	5.9	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Orchestrator	ykramarz@cisco.com CWE-295 2024-10-02 CVE-2024-20385
CVE-2024-20500	5.8	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	CWE-400 ykramarz@cisco.com 2024-10-02 CVE-2024-20500
CVE-2024-20502	5.8	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	CWE-400 ykramarz@cisco.com 2024-10-02 CVE-2024-20502
CVE-2024-20509	5.8	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	ykramarz@cisco.com CWE-362 2024-10-02 CVE-2024-20509
CVE-2024-20513	5.8	Oct. 2, 2024, 7:15 p.m.	Cisco Meraki MX	ykramarz@cisco.com CWE-639 2024-10-02 CVE-2024-20513
CVE-2024-20441	5.7	Oct. 2, 2024, 5:15 p.m.	Cisco NDFC	CWE-285 ykramarz@cisco.com 2024-10-02 CVE-2024-20441
CVE-2024-20444	5.5	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard Fabric Controller	ykramarz@cisco.com CWE-88 2024-10-02 CVE-2024-20444
CVE-2024-8254	5.4	Oct. 2, 2024, 7:15 a.m.	Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin	security@wordfence.com CWE-94 2024-10-02 CVE-2024-8254
CVE-2024-33210	5.4	Oct. 2, 2024, 4:15 p.m.	Flatpress	cve@mitre.org CWE-79 2024-10-02 CVE-2024-33210
CVE-2024-20442	5.4	Oct. 2, 2024, 5:15 p.m.	Cisco Nexus Dashboard	ykramarz@cisco.com CWE-862 2024-10-02 CVE-2024-20442
CVE-2024-20477	5.4	Oct. 2, 2024, 5:15 p.m.	Cisco NDFC	ykramarz@cisco.com CWE-862 2024-10-02 CVE-2024-20477
CVE-2024-9440	5.4	Oct. 2, 2024, 7:15 p.m.	Slim Select	CWE-79 disclosure@vulncheck.com 2024-10-02 CVE-2024-9440
CVE-2024-9423	5.3	Oct. 2, 2024, 4:15 p.m.	HP LaserJet printers	hp-security-alert@hp.com CWE-241 2024-10-02 CVE-2024-9423
CVE-2024-45960	4.8	Oct. 2, 2024, 8:15 p.m.	Zenario	cve@mitre.org CWE-79 2024-10-02 CVE-2024-45960
CVE-2024-45964	4.8	Oct. 2, 2024, 8:15 p.m.	Zenario	cve@mitre.org CWE-79 2024-10-02 CVE-2024-45964
CVE-2024-45962	4.7	Oct. 2, 2024, 8:15 p.m.	October	cve@mitre.org CWE-79 2024-10-02 CVE-2024-45962
CVE-2024-45965	4.7	Oct. 2, 2024, 8:15 p.m.	Contao	cve@mitre.org CWE-79 2024-10-02 CVE-2024-45965
CVE-2024-21530	4.5	Oct. 2, 2024, 5:15 a.m.	cocoon	report@snyk.io CWE-323 2024-10-02 CVE-2024-21530
CVE-2024-47612	3.5	Oct. 2, 2024, 3:15 p.m.	MediaWiki DataDump extension	security-advisories@github.com CWE-79 2024-10-02 CVE-2024-47612
CVE-2024-47611	0.0	Oct. 2, 2024, 3:15 p.m.	XZ Utils	security-advisories@github.com CWE-176 2024-10-02 CVE-2024-47611
CVE-2024-33662	None	Oct. 2, 2024, 5:15 a.m.	Portainer	cve@mitre.org 2024-10-02 CVE-2024-33662
CVE-2024-9174	None	Oct. 2, 2024, 6:15 a.m.	M-Files Hubshare	CWE-79 security@m-files.com 2024-10-02 CVE-2024-9174
CVE-2024-9333	None	Oct. 2, 2024, 6:15 a.m.	M-Files Connector for Copilot	CWE-281 security@m-files.com 2024-10-02 CVE-2024-9333
CVE-2024-44193	None	Oct. 2, 2024, 3:15 p.m.	iTunes for Windows	product-security@apple.com 2024-10-02 CVE-2024-44193
CVE-2024-33209	None	Oct. 2, 2024, 4:15 p.m.	FlatPress	cve@mitre.org 2024-10-02 CVE-2024-33209
CVE-2024-47803	None	Oct. 2, 2024, 4:15 p.m.	Jenkins	jenkinsci-cert@googlegroups.com 2024-10-02 CVE-2024-47803
CVE-2024-47804	None	Oct. 2, 2024, 4:15 p.m.	Jenkins	jenkinsci-cert@googlegroups.com 2024-10-02 CVE-2024-47804
CVE-2024-47805	None	Oct. 2, 2024, 4:15 p.m.	Jenkins Credentials Plugin	jenkinsci-cert@googlegroups.com 2024-10-02 CVE-2024-47805
CVE-2024-6360	None	Oct. 2, 2024, 4:15 p.m.	OpenText™ Vertica	CWE-732 security@opentext.com 2024-10-02 CVE-2024-6360
CVE-2024-24122	None	Oct. 2, 2024, 6:15 p.m.	Yitu project	cve@mitre.org 2024-10-02 CVE-2024-24122
CVE-2024-24116	None	Oct. 2, 2024, 7:15 p.m.	Ruijie RG-NBS2009G-P RGOS	cve@mitre.org 2024-10-02 CVE-2024-24116
CVE-2024-43795	None	Oct. 2, 2024, 8:15 p.m.	COSMOS Open Source Edition	security-advisories@github.com CWE-79 2024-10-02 CVE-2024-43795
CVE-2024-46977	None	Oct. 2, 2024, 8:15 p.m.	OpenC3 COSMOS	security-advisories@github.com CWE-22 2024-10-02 CVE-2024-46977
CVE-2024-47529	None	Oct. 2, 2024, 8:15 p.m.	OpenC3 COSMOS	security-advisories@github.com CWE-312 2024-10-02 CVE-2024-47529
CVE-2024-24117	None	Oct. 2, 2024, 9:15 p.m.	Ruijie RG-NBS2009G-P RGOS	cve@mitre.org 2024-10-02 CVE-2024-24117

» Click here to see all Vulnerabilities «

Tag : 2024-10-02

Attack Reports

Vulnerabilities