Tag: 2024-11-06

8 Attack Reports | 95 Vulnerabilities

Attack reports

CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits

A large-scale phishing campaign deploying the latest version of Rhadamanthys stealer (0.7) has been discovered. The campaign, dubbed CopyRh(ight)adamantys, uses copyright infringement claims to target various regions globally. It impersonates numerous companies, mainly from Entertainment/Media and …
phishing
rhadamanthys
stealer
copyright
2024-11-06
ocr
Published: November 6, 2024
Downloadable IOCs: 0

RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit

RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in o…
xmrig
cryptocurrency mining
remote access trojan
2024-11-06
runningrat
Published: November 6, 2024
Downloadable IOCs: 11

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, ca…
gh0st rat
cryptocurrency wallets
multi-stage infection
2024-11-06
command-and-control
winos 4.0
optimization apps
Published: November 6, 2024
Downloadable IOCs: 2

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip fi…
powershell
seo poisoning
javascript
gootloader
scheduled task
initial access
2024-11-06
gootkit
Published: November 6, 2024
Downloadable IOCs: 14

New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas

The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation …
shellcode
dll side-loading
spear-phishing
2024-11-06
rust trojan
governmental targets
tromas
mst files
apt-q-31
msi abuse
Published: November 6, 2024
Downloadable IOCs: 0

ToxicPanda: a new banking trojan from Asia hit Europe and LATAM

A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and…
android
banking trojan
aes encryption
c2 infrastructure
chinese threat actors
2024-11-06
tgtoxic
latin america
on-device fraud
toxicpanda
accessibility abuse
europe
Published: November 6, 2024
Downloadable IOCs: 19

Analysis of Cyber Reconnaissance Activities Behind APT37 Threats

The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various t…
north korea
rokrat
cyber espionage
reconnaissance
spear-phishing
lnk files
2024-11-06
web beacons
Published: November 6, 2024
Linked vulnerabilities : CVE-2022-41128
Downloadable IOCs: 20

North Korean remote workers landing jobs in the West

North Korean threat actors are utilizing Contagious Interview and WageMole campaigns to secure remote employment in Western countries, evading financial sanctions. The Contagious Interview campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devi…
social engineering
cryptocurrency
data theft
beavertail
contagious interview
invisibleferret
2024-11-06
wagemole
sanctions evasion
remote work
job fraud
Published: November 6, 2024
Downloadable IOCs: 56
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-8615

10.0
    Eyecix
  • Jobsearch Wp Job Board
Published: November 6, 2024

CVE-2024-10081

10.0
    CodeChecker
  • Version(s): through 6.24.1
Published: November 6, 2024

CVE-2024-20418

10.0
    Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points
Published: November 6, 2024

CVE-2024-9307

9.9
    Themelooks
  • Mfolio
Published: November 6, 2024

CVE-2024-8614

9.9
    Eyecix
  • Jobsearch Wp Job Board
Published: November 6, 2024

CVE-2024-10826

8.8
    Google Chrome
  • Version(s): before 130.0.6723.116
Published: November 6, 2024

CVE-2024-10827

8.8
    Google Chrome
  • Version(s): prior to 130.0.6723.116
Published: November 6, 2024

CVE-2024-20536

8.8
    Cisco Nexus Dashboard Fabric Controller (NDFC)
Published: November 6, 2024

CVE-2024-10082

8.7
    CodeChecker
  • Version(s): through 6.24.1
Published: November 6, 2024

CVE-2024-10020

8.1
    Heateor
  • Social Login
Published: November 6, 2024

CVE-2024-9946

8.1
    Heateor
  • Super Socializer
Published: November 6, 2024

CVE-2024-10914

8.1
    Dlink
  • Dns-320 Firmware
  • Dns-320
  • Dns-320lw Firmware
  • Dns-320lw
  • Dns-325 Firmware
  • Dns-325
  • Dns-340l Firmware
  • Dns-340l
Published: November 6, 2024

CVE-2024-10915

8.1
    Dlink
  • Dns-320 Firmware
  • Dns-320
  • Dns-320lw Firmware
  • Dns-320lw
  • Dns-325 Firmware
  • Dns-325
  • Dns-340l Firmware
  • Dns-340l
Published: November 6, 2024

