Tag: 2024-10-14

7 Attack Reports | 77 Vulnerabilities

Attack reports

Core Werewolf hones its arsenal against Russia’s government organizations

BI.ZONE Threat Intelligence continues monitoring a threat actor called Core Werewolf, which has targeted Russia's defense industry and critical infrastructure since 2021. In its recent campaigns, the adversary employed a new loader written in AutoIt and started delivering malicious files via Telegr…
loader
russia
autoit
telegram
2024-10-14
delivery
Published: October 14, 2024
Downloadable IOCs: 25

Technical Analysis of a Novel IMEEX Framework

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command ex…
malware
windows
persistence
infrastructure
stealth
2024-10-14
imeex
Published: October 14, 2024
Downloadable IOCs: 9

The Mongolian Skimmer: different clothes, equally dangerous

This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
obfuscation
cybercrime
malicious
skimming
underground
2024-10-14
Published: October 14, 2024
Downloadable IOCs: 13

LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits

This report details the tactics and techniques employed by the LemonDuck cryptomining malware, which exploits the SMB service by leveraging the EternalBlue vulnerability (CVE-2017-0144). After gaining initial access through brute-force attacks, the malware creates malicious files, disables security…
persistence
malicious scripts
credential theft
cryptomining
CVE-2017-0144
lemonduck
2024-10-14
network manipulation
Published: October 14, 2024
Linked vulnerabilities : CVE-2017-0144, CVE-2023-46865
Downloadable IOCs: 8

Threat actors use ChatGPT to write malware

OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing ema…
social engineering
sugargh0st rat
reconnaissance
chatgpt
spear-phishing
2024-10-14
threat actors
cyber operations
openai
Published: October 14, 2024
Downloadable IOCs: 1

Advanced Cyberattacks Against UAE and Gulf Regions

Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
cyber espionage
credential theft
oilrig
CVE-2024-30088
privilege escalation
microsoft exchange
2024-10-14
apt34
stealhook
iis malware
gulf region
uae
Published: October 14, 2024
Linked vulnerabilities : CVE-2024-30088 (CVSS 7.0)
Downloadable IOCs: 17

Lynx Ransomware: A Rebranding of INC Ransomware

Lynx ransomware, discovered in July 2024, is a successor to INC ransomware targeting organizations in retail, real estate, architecture, and financial services in the U.S. and UK. It shares significant source code with INC and operates as a ransomware-as-a-service model. Lynx employs double extorti…
linux
ransomware
windows
encryption
data leak
raas
double extortion
2024-10-14
lynx ransomware
inc ransomware
Published: October 14, 2024
Downloadable IOCs: 44
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-9921

