SecuriTricks - 2024-10-03

Attack Reports

Title	Published	Tags	Description	Number of indicators
Stonefly: Extortion Attacks Continue Against U.S. Targets	Oct. 3, 2024, 5:08 p.m.	mimikatz 2024-10-03 plink snap2html megatools	In several of the attacks, Stonefly’s custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed. This tool is exclusively …	50
XWorm: Analysis of Latest Version and Execution Flow	Oct. 3, 2024, 3:16 p.m.	xworm infection chain remote access process injection 2024-10-03 evasion techniques reflective loading telegram notification	XWorm, a versatile tool discovered in 2022, enables attackers to access sensitive information, gain remote access, and deploy add…	8
The Dark Knight Returns: Joker malware analysis	Oct. 3, 2024, 2:43 p.m.	evasion steganography dns tunneling social media 2024-10-03 command and control apt41 cloud services domain fronting	The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malwar…	8
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand	Oct. 3, 2024, 9:50 a.m.	social engineering data exfiltration advanced persistent threat 2024-10-03 custom malware multi-industry targeting persistence techniques network infiltration	This intelligence report details a sophisticated malware campaign targeting multiple industries across various countries. The thr…	16

» Click here to see all Attack Reports «

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-9313	8.8	Oct. 3, 2024, 11:15 a.m.	Authd PAM module	security@ubuntu.com 2024-10-03 CVE-2024-9313
CVE-2024-41589	8.8	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org CWE-287 2024-10-03 CVE-2024-41589
CVE-2024-36474	8.4	Oct. 3, 2024, 4:15 p.m.	GNOME Project G Structured File Library (libgsf)	talos-cna@cisco.com CWE-190 2024-10-03 CVE-2024-36474
CVE-2024-42415	8.4	Oct. 3, 2024, 4:15 p.m.	GNOME Structured File Library (libgsf)	talos-cna@cisco.com CWE-190 2024-10-03 CVE-2024-42415
CVE-2024-41586	8.0	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org CWE-121 2024-10-03 CVE-2024-41586
CVE-2024-41592	8.0	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910	cve@mitre.org CWE-121 2024-10-03 CVE-2024-41592
CVE-2024-41595	8.0	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org CWE-125 2024-10-03 CVE-2024-41595
CVE-2024-41596	8.0	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org CWE-120 2024-10-03 CVE-2024-41596
CVE-2024-47134	7.8	Oct. 3, 2024, 3:15 a.m.	Kostac PLC Programming Software (Formerly Koyo PLC Programming Software)	vultures@jpcert.or.jp CWE-787 2024-10-03 CVE-2024-47134
CVE-2024-47135	7.8	Oct. 3, 2024, 3:15 a.m.	Kostac PLC Programming Software (Formerly Koyo PLC Programming Software)	vultures@jpcert.or.jp CWE-121 2024-10-03 CVE-2024-47135
CVE-2024-47136	7.8	Oct. 3, 2024, 3:15 a.m.	Kostac PLC Programming Software (Former name: Koyo PLC Programming Software)	vultures@jpcert.or.jp CWE-125 2024-10-03 CVE-2024-47136
CVE-2024-39755	7.8	Oct. 3, 2024, 4:15 p.m.	Veertu Anka Build	talos-cna@cisco.com CWE-282 2024-10-03 CVE-2024-39755
CVE-2024-8352	7.5	Oct. 3, 2024, 4:15 a.m.	Social Web Suite - Social Media Auto Post, Social Media Auto Publish plugin for WordPress	security@wordfence.com CWE-22 2024-10-03 CVE-2024-8352
CVE-2024-47614	7.5	Oct. 3, 2024, 3:15 p.m.	async-graphql	security-advisories@github.com CWE-770 2024-10-03 CVE-2024-47614
CVE-2024-5803	7.5	Oct. 3, 2024, 3:15 p.m.	AVG/Avast Antivirus	CWE-367 security@nortonlifelock.com 2024-10-03 CVE-2024-5803
CVE-2024-25590	7.5	Oct. 3, 2024, 4:15 p.m.	UNKNOWN	CWE-20 security@open-xchange.com 2024-10-03 CVE-2024-25590
CVE-2024-41163	7.5	Oct. 3, 2024, 4:15 p.m.	Veertu Anka	talos-cna@cisco.com CWE-22 2024-10-03 CVE-2024-41163
CVE-2024-41922	7.5	Oct. 3, 2024, 4:15 p.m.	Veertu Anka	talos-cna@cisco.com CWE-22 2024-10-03 CVE-2024-41922
CVE-2024-47561	7.3	Oct. 3, 2024, 11:15 a.m.	Apache Avro	security@apache.org CWE-502 2024-10-03 CVE-2024-47561