CVE-2024-48325

8.1
    Portabilis i-Educar
  • Version(s): 2.8.0
Published: November 6, 2024

CVE-2020-11859

7.6
    Microfocus
  • Imanager
Published: November 6, 2024

CVE-2024-10028

7.5
    Everestthemes
  • Everest Backup
Published: November 6, 2024

CVE-2024-6861

7.5
    Foreman
Published: November 6, 2024

CVE-2024-20484

7.5
    Cisco Enterprise Chat and Email (ECE)
Published: November 6, 2024

CVE-2024-50340

7.3
    Symfony PHP Framework
  • Version(s): 5.4.46, 6.4.14, 7.1.7
Published: November 6, 2024

CVE-2024-49406

6.7
    Samsung
  • Blockchain Keystore
Published: November 6, 2024

CVE-2024-34681

6.6
    Galaxy Watch
  • Version(s): prior to SMR Nov-2024 Release 1
Published: November 6, 2024

CVE-2024-9681

6.5
    Haxx
  • Curl
Published: November 6, 2024

CVE-2024-20457

6.5
    Cisco Unified Communications Manager IM & Presence Service
Published: November 6, 2024

CVE-2024-20537

6.5
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-51751

6.5
    Gradio
  • Version(s): 5.5.0
Published: November 6, 2024

CVE-2024-51988

6.5
    RabbitMQ
  • Version(s): 3.12.11
    Tanzu
  • Version(s): 1.5.2, 3.13.0, 4.0.0
Published: November 6, 2024

CVE-2024-51409

6.5
    Tenda O3
  • Version(s): 1.0.0.5
Published: November 6, 2024

CVE-2024-49408

6.4
    Samsung
  • Galaxy S24 Firmware
  • Galaxy S24
Published: November 6, 2024

CVE-2024-49409

6.4
    Samsung
  • Galaxy S24 Firmware
  • Galaxy S24
Published: November 6, 2024

CVE-2024-10715

6.4
    Mappresspro
  • Mappress
Published: November 6, 2024

CVE-2024-10168

6.4
    Pluginus
  • Woot
Published: November 6, 2024

CVE-2024-8323

6.4
    Fatcatapps
  • Easy Pricing Tables
Published: November 6, 2024

CVE-2024-10186

6.4
    Avecnous
  • Event Post
Published: November 6, 2024

CVE-2024-9902

6.3
    Ansible
Published: November 6, 2024

CVE-2024-10919

6.3
    Didi
  • Super-Jacoco
Published: November 6, 2024

CVE-2024-10647

6.1
    Westguardsolutions
  • Ws Form
Published: November 6, 2024

CVE-2024-9934

6.1
    Wp-ImageZoom WordPress plugin
  • Version(s): through 1.1.0
Published: November 6, 2024

CVE-2024-20511

6.1
    Cisco Unified Communications Manager
    Cisco Unified Communications Manager Session Management Edition
Published: November 6, 2024

CVE-2024-20525

6.1
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-20530

6.1
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-20538

6.1
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-34678

5.9
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-49404

5.5
    Samsung
  • Video Player
  • Android
Published: November 6, 2024

CVE-2024-20527

5.5
    Cisco ISE
Published: November 6, 2024

CVE-2024-20529

5.5
    Cisco ISE
Published: November 6, 2024

CVE-2024-20531

5.5
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-20532

5.5
    Cisco ISE
Published: November 6, 2024

CVE-2024-35146

5.4
    IBM Maximo Application Suite - Monitor Component
  • Version(s): 8.10.11, 8.11.8, 9.0.0
Published: November 6, 2024

CVE-2024-10318

5.4
    F5
  • Nginx Api Connectivity Manager
  • Nginx Ingress Controller
  • Nginx Instance Manager
  • Nginx Openid Connect
Published: November 6, 2024

CVE-2024-20504

5.4
    Cisco Secure Email and Web Manager
    Secure Email Gateway
    Secure Web Appliance
Published: November 6, 2024

CVE-2024-20514

5.4
    Cisco Evolved Programmable Network Manager (EPNM)
    Cisco Prime Infrastructure
Published: November 6, 2024

CVE-2024-20540

5.4
    Cisco Unified Contact Center Management Portal
Published: November 6, 2024

CVE-2024-50637

5.4
    UnoPim
  • Version(s): 0.1.3 and below
Published: November 6, 2024

CVE-2024-49405

5.3
    Samsung
  • Pass
Published: November 6, 2024

CVE-2024-10535

5.3
    Martinvalchev
  • Video Gallery For Woocommerce
Published: November 6, 2024

CVE-2024-6626

5.3
    Theinnovs
  • Eleforms
Published: November 6, 2024

CVE-2024-52043

5.3
    Humhub
  • Humhub
Published: November 6, 2024

CVE-2024-10916

5.3
    Dlink
  • Dns-320 Firmware
  • Dns-320
  • Dns-320lw Firmware
  • Dns-320lw
  • Dns-325 Firmware
  • Dns-325
  • Dns-340l Firmware
  • Dns-340l
Published: November 6, 2024

