Tag: 2024-10-25

4 Attack Reports | 136 Vulnerabilities

Attack reports

Uncovering the Lounge Pass Scam Campaign: Targeted Android SMS Stealer Preying on Air Travellers

A sophisticated scam targeting air travelers in Indian airports has been uncovered, involving a malicious Android app called 'Lounge Pass'. The app, distributed through fake domains, intercepts and forwards SMS messages from victims' devices to cybercriminals, resulting in significant financial los…
phishing
android
financial fraud
2024-10-25
sms stealer
airport scam
travel security
lounge pass
lounge access
mobile security
Published: October 25, 2024
Downloadable IOCs: 0

The Good, the Bad and the Ugly in Cybersecurity - Week 43

CISA proposes new security measures to protect sensitive data from adversary nations, following President Biden's Executive Order. A free file recovery tool for early Mallox ransomware victims is released. A novel macOS ransomware, macOS.NotLockBit, is discovered abusing AWS S3 for data exfiltratio…
ransomware
zero-day
mallox
cisa
CVE-2024-47575
2024-10-25
fortinet
aws s3
macos.notlockbit
Published: October 25, 2024
Downloadable IOCs: 0

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagi…
infostealer
cryptocurrency
npm
dprk
beavertail
contagious interview
2024-10-25
invisibleferret
software supply chain
namesquatting
Published: October 25, 2024
Downloadable IOCs: 1

ValleyRAT Insights: Tactics, Techniques, and Detection Methods

ValleyRAT is a remote access Trojan targeting Chinese-speaking users through phishing campaigns. It employs multi-stage, multi-component tactics to evade detection and maintain persistence. The malware uses various techniques including process injection, registry manipulation, and UAC bypass. It at…
phishing
evasion
persistence
valleyrat
remote access trojan
2024-10-25
uac bypass
chinese-speaking targets
Published: October 25, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-10368

