Tag: 2024-10-30

6 Attack Reports | 96 Vulnerabilities

Attack reports

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Z…
backdoor
phishing
russia
campaign
rdp
2024-10-30
remote desktop
apt29
midnight blizzard
unc2452
cozy bear
hustlecon
Published: October 30, 2024
Downloadable IOCs: 281

Strela Stealer Targets Europe Stealthily Via WebDav

Strela Stealer, first identified by DCSO in late 2022, is a type of information-stealing malware primarily designed to exfiltrate email account credentials from widely used email clients, including Microsoft Outlook and Mozilla Thunderbird. This malware initially targeted Spanish-speaking users thr…
phishing
powershell
infostealer
dll file
webdav
2024-10-30
javascript code
zip file
webdav server
strela
Published: October 30, 2024
Downloadable IOCs: 103

Play Ransomware Engagement

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group, as a key player in a recent ransomware incident. The group appears to be collaborating with the Play ransomware group, marking a shift in their tactics. This is the first observed instance of Jumpy Pisces using existi…
north korea
sliver
mimikatz
dtrack
2024-10-30
play
reconnaissance general bureau
initial access broker
korean people's army
fiddling scorpius
play ransomware
Published: October 30, 2024
Downloadable IOCs: 0

Writing a BugSleep C2 server and detecting its traffic with Snort

This analysis focuses on the BugSleep implant, also known as MuddyRot, a remote access tool that provides reverse shell and file I/O capabilities. The article details the process of reverse engineering BugSleep's protocol, creating a functional C2 server, and developing Snort rules for traffic dete…
rat
bugsleep
2024-10-30
reverse engineering
muddyrot
python server
c2 protocol
snort detection
Published: October 30, 2024
Downloadable IOCs: 0

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified

Researchers discovered a potential North Korean phishing campaign targeting Naver, a major South Korean tech platform. The investigation revealed an exposed directory containing phishing pages designed to steal Naver user credentials. Separately, an infrastructure cluster was identified using domai…
phishing
apple
credential theft
dprk
infrastructure analysis
domain spoofing
2024-10-30
naver
tls certificates
Published: October 30, 2024
Downloadable IOCs: 0

More Than Just a Corporate Wiki? How Threat Actors are Exploiting Confluence

Threat actors are increasingly using legitimate third-party business software to evade detection and maintain deception. Atlassian's Confluence is being exploited to host malicious content, leveraging its trusted domain status. The attack involves an email with an Excel attachment containing a Docu…
phishing
social engineering
credential theft
microsoft
domain abuse
2024-10-30
atlassian
docusign
confluence
Published: October 30, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-50510