CVE-2024-9460	7.3	Oct. 3, 2024, 3:15 p.m.	Codezips Online Shopping Portal	CWE-89 cna@vuldb.com 2024-10-03 CVE-2024-9460
CVE-2024-9100	6.5	Oct. 3, 2024, 3:15 p.m.	Zohocorp ManageEngine Analytics Plus	CWE-22 0fc0942c-577d-436f-ae8e-945763c79b02 2024-10-03 CVE-2024-9100
CVE-2024-45870	6.5	Oct. 3, 2024, 4:15 p.m.	Bandisoft BandiView	cve@mitre.org CWE-284 2024-10-03 CVE-2024-45870
CVE-2024-8159	6.4	Oct. 3, 2024, 6:15 a.m.	Deep Freeze	CWE-125 help@fluidattacks.com 2024-10-03 CVE-2024-8159
CVE-2024-45871	6.3	Oct. 3, 2024, 5:15 p.m.	Bandisoft BandiView	cve@mitre.org CWE-20 2024-10-03 CVE-2024-45871
CVE-2024-45872	6.3	Oct. 3, 2024, 5:15 p.m.	Bandisoft BandiView	cve@mitre.org CWE-122 2024-10-03 CVE-2024-45872
CVE-2024-47617	6.1	Oct. 3, 2024, 3:15 p.m.	Sulu CMS	security-advisories@github.com CWE-79 2024-10-03 CVE-2024-47617
CVE-2024-47762	5.8	Oct. 3, 2024, 6:15 p.m.	@backstage/plugin-app-backend	security-advisories@github.com CWE-440 2024-10-03 CVE-2024-47762
CVE-2024-8508	5.3	Oct. 3, 2024, 5:15 p.m.	NLnet Labs Unbound	2024-10-03 CVE-2024-8508 sep@nlnetlabs.nl CWE-606
CVE-2024-41583	4.7	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910	cve@mitre.org CWE-79 2024-10-03 CVE-2024-41583
CVE-2024-41584	4.7	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910	cve@mitre.org CWE-79 2024-10-03 CVE-2024-41584
CVE-2024-9266	4.7	Oct. 3, 2024, 7:15 p.m.	Express	CWE-601 36c7be3b-2937-45df-85ea-ca7133ea542c 2024-10-03 CVE-2024-9266
CVE-2024-42504	4.3	Oct. 3, 2024, 7:15 a.m.	HPE IceWall Agent	security-alert@hpe.com CWE-352 2024-10-03 CVE-2024-42504
CVE-2024-0123	3.3	Oct. 3, 2024, 5:15 p.m.	NVIDIA CUDA toolkit	psirt@nvidia.com 2024-10-03 CVE-2024-0123 CWE-1285
CVE-2024-0124	3.3	Oct. 3, 2024, 5:15 p.m.	NVIDIA CUDA Toolkit	CWE-416 psirt@nvidia.com 2024-10-03 CVE-2024-0124
CVE-2024-0125	3.3	Oct. 3, 2024, 5:15 p.m.	NVIDIA CUDA Toolkit	CWE-476 psirt@nvidia.com 2024-10-03 CVE-2024-0125
CVE-2024-47554	None	Oct. 3, 2024, 12:15 p.m.	Apache Commons IO	CWE-400 security@apache.org 2024-10-03 CVE-2024-47554
CVE-2024-47618	None	Oct. 3, 2024, 3:15 p.m.	Sulu	security-advisories@github.com CWE-79 2024-10-03 CVE-2024-47618
CVE-2024-7824	None	Oct. 3, 2024, 5:15 p.m.	Webroot SecureAnywhere - Web Shield	security@opentext.com CWE-843 2024-10-03 CVE-2024-7824
CVE-2024-7825	None	Oct. 3, 2024, 5:15 p.m.	Webroot SecureAnywhere - Web Shield	security@opentext.com CWE-843 2024-10-03 CVE-2024-7825
CVE-2024-7826	None	Oct. 3, 2024, 5:15 p.m.	Webroot SecureAnywhere - Web Shield	security@opentext.com CWE-754 2024-10-03 CVE-2024-7826
CVE-2023-37822	None	Oct. 3, 2024, 6:15 p.m.	Eufy HomeBase 2 model T8010X	cve@mitre.org 2024-10-03 CVE-2023-37822
CVE-2024-34535	None	Oct. 3, 2024, 6:15 p.m.	Mastodon	cve@mitre.org 2024-10-03 CVE-2024-34535
CVE-2024-41987	None	Oct. 3, 2024, 6:15 p.m.	TEM Opera Plus FM Family Transmitter	CWE-352 ics-cert@hq.dhs.gov 2024-10-03 CVE-2024-41987
CVE-2024-41988	None	Oct. 3, 2024, 6:15 p.m.	TEM Opera Plus FM Family Transmitter	ics-cert@hq.dhs.gov CWE-306 2024-10-03 CVE-2024-41988
CVE-2024-41585	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910	cve@mitre.org 2024-10-03 CVE-2024-41585
CVE-2024-41587	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org 2024-10-03 CVE-2024-41587
CVE-2024-41588	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910	cve@mitre.org 2024-10-03 CVE-2024-41588
CVE-2024-41590	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org 2024-10-03 CVE-2024-41590
CVE-2024-41591	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor3910 devices	cve@mitre.org 2024-10-03 CVE-2024-41591
CVE-2024-41593	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org 2024-10-03 CVE-2024-41593
CVE-2024-41594	None	Oct. 3, 2024, 7:15 p.m.	DrayTek Vigor310	cve@mitre.org 2024-10-03 CVE-2024-41594
CVE-2024-46658	None	Oct. 3, 2024, 9:15 p.m.	Syrotech SY-GOPON-8OLT-L3	cve@mitre.org 2024-10-03 CVE-2024-46658

» Click here to see all Vulnerabilities «

Tag : 2024-10-03