Tag: 2024-10-31

7 Attack Reports | 69 Vulnerabilities

Attack reports

SmokeBuster Tool

ThreatLabz has developed SmokeBuster, a tool to detect, analyze, and remove SmokeLoader malware from infected systems. Despite Operation Endgame's disruption in May 2024, SmokeLoader continues to be used by threat groups. SmokeBuster supports various SmokeLoader versions and Windows systems, offeri…
windows
smokeloader
operation endgame
malware analysis
2024-10-31
thread manipulation
system performance
memory injection
dofoil
smokebuster
Published: October 31, 2024
Downloadable IOCs: 0

Threat actors use copyright infringement phishing lure to deploy infostealers

An unknown threat actor is conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The campaign uses emails impersonating legal departments, claiming copyright infringement to lure victims into downloading malware. The attackers abuse Google's Appspot dom…
obfuscation
phishing
evasion
lummac2
rhadamanthys
infostealer
taiwan
2024-10-31
facebook
copyright
Published: October 31, 2024
Downloadable IOCs: 0

Threat Intelligence Alert: Phish 'n' Ships Fakes Online Shops to Steal Money and Credit Card Information

A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and res…
phishing
seo poisoning
2024-10-31
chinese threat actors
credit card theft
fake web stores
payment processor abuse
search engine manipulation
e-commerce fraud
Published: October 31, 2024
Downloadable IOCs: 22

Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Sophos unveils a five-year investigation tracking China-based threat actors targeting perimeter devices, particularly Sophos firewalls. The report details multiple attack campaigns, including Asnarök, Bookmark Buffer Overflow, and Covert Channels, which exploited zero-day vulnerabilities to gain ac…
sliver
gh0st rat
backdoors
critical infrastructure
2024-10-31
rootkits
CVE-2020-29574
onderon
CVE-2020-15069
CVE-2022-1040
government agencies
perimeter devices
CVE-2020-12271
cloud snooper
libsophos.so
china-based threat actors
CVE-2022-3236
asnarök
zero-day vulnerabilities
asia-pacific targets
CVE-2022-1292
Published: October 31, 2024
Downloadable IOCs: 0

Russian Hackers Attacking Ukraine Military With Malware Via Telegram

Russian hackers, identified as UNC5812, are targeting the Ukrainian military through a sophisticated cyber operation. The attackers use a deceptive Telegram channel and website posing as a civil defense service to distribute malware for both Windows and Android devices. The Windows attack deploys P…
malware
social engineering
android
windows
russia
ukraine
information theft
telegram
cyber-espionage
pronsis loader
sunspinner
craxsrat
purestealer
2024-10-31
Published: October 31, 2024
Downloadable IOCs: 7

Rat King: How the Android Trojan CraxsRAT Steals User Data

CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK fi…
espionage
social engineering
android
data theft
trojan
financial fraud
remote access
craxsrat
2024-10-31
Published: October 31, 2024
Downloadable IOCs: 0

LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The g…
ransomware
malvertising
seo poisoning
icedid
latrodectus
2024-10-31
brute ratel c4
financial sector
infrastructure sharing
Published: October 31, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-51478