9.8
    Teamplus
  • Team\+ Pro
Published: October 14, 2024

CVE-2024-9924

9.8
    UNKNOWN
Published: October 14, 2024

CVE-2024-48253

9.8
    Magicbug
  • Cloudlog
Published: October 14, 2024

CVE-2024-48255

9.8
    Magicbug
  • Cloudlog
Published: October 14, 2024

CVE-2024-48251

9.8
    Wavelog
  • Wavelog
Published: October 14, 2024

CVE-2024-48257

9.8
    Wavelog
  • Wavelog
Published: October 14, 2024

CVE-2024-48150

9.8
    D-Link DIR-820L
Published: October 14, 2024

CVE-2024-48153

9.8
    DrayTek Vigor3900
Published: October 14, 2024

CVE-2024-46535

9.8
    Jepaas
Published: October 14, 2024

CVE-2024-48168

9.8
    D-Link DCS-960L
Published: October 14, 2024

CVE-2024-48823

9.8
    Automatic Systems Maintenance SlimLane
Published: October 14, 2024

CVE-2024-9137

9.4
    Moxa
Published: October 14, 2024

CVE-2023-48082

9.1
    Nagios XI
Published: October 14, 2024

CVE-2023-50780

8.8
    Apache
  • Activemq Artemis
Published: October 14, 2024

CVE-2024-45733

8.8
    Splunk
  • Splunk
    Microsoft
Published: October 14, 2024

CVE-2024-48822

8.8
    Automatic Systems Maintenance SlimLane
Published: October 14, 2024

CVE-2024-45731

8.0
    Splunk
  • Splunk
    Microsoft
Published: October 14, 2024

CVE-2024-43701

7.8
    UNKNOWN
Published: October 14, 2024

CVE-2024-48911

7.8
    Thinkst
  • Opencanary
Published: October 14, 2024

CVE-2024-7847

7.7
    Rockwell Automation products
Published: October 14, 2024

CVE-2024-9922

7.5
    Teamplus
  • Team\+ Pro
Published: October 14, 2024

CVE-2024-48796

7.5
    EQUES com.eques.plug
Published: October 14, 2024

CVE-2024-48797

7.5
    PCS Engineering Preston Cinema
Published: October 14, 2024

CVE-2024-48798

7.5
    Hubble Connected
Published: October 14, 2024

CVE-2024-48799

7.5
    com.lorexcorp.lorexping
Published: October 14, 2024

CVE-2024-47831

7.5
    Vercel
  • Next.Js
Published: October 14, 2024

CVE-2024-48789

7.5
    com.inatronic.drivedeck.home
Published: October 14, 2024

CVE-2024-48791

7.5
    Plug n Play Camera com.starvedia.mCamView.zwave
Published: October 14, 2024

CVE-2024-48792

7.5
    Hideez
Published: October 14, 2024

CVE-2024-48824

7.5
    SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7
Published: October 14, 2024

CVE-2024-6207

7.5
    Rockwellautomation
  • Controllogix 5580 Firmware
  • Controllogix 5580
  • Controllogix 5580 Process Firmware
  • Controllogix 5580 Process
  • Guardlogix 5580 Firmware
  • Guardlogix 5580
  • Compactlogix 5380 Firmware
  • Compactlogix 5380
  • Compact Guardlogix 5380 Sil 2 Firmware
  • Compact Guardlogix 5380 Sil 2
  • Compact Guardlogix 5380 Sil 3 Firmware
  • Compact Guardlogix 5380 Sil 3
  • Compactlogix 5480 Firmware
  • Compactlogix 5480
  • Factorytalk Logix Echo Firmware
  • Factorytalk Logix Echo
Published: October 14, 2024

CVE-2024-48249

7.3
    Wavelog
Published: October 14, 2024

CVE-2024-48259

7.3
    Cloudlog
Published: October 14, 2024

CVE-2024-9139

7.2
    UNKNOWN
Published: October 14, 2024

CVE-2024-35518

6.8
    Netgear
  • Ex6120 Firmware
  • Ex6120
Published: October 14, 2024

CVE-2024-35519

6.8
    Netgear
  • Ex3700 Firmware
  • Ex3700
  • Ex6100 Firmware
  • Ex6100
  • Ex6120 Firmware
  • Ex6120
Published: October 14, 2024

CVE-2024-35520

6.8
    Netgear
  • R7000 Firmware
  • R7000
Published: October 14, 2024

CVE-2024-41997

6.6
    Warp Terminal
Published: October 14, 2024

CVE-2024-9936

6.5
    Firefox
Published: October 14, 2024

CVE-2024-6762

6.5
    Eclipse
  • Jetty
Published: October 14, 2024

CVE-2024-8184

6.5
    Eclipse
  • Jetty
Published: October 14, 2024

CVE-2024-45732

6.5
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-45736

6.5
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-47826

6.1
    Elabftw
  • Elabftw
Published: October 14, 2024

CVE-2024-48821

6.1
    Automatic Systems Maintenance SlimLane
Published: October 14, 2024

CVE-2024-48793

5.9
    com.inatronic.bmw
Published: October 14, 2024

CVE-2024-47885

5.9
    Astro web framework
Published: October 14, 2024

CVE-2024-46988

5.7
    Enalean
  • Tuleap
Published: October 14, 2024

CVE-2024-48119

5.4
    Vtiger
  • Vtiger Crm
Published: October 14, 2024

CVE-2024-48120

5.4
    X2engine
  • X2crm
Published: October 14, 2024

CVE-2024-45740

5.4
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-45741

5.4
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-49214

5.3
    HAProxy
Published: October 14, 2024

CVE-2024-9823

5.3
    Jetty
Published: October 14, 2024

CVE-2024-6763

5.3
    Eclipse
  • Jetty
Published: October 14, 2024

CVE-2024-48790

5.3
    ILIFE com.ilife.home.global
Published: October 14, 2024

CVE-2024-48795

5.3
    Creative Labs Pte Ltd com.creative.apps.xficonnect
Published: October 14, 2024

CVE-2024-30117

5.3
    Hcltech
  • Bigfix Platform
Published: October 14, 2024

CVE-2024-9923

4.9
    Teamplus
  • Team\+ Pro
Published: October 14, 2024

CVE-2024-45738

4.9
    Splunk
  • Splunk
Published: October 14, 2024

CVE-2024-45739

4.9
    Splunk
  • Splunk
Published: October 14, 2024

CVE-2024-47766

4.9
    Enalean
  • Tuleap
Published: October 14, 2024

CVE-2024-9953

4.9
    Cert
  • Vince
Published: October 14, 2024

CVE-2024-46980

4.8
    Enalean
  • Tuleap
Published: October 14, 2024

CVE-2024-46911

4.7
    Apache Roller
Published: October 14, 2024

CVE-2024-45734

4.3
    Splunk
  • Splunk
Published: October 14, 2024

CVE-2024-45735

4.3
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-46528

4.3
    KubeSphere
Published: October 14, 2024

CVE-2024-47767

4.3
    Enalean
  • Tuleap
Published: October 14, 2024

CVE-2024-45737

3.5
    Splunk
  • Splunk
  • Splunk Cloud Platform
Published: October 14, 2024

CVE-2024-48909

2.4
    Authzed
  • Spicedb
Published: October 14, 2024

CVE-2024-38862

None
    Checkmk
Published: October 14, 2024

CVE-2024-38863

None
    Checkmk
Published: October 14, 2024

CVE-2024-8602

None
    Adobe Acrobat Reader DC
Published: October 14, 2024

CVE-2024-40616

None
    UNKNOWN
Published: October 14, 2024

CVE-2024-48261

None
    UNKNOWN
Published: October 14, 2024

CVE-2023-45817

None
    UNKNOWN
Published: October 14, 2024
Click here to see more Vulnerabilities