10.0
    AR For Woocommerce
Published: October 30, 2024

CVE-2024-50511

9.9
    WP donimedia carousel
Published: October 30, 2024

CVE-2024-33699

9.9
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-50503

9.8
    Deryck Oñate User Toolkit
Published: October 30, 2024

CVE-2024-50507

9.8
    DS.DownloadList
Published: October 30, 2024

CVE-2024-31151

9.8
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-51298

9.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-10456

9.8
    Delta Electronics InfraSuite Device Master
Published: October 30, 2024

CVE-2024-48202

9.8
    icecms
Published: October 30, 2024

CVE-2024-48112

9.8
    Thinkphp
Published: October 30, 2024

CVE-2024-51424

9.8
    Ethereum
Published: October 30, 2024

CVE-2024-51427

9.8
    Ethereum
Published: October 30, 2024

CVE-2024-8512

9.1
    W3SPEEDSTER plugin for WordPress
Published: October 30, 2024

CVE-2024-10525

9.1
    Eclipse Mosquitto
Published: October 30, 2024

CVE-2024-23309

9.0
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-50504

8.8
    Bulk Change Role
Published: October 30, 2024

CVE-2024-50506

8.8
    Azexo Marketing Automation by AZEXO
Published: October 30, 2024

CVE-2024-51304

8.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-24777

8.8
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-51257

8.8
    DrayTek Vigor3900
Published: October 30, 2024

CVE-2024-51296

8.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-51299

8.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-51300

8.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-51301

8.8
    Draytek Vigor3900
Published: October 30, 2024

CVE-2024-51258

8.8
    DrayTek Vigor3900
Published: October 30, 2024

CVE-2024-36060

8.8
    EnGenius EnStation5-AC A8J-ENS500AC
Published: October 30, 2024

CVE-2024-48271

8.8
    D-Link DSL6740C v6.TR069.20211230
Published: October 30, 2024

CVE-2024-48733

8.8
    SAS Studio
Published: October 30, 2024

CVE-2024-48734

8.8
    SAS Studio
Published: October 30, 2024

CVE-2024-51425

8.8
    Ethereum
Published: October 30, 2024

CVE-2024-51426

8.8
    Ethereum
Published: October 30, 2024

CVE-2024-50509

8.6
    Woocommerce Product Design
Published: October 30, 2024

CVE-2024-37573

8.4
    Talkatone for Android
Published: October 30, 2024

CVE-2024-48214

8.4
    KERUI HD 3MP 1080P Tuya Camera
Published: October 30, 2024

CVE-2024-10006

8.3
    Hashicorp
  • Consul
Published: October 30, 2024

CVE-2024-28875

8.1
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-42041

8.1
    com.videodownload.browser.videodownloader
Published: October 30, 2024

CVE-2024-48646

8.1
    Sage 1000
Published: October 30, 2024

CVE-2024-10005

8.1
    Hashicorp
  • Consul
Published: October 30, 2024

CVE-2024-48093

8.0
    Operately
Published: October 30, 2024

CVE-2024-9632

7.8
    X.org server
Published: October 30, 2024

CVE-2024-9419

7.8
    HP Smart Universal Printing Driver
Published: October 30, 2024

CVE-2024-48735

7.7
    SAS Studio
Published: October 30, 2024

CVE-2024-50508

7.5
    Woocommerce Product Design
Published: October 30, 2024

CVE-2024-3935

7.5
    Eclipse Mosquito
Published: October 30, 2024

CVE-2024-33700

7.5
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-10507

7.3
    Codezips
  • Free Exam Hall Seating Management System
Published: October 30, 2024

CVE-2024-10509

7.3
    Codezips
  • Online Institute Management System
Published: October 30, 2024

CVE-2024-9846

7.3
    Aftabhusain
  • Enable Shortcodes Inside Widgets\,Comments And Experts
Published: October 30, 2024

CVE-2024-10108

7.2
    WPAdverts – Classifieds Plugin plugin for WordPress
Published: October 30, 2024

CVE-2024-48647

7.2
    Sage 1000
Published: October 30, 2024

CVE-2023-52066

7.2
    http.zig
Published: October 30, 2024

CVE-2024-51243

7.2
    eladmin
Published: October 30, 2024

CVE-2024-48272

6.5
    D-Link DSL6740C
Published: October 30, 2024

CVE-2024-51242

6.5
    eladmin
Published: October 30, 2024

CVE-2024-9884

6.4
    T(-) Countdown plugin for WordPress
Published: October 30, 2024

CVE-2024-9885

6.4
    Widget or Sidebar Shortcode plugin for WordPress
Published: October 30, 2024

CVE-2024-9886

6.4
    WP Baidu Map plugin for WordPress
Published: October 30, 2024

CVE-2024-10223

6.4
    WP Team – WordPress Team Member Plugin
Published: October 30, 2024

CVE-2024-9388

6.4
    Black Widgets For Elementor plugin for WordPress
Published: October 30, 2024

CVE-2024-9110

6.4
    Privileged Identity
Published: October 30, 2024

CVE-2024-10500

6.3
    Esafenet
  • Cdg
Published: October 30, 2024

CVE-2024-10501

6.3
    Esafenet
  • Cdg
Published: October 30, 2024

CVE-2024-10502

6.3
    Esafenet
  • Cdg
Published: October 30, 2024

CVE-2024-10505

6.3
    Wuzhicms
  • Wuzhicms
Published: October 30, 2024

CVE-2024-10506

6.3
    Fabianros
  • Blood Bank Management System
Published: October 30, 2024

CVE-2024-46531

6.3
    phpgurukul Vehicle Record Management System
Published: October 30, 2024

CVE-2024-10546

6.3
    open-scratch Teaching 在线教学平台
Published: October 30, 2024

CVE-2024-10503

6.1
    Klokantech
  • Maptiler Tileserver Gl
Published: October 30, 2024

CVE-2024-8792

6.1
    Markjaquith
  • Subscribe To Comments
Published: October 30, 2024

CVE-2024-8871

6.1
    Pricing Tables WordPress Plugin – Easy Pricing Tables
Published: October 30, 2024

CVE-2024-48648

6.1
    Sage 1000
Published: October 30, 2024

CVE-2024-48346

6.1
    xtreme1
Published: October 30, 2024

CVE-2024-51419

6.1
    Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition
Published: October 30, 2024

CVE-2024-10086

6.1
    Hashicorp
  • Consul
Published: October 30, 2024

CVE-2024-32946

5.9
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-43382

5.9
    Snowflake JDBC driver
Published: October 30, 2024

CVE-2024-48241

5.5
    radare2
Published: October 30, 2024

CVE-2024-8627

5.4
    Joshlobe
  • Ultimate Tinymce
Published: October 30, 2024

CVE-2024-8444

5.4
    Download Manager WordPress plugin
Published: October 30, 2024

CVE-2024-50419

5.4
    Greenshift - animation and page builder blocks
Published: October 30, 2024

CVE-2024-48569

5.4
    Proactive Risk Manager
Published: October 30, 2024

CVE-2024-48807

5.4
    PHPGurukul Doctor Appointment Management System
Published: October 30, 2024

CVE-2024-50512

5.3
    Posti Shipping
Published: October 30, 2024

CVE-2024-28052

5.3
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-31152

5.3
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-33603

5.3
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-33626

5.3
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024

CVE-2024-50353

5.3
    Iowacomputergurus
  • Aspnetcore.Utilities.Cloudstorage
Published: October 30, 2024

CVE-2024-31973

5.2
    Hitron CODA-4582
Published: October 30, 2024

CVE-2023-5816

4.9
    Bowo
  • Code Explorer
Published: October 30, 2024

CVE-2024-31975

4.8
    EnGenius ESR580
Published: October 30, 2024

CVE-2024-50344

4.6
    I, Librarian
Published: October 30, 2024

CVE-2024-10399

4.3
    Download Monitor plugin for WordPress
Published: October 30, 2024

CVE-2024-31972

4.3
    EnGenius ESR580 A8J-EMR5000
Published: October 30, 2024

CVE-2024-33623

3.7
    Level1
  • Wbr-6012 Firmware
  • Wbr-6012
Published: October 30, 2024
Click here to see more Vulnerabilities