9.8
    Codezips
  • Sales Management System
Published: October 25, 2024

CVE-2024-10369

9.8
    Codezips
  • Sales Management System
Published: October 25, 2024

CVE-2024-10370

9.8
    Codezips
  • Sales Management System
Published: October 25, 2024

CVE-2024-10371

9.8
    Razormist
  • Payroll Management System
Published: October 25, 2024

CVE-2024-9488

9.8
    Gvectors
  • Wpdiscuz
Published: October 25, 2024

CVE-2024-47406

9.8
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-9302

9.8
    Appcheap
  • App Builder
Published: October 25, 2024

CVE-2024-10376

9.8
    Esafenet
  • Cdg
Published: October 25, 2024

CVE-2024-10377

9.8
    Esafenet
  • Cdg
Published: October 25, 2024

CVE-2024-10378

9.8
    Esafenet
  • Cdg
Published: October 25, 2024

CVE-2024-10381

9.8
    Matrixcomsec
  • Cosec Vega Faxq Firmware
  • Cosec Vega Faxq
Published: October 25, 2024

CVE-2024-48428

9.8
    Olivegroup
  • Olivevle
Published: October 25, 2024

CVE-2022-30355

9.8
    OvalEdge
Published: October 25, 2024

CVE-2024-48204

9.8
    Hanzhou Haobo network management system
Published: October 25, 2024

CVE-2024-48579

9.8
    Best House rental management system project in php
Published: October 25, 2024

CVE-2024-48580

9.8
    Best courier management system in php
Published: October 25, 2024

CVE-2024-48581

9.8
    Best courier management system in php
Published: October 25, 2024

CVE-2024-10386

9.8
    Rockwellautomation
  • Thinmanager
Published: October 25, 2024

CVE-2024-48237

9.8
    WTCMS
Published: October 25, 2024

CVE-2024-47821

9.1
    pyLoad
Published: October 25, 2024

CVE-2024-10351

8.8
    Tenda
  • Rx9 Pro Firmware
  • Rx9 Pro
Published: October 25, 2024

CVE-2024-9235

8.8
    Mapster
  • Mapster Wp Maps
Published: October 25, 2024

CVE-2024-9598

8.8
    AMP for WP – Accelerated Mobile Pages plugin for WordPress
Published: October 25, 2024

CVE-2024-47014

8.8
    UNKNOWN
Published: October 25, 2024

CVE-2024-49376

8.8
    Autolabproject
  • Autolab
Published: October 25, 2024

CVE-2022-30357

8.8
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2022-30358

8.8
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2024-48655

8.8
    Total.js CMS
Published: October 25, 2024

CVE-2024-37847

8.8
    Radixiot
  • Mango
  • Mangoapi
Published: October 25, 2024

CVE-2024-10011

8.1
    Buddypress
  • Buddypress
Published: October 25, 2024

CVE-2024-47005

8.1
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-47023

8.1
    Google
  • Android
Published: October 25, 2024

CVE-2024-47012

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47013

7.8
    UNKNOWN
Published: October 25, 2024

CVE-2024-47016

7.8
    UNKNOWN
Published: October 25, 2024

CVE-2024-47017

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47024

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47027

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47033

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47035

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-47041

7.8
    Google
  • Android
Published: October 25, 2024

CVE-2024-42420

7.5
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-43424

7.5
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-45829

7.5
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-45785

7.5
    Neumann
  • Musasi
Published: October 25, 2024

CVE-2024-44100

7.5
    Google
  • Android
  • Pixel
  • Pixel 2
  • Pixel 2 Xl
  • Pixel 3
  • Pixel 3 Xl
  • Pixel 3a
  • Pixel 3a Xl
  • Pixel 4
  • Pixel 4 Xl
  • Pixel 4a
  • Pixel 4a 5g
  • Pixel 5
  • Pixel 5a
  • Pixel 6
  • Pixel 6 Pro
  • Pixel 6a
  • Pixel 7
  • Pixel 7 Pro
  • Pixel 7a
  • Pixel 8
  • Pixel 8 Pro
  • Pixel 8a
  • Pixel 9
  • Pixel 9 Pro
  • Pixel 9 Pro Fold
  • Pixel C
  • Pixel Fold
  • Pixel Pro Xl
  • Pixel Slate
  • Pixel Tablet
  • Pixel Xl
Published: October 25, 2024

CVE-2024-44101

7.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47020

7.5
    Google
  • Android
  • Pixel
  • Pixel 2
  • Pixel 2 Xl
  • Pixel 3
  • Pixel 3 Xl
  • Pixel 3a
  • Pixel 3a Xl
  • Pixel 4
  • Pixel 4 Xl
  • Pixel 4a
  • Pixel 4a 5g
  • Pixel 5
  • Pixel 5a
  • Pixel 6
  • Pixel 6 Pro
  • Pixel 6a
  • Pixel 7
  • Pixel 7 Pro
  • Pixel 7a
  • Pixel 8
  • Pixel 8 Pro
  • Pixel 8a
  • Pixel 9
  • Pixel 9 Pro
  • Pixel 9 Pro Fold
  • Pixel C
  • Pixel Fold
  • Pixel Pro Xl
  • Pixel Slate
  • Pixel Tablet
  • Pixel Xl
Published: October 25, 2024

CVE-2024-47021

7.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47022

7.5
    Google
  • Android
  • Pixel
  • Pixel 2
  • Pixel 2 Xl
  • Pixel 3
  • Pixel 3 Xl
  • Pixel 3a
  • Pixel 3a Xl
  • Pixel 4
  • Pixel 4 Xl
  • Pixel 4a
  • Pixel 4a 5g
  • Pixel 5
  • Pixel 5a
  • Pixel 6
  • Pixel 6 Pro
  • Pixel 6a
  • Pixel 7
  • Pixel 7 Pro
  • Pixel 7a
  • Pixel 8
  • Pixel 8 Pro
  • Pixel 8a
  • Pixel 9
  • Pixel 9 Pro
  • Pixel 9 Pro Fold
  • Pixel C
  • Pixel Fold
  • Pixel Pro Xl
  • Pixel Slate
  • Pixel Tablet
  • Pixel Xl
Published: October 25, 2024