CVE-2024-20371

5.3
    Cisco Nexus 3550-F Switches
Published: November 6, 2024

CVE-2024-20445

5.3
    Cisco Desk Phone 9800 Series
    Cisco IP Phone 7800 and 8800 Series
    Cisco Video Phone 8875
Published: November 6, 2024

CVE-2024-49401

5.1
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-7879

4.8
    WP ULike WordPress plugin
  • Version(s): before 4.7.5
Published: November 6, 2024

CVE-2024-20533

4.8
    Cisco Desk Phone 9800 Series
    Cisco Video Phone 8875
    Cisco IP Phone 6800 Series
    Cisco IP Phone 7800 Series
    Cisco IP Phone 8800 Series
Published: November 6, 2024

CVE-2024-20534

4.8
    Cisco Desk Phone 9800 Series
    Cisco IP Phone 6800, 7800, and 8800 Series
    Cisco Video Phone 8875 with Cisco Multiplatform Firmware
Published: November 6, 2024

CVE-2024-20539

4.8
    Cisco
  • Identity Services Engine
Published: November 6, 2024

CVE-2024-34674

4.6
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-49402

4.6
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-49403

4.6
    Samsung
  • Voice Recorder
Published: November 6, 2024

CVE-2024-49407

4.6
    Samsung
  • Flow
Published: November 6, 2024

CVE-2024-34676

4.4
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-10543

4.3
    Tumult
  • Tumult Hype Animations
Published: November 6, 2024

CVE-2024-20476

4.3
    Cisco ISE
Published: November 6, 2024

CVE-2024-20487

4.3
    Cisco ISE
Published: November 6, 2024

CVE-2024-20507

4.3
    Cisco Meeting Management
Published: November 6, 2024

CVE-2024-34673

4.1
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-34677

4.0
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-34679

4.0
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-34680

4.0
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-20528

3.8
    Cisco ISE
Published: November 6, 2024

CVE-2024-10926

3.5
    IBPhoenix ibWebAdmin
  • Version(s): up to 1.0.2
Published: November 6, 2024

CVE-2024-10927

3.5
    Monocms
  • Monocms
Published: November 6, 2024

CVE-2024-10928

3.5
    Monocms
  • Monocms
Published: November 6, 2024

CVE-2024-10920

3.1
    Mariazevedo88
  • Travels-Java-Api
Published: November 6, 2024

CVE-2024-50341

3.1
    symfony/security-bundle
  • Version(s): 6.4.10, 7.0.10, 7.1.3
Published: November 6, 2024

CVE-2024-50342

3.1
    Symfony PHP framework
  • Version(s): 5.4.46, 6.4.14, 7.1.7
Published: November 6, 2024

CVE-2024-50343

3.1
    Symfony
  • Version(s): 5.4.43, 6.4.11, 7.1.4
Published: November 6, 2024

CVE-2024-50345

3.1
    Symfony PHP framework
  • Version(s): 5.4.46, 6.4.14, 7.1.7
Published: November 6, 2024

CVE-2024-34675

2.4
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-34682

2.4
    Samsung
  • Android
Published: November 6, 2024

CVE-2024-51754

2.2
    Twig
  • Version(s): 3.11.2, 3.14.1
Published: November 6, 2024

CVE-2024-51755

2.2
    Twig
  • Version(s): 3.11.2, 3.14.1
Published: November 6, 2024

CVE-2024-51736

0.0
    Symphony process module for Symphony PHP framework
  • Version(s): 5.4.46, 6.4.14, 7.1.7
Published: November 6, 2024

CVE-2024-50315

None
    UNKNOWN
Published: November 6, 2024

CVE-2024-51757

None
    happy-dom
  • Version(s): before 15.10.2
Published: November 6, 2024

CVE-2024-10941

None
    Firefox
  • Version(s): < 126
Published: November 6, 2024
Click here to see more Vulnerabilities