9.9
    YesWiki
Published: October 31, 2024

CVE-2024-51482

9.9
    ZoneMinder
Published: October 31, 2024

CVE-2024-42515

9.9
    Glossarizer
Published: October 31, 2024

CVE-2024-48307

9.8
    JeecgBoot
Published: October 31, 2024

CVE-2024-10392

9.8
    AI Power: Complete AI Pack plugin for WordPress
Published: October 31, 2024

CVE-2024-42835

9.8
    langflow
Published: October 31, 2024

CVE-2024-51259

9.8
    DrayTek Vigor3900
Published: October 31, 2024

CVE-2024-51255

9.8
    DrayTek Vigor3900
Published: October 31, 2024

CVE-2024-51260

9.8
    DrayTek Vigor3900
Published: October 31, 2024

CVE-2023-52044

9.8
    Studio-42 eLfinder
Published: October 31, 2024

CVE-2024-39332

9.8
    Webswing
Published: October 31, 2024

CVE-2024-51064

9.8
    Phpgurukul Teachers Record Management System
Published: October 31, 2024

CVE-2024-51065

9.8
    Phpgurukul Beauty Parlour Management System
Published: October 31, 2024

CVE-2024-48359

9.8
    Qualitor
Published: October 31, 2024

CVE-2024-43984

9.6
    Podlove Podcast Publisher
Published: October 31, 2024

CVE-2024-49674

9.6
    EKC Tournament Manager
Published: October 31, 2024

CVE-2024-48910

9.1
    DOMPurify
Published: October 31, 2024

CVE-2024-51060

9.1
    Projectworlds Online Admission System
Published: October 31, 2024

CVE-2024-51063

9.1
    Phpgurukul Teachers Record Management System
Published: October 31, 2024

CVE-2024-48311

8.8
    Piwigo
Published: October 31, 2024

CVE-2024-21537

8.8
    lilconfig
Published: October 31, 2024

CVE-2024-51254

8.8
    DrayTek Vigor3900
Published: October 31, 2024

CVE-2024-48200

8.4
    MobaXterm
Published: October 31, 2024

CVE-2024-39720

8.2
    Ollama
Published: October 31, 2024

CVE-2024-43383

8.0
    Apache Lucene.Net Replicator
Published: October 31, 2024

CVE-2024-8185

7.5
    Vault Community
    Vault Enterprise
Published: October 31, 2024

CVE-2024-51066

7.5
    Beauty Parlour Management System
Published: October 31, 2024

CVE-2024-39719

7.5
    Ollama
Published: October 31, 2024

CVE-2024-39721

7.5
    Ollama
Published: October 31, 2024

CVE-2024-39722

7.5
    Ollama
Published: October 31, 2024

CVE-2024-48360

7.5
    Qualitor
Published: October 31, 2024

CVE-2024-10556

7.3
    Codezips
  • Pet Shop Management System
Published: October 31, 2024

CVE-2024-10561

7.3
    Codezips
  • Pet Shop Management System
Published: October 31, 2024

CVE-2024-10600

7.3
    Tongda2000
  • Office Anywhere
Published: October 31, 2024

CVE-2024-10573

6.7
    mpg123
Published: October 31, 2024

CVE-2024-8934

6.5
    TwinCAT Package Manager
Published: October 31, 2024

CVE-2024-6479

6.5
    SIP Reviews Shortcode for WooCommerce plugin for WordPress
Published: October 31, 2024

CVE-2024-9708

6.4
    Delowerhossain
  • Easy Svg Upload
Published: October 31, 2024

CVE-2024-9165

6.4
    WooCommerce Gift Cards plugin for WordPress
Published: October 31, 2024

CVE-2024-9446

6.4
    WP Simple Anchors Links plugin for WordPress
Published: October 31, 2024

CVE-2024-51430

6.4
    online diagnostic lab management system using php
Published: October 31, 2024

CVE-2024-6480

6.4
    SIP Reviews Shortcode for WooCommerce plugin for WordPress
Published: October 31, 2024

CVE-2024-8553

6.3
    Foreman
Published: October 31, 2024

CVE-2024-10594

6.3
    Esafenet
  • Cdg
Published: October 31, 2024

CVE-2024-10595

6.3
    Esafenet
  • Cdg
Published: October 31, 2024

CVE-2024-10596

6.3
    Esafenet
  • Cdg
Published: October 31, 2024

CVE-2024-10597

6.3
    Esafenet
  • Cdg
Published: October 31, 2024

CVE-2024-10601

6.3
    Tongda2000
  • Office Anywhere
Published: October 31, 2024

CVE-2024-9434

6.1
    WPGlobus Translate Options plugin for WordPress
Published: October 31, 2024

CVE-2024-10454

6.1
    Clibo Manager
Published: October 31, 2024

CVE-2023-52045

6.1
    Studio-42 eLfinder
Published: October 31, 2024

CVE-2024-50801

6.0
    AbanteCart
Published: October 31, 2024

CVE-2024-50802

6.0
    AbanteCart
Published: October 31, 2024

CVE-2024-50354

5.5
    gnark
Published: October 31, 2024

CVE-2024-49685

5.4
    Custom Twitter Feeds (Tweets Widget)
Published: October 31, 2024

CVE-2024-10544

5.3
    Woo Manage Fraud Orders plugin for WordPress
Published: October 31, 2024

CVE-2024-10559

5.3
    Razormist
  • Airport Booking Management System
Published: October 31, 2024

CVE-2024-9700

5.3
    Wpmudev
  • Forminator Forms
Published: October 31, 2024

CVE-2024-9430

5.3
    Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress
Published: October 31, 2024

CVE-2024-10598

5.3
    Tongda2000
  • Office Anywhere
Published: October 31, 2024

CVE-2024-10599

5.3
    Tongda2000
  • Office Anywhere
Published: October 31, 2024

CVE-2024-30149

4.8
    HCL AppScan Source
Published: October 31, 2024

CVE-2024-10557

4.3
    Fabianros
  • Blood Bank Management System
Published: October 31, 2024

CVE-2024-43930

4.3
    eyecix JobSearch
Published: October 31, 2024

CVE-2024-43933

4.3
    WPMobile.App
Published: October 31, 2024

CVE-2024-7883

3.7
    Arm Cortex-M Security Extensions (CMSE) compiler
Published: October 31, 2024

CVE-2024-50356

0.0
    Frappe Cloud
Published: October 31, 2024

CVE-2024-51481

None
    Nix package manager
Published: October 31, 2024

CVE-2024-50347

None
    Laravel Reverb
Published: October 31, 2024
Click here to see more Vulnerabilities