CVE-2024-10379

7.5
    Esafenet
  • Cdg
Published: October 25, 2024

CVE-2024-10380

7.5
    Mayurik
  • Petrol Pump Management
Published: October 25, 2024

CVE-2024-49381

7.5
    Plenti
  • Plenti
Published: October 25, 2024

CVE-2024-49757

7.5
    Zitadel
Published: October 25, 2024

CVE-2024-10387

7.5
    Rockwellautomation
  • Thinmanager
Published: October 25, 2024

CVE-2024-49767

7.5
    Palletsprojects
  • Quart
  • Werkzeug
Published: October 25, 2024

CVE-2024-44098

7.4
    UNKNOWN
Published: October 25, 2024

CVE-2024-47031

7.4
    UNKNOWN
Published: October 25, 2024

CVE-2024-48459

7.3
    AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda)
Published: October 25, 2024

CVE-2024-10353

7.2
    Oretnom23
  • Online Exam System
Published: October 25, 2024

CVE-2024-48700

7.2
    Kliqqi-CMS
Published: October 25, 2024

CVE-2024-37845

7.2
    Radixiot
  • Mango
Published: October 25, 2024

CVE-2024-48218

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48222

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48223

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48226

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48229

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48230

7.2
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-10341

6.5
    Tezzeract
  • League Of Legends Shortcodes
Published: October 25, 2024

CVE-2024-47481

6.5
    Dell
  • Data Lakehouse
Published: October 25, 2024

CVE-2024-48743

6.5
    Sentry
Published: October 25, 2024

CVE-2024-48450

6.5
    Huly Platform
Published: October 25, 2024

CVE-2024-48225

6.5
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48235

6.5
    ofcms
Published: October 25, 2024

CVE-2024-48236

6.5
    ofcms
Published: October 25, 2024

CVE-2024-10016

6.4
    File Upload Types by WPForms plugin for WordPress
Published: October 25, 2024

CVE-2024-10112

6.4
    Simple News plugin for WordPress
Published: October 25, 2024

CVE-2024-10343

6.4
    Beek Widget Extension plugin for WordPress
Published: October 25, 2024

CVE-2024-8666

6.4
    Shoutcast Icecast HTML5 Radio Player plugin for WordPress
Published: October 25, 2024

CVE-2022-30360

6.4
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2024-50583

6.3
    Whale browser Installer
Published: October 25, 2024

CVE-2024-9628

6.3
    WPS Telegram Chat plugin for WordPress
Published: October 25, 2024

CVE-2024-48343

6.3
    ESAFENET CDG
Published: October 25, 2024

CVE-2024-47549

6.1
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-47801

6.1
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-9607

6.1
    10web
  • 10web Social Post Feed
Published: October 25, 2024

CVE-2024-49378

6.1
    smartUp
Published: October 25, 2024

CVE-2024-48654

6.1
    Blood Bank
Published: October 25, 2024

CVE-2024-48448

6.1
    Huly Platform
Published: October 25, 2024

CVE-2024-48396

6.1
    AIML Chatbot
Published: October 25, 2024

CVE-2024-48228

6.1
    funadmin
Published: October 25, 2024

CVE-2024-49753

5.9
    Zitadel
Published: October 25, 2024

CVE-2024-8036

5.9
    ABB
Published: October 25, 2024

CVE-2024-44099

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47015

5.5
    UNKNOWN
Published: October 25, 2024

CVE-2024-47018

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47019

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47025

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47026

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47029

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47034

5.5
    Google
  • Android
Published: October 25, 2024

CVE-2024-47483

5.5
    Dell
  • Data Lakehouse
Published: October 25, 2024

CVE-2024-10148

5.4
    Sohelwpexpert
  • Awesome Buttons
Published: October 25, 2024

CVE-2024-10150

5.4
    Bamazoo
  • Button Generator
Published: October 25, 2024

CVE-2024-10342

5.4
    Tezzeract
  • League Of Legends Shortcodes
Published: October 25, 2024

CVE-2024-47158

5.4
    Neumann
  • N-Line
Published: October 25, 2024

CVE-2024-9630

5.4
    WPS Telegram Chat plugin for WordPress
Published: October 25, 2024

CVE-2024-10374

5.4
    Butlerblog
  • Wp-Members
Published: October 25, 2024

CVE-2024-9584

5.4
    Webcraftplugins
  • Image Map Pro
Published: October 25, 2024

CVE-2024-9585

5.4
    Webcraftplugins
  • Image Map Pro
Published: October 25, 2024

CVE-2024-37844

5.4
    Radixiot
  • Mango
Published: October 25, 2024

CVE-2024-9686

5.3
    Choplugins
  • Order Notification For Telegram
Published: October 25, 2024

CVE-2024-45842

5.3
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2023-26248

5.3
    IPFS
    go-libp2p-kad-dht
Published: October 25, 2024

CVE-2022-30361

5.3
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2024-47030

5.1
    UNKNOWN
Published: October 25, 2024

CVE-2024-10354

4.9
    Mayurik
  • Petrol Pump Management
Published: October 25, 2024

CVE-2024-10355

4.9
    Mayurik
  • Petrol Pump Management
Published: October 25, 2024

CVE-2024-48224

4.9
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48227

4.9
    Funadmin
  • Funadmin
Published: October 25, 2024

CVE-2024-48232

4.9
    mipjz
Published: October 25, 2024

CVE-2024-48234

4.9
    mipjz
Published: October 25, 2024

CVE-2024-48870

4.8
    Toshibatec
  • E-Studio1058 Firmware
  • E-Studio1058
  • E-Studio1208 Firmware
  • E-Studio1208
  • E-Studio908 Firmware
  • E-Studio908
    Sharp
Published: October 25, 2024

CVE-2024-48233

4.8
    mipjz
Published: October 25, 2024

CVE-2024-48239

4.8
    WTCMS
Published: October 25, 2024

CVE-2022-30356

4.7
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2024-48238

4.7
    WTCMS
Published: October 25, 2024

CVE-2024-37846

4.6
    Radixiot
  • Mango
Published: October 25, 2024

CVE-2024-47028

4.4
    Google
  • Android
Published: October 25, 2024

CVE-2024-9109

4.3
    Octolize
  • Woocommerce Ups Shipping
Published: October 25, 2024

CVE-2022-30359

4.3
    Ovaledge
  • Ovaledge
Published: October 25, 2024

CVE-2024-10372

3.6
    Chidiwilliams
  • Buzz
Published: October 25, 2024

CVE-2024-9991

None
    Philips lighting devices
Published: October 25, 2024

CVE-2024-49380

None
    Plenti
Published: October 25, 2024

CVE-2022-30354

None
    OvalEdge
Published: October 25, 2024

CVE-2024-49766

None
    Werkzeug
Published: October 25, 2024
Click here to see more Vulnerabilities