Tag: 2024-11-14

5 Attack Reports | 147 Vulnerabilities

Attack reports

Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, …
phishing
financial fraud
e-commerce
chinese threat actor
2024-11-14
oemapps
black friday
google translate
stripe
Published: November 14, 2024
Downloadable IOCs: 13

Malware Spotlight: A Deep-Dive Analysis of WezRat

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking…
backdoor
espionage
phishing
infostealer
iran
modular
2024-11-14
wezrat
c&c
Published: November 14, 2024
Downloadable IOCs: 0

The State of Cloud Ransomware in 2024

Cloud ransomware attacks are evolving, primarily targeting storage services like Amazon S3 and Azure Blob Storage. Attackers exploit misconfigurations or use stolen credentials to access and encrypt data. Cloud service providers have implemented security measures, such as AWS's 7-day key deletion w…
lockbit
bianlian
cloud security
data exfiltration
rhysida
2024-11-14
CVE-2023-34362
cspm
cloud ransomware
pandora
s3 buckets
ransomes
web application attacks
identity management
kms
Published: November 14, 2024
Downloadable IOCs: 0

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly discovered vulnerability in Windows NT LAN Manager (NTLM) has been exploited by suspected Russian hackers in cyber attacks against Ukraine. The flaw, identified as CVE-2024-43451, allows attackers to steal NTLMv2 hashes through minimal user interaction with malicious files. The exploit chai…
rat
phishing
windows
russia
ukraine
zero-day
CVE-2024-43451
2024-11-14
ntlm
spark rat
pass-the-hash
hash stealing
Published: November 14, 2024
Downloadable IOCs: 24

PHP Reinfector and Backdoor Malware Target WordPress Sites

A sophisticated PHP reinfector and backdoor malware is targeting WordPress websites, infecting plugin files and database tables. The malware reinfects active plugins, manipulates wp_options and wp_posts tables, and creates malicious admin users. It utilizes WordPress's cron system to maintain contr…
backdoor
obfuscation
wordpress
php
2024-11-14
vextrio
database manipulation
backdoor malware
persistent threat
php reinfector
plugin infection
reinfector
cron system
Published: November 14, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-52372

10.0
    WebTechGlobal Easy CSV Importer BETA
Published: November 14, 2024

CVE-2024-52373

10.0
    Devexhub Gallery
Published: November 14, 2024

CVE-2024-52374

10.0
    Do That Task
Published: November 14, 2024

CVE-2024-52375

10.0
    Datasets Manager by Arttia Creative
Published: November 14, 2024

CVE-2024-52376

10.0
    cmsMinds Boat Rental Plugin for WordPress
Published: November 14, 2024

CVE-2024-52377

10.0
    BdThemes Instant Image Generator
Published: November 14, 2024

CVE-2024-52379

10.0
    kineticPay for WooCommerce
Published: November 14, 2024

CVE-2024-52380

10.0
    Softpulse Infotech Picsmize
Published: November 14, 2024

CVE-2024-48966

10.0
    Unknown
Published: November 14, 2024

CVE-2024-48967

10.0
    Unknown
Published: November 14, 2024

CVE-2024-52384

9.9
    Sage AI: Chatbots
Published: November 14, 2024

CVE-2024-52369

9.9
    KBucket
Published: November 14, 2024

CVE-2024-52370

9.9
    Hive Support - WordPress Help Desk
Published: November 14, 2024

CVE-2024-10571

9.8
    Ays-Pro
  • Chartify
Published: November 14, 2024

CVE-2024-50833

9.8
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-4343

9.8
    imartinez/privategpt
Published: November 14, 2024

CVE-2024-50823

9.8
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-52382

9.8
    Medma Technologies Matix Popup Builder
Published: November 14, 2024

CVE-2024-31695

9.8
    Binance: BTC, Crypto and NFTS
Published: November 14, 2024

CVE-2024-9832

9.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-9834

9.3
    Baxter Ventilator
Published: November 14, 2024

CVE-2024-48970

9.3
    ventilator
Published: November 14, 2024

CVE-2024-48971

9.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-48973

9.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-48974

9.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-50306

9.1
    Apache Traffic Server
Published: November 14, 2024

CVE-2024-37285

9.1
    Kibana
Published: November 14, 2024

CVE-2024-52393

9.1
    Podlove Podcast Publisher
Published: November 14, 2024

CVE-2024-10979

8.8
    PostgreSQL
Published: November 14, 2024

CVE-2024-10962

8.8
    WPvivid plugin for WordPress
Published: November 14, 2024

CVE-2024-41209

8.8
    tsMuxer
Published: November 14, 2024

CVE-2024-49777

8.8
    tsMuxer
Published: November 14, 2024

CVE-2024-49778

8.8
    tsMuxer
Published: November 14, 2024

CVE-2024-9186

8.6
    Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin
Published: November 14, 2024

CVE-2024-52371

8.6
    DonnellC Global Gateway e4 | Payeezy Gateway
Published: November 14, 2024

CVE-2024-9693

8.5
    Gitlab
  • Gitlab
Published: November 14, 2024

CVE-2024-3379

8.1
    Lunary
  • Lunary
Published: November 14, 2024

CVE-2024-3501

8.1
    Lunary
  • Lunary
Published: November 14, 2024

CVE-2024-3502

8.1
    Lunary
  • Lunary
Published: November 14, 2024

CVE-2024-52381

8.1
    ZIJ KART
Published: November 14, 2024

CVE-2024-52308

8.0
    Github
  • Cli
Published: November 14, 2024

CVE-2022-31666

7.7
    Harbor
Published: November 14, 2024

CVE-2022-31670

7.7
    Linuxfoundation
  • Harbor
Published: November 14, 2024

CVE-2024-49362

7.7
    Joplin-desktop
Published: November 14, 2024

CVE-2024-11206

7.5
    UNKNOWN
Published: November 14, 2024

CVE-2024-38479

7.5
    Apache Traffic Server
Published: November 14, 2024

CVE-2024-45253

7.5
    Avigilon
Published: November 14, 2024

CVE-2024-45254

7.5
    VaeMendis
Published: November 14, 2024

CVE-2024-47915

7.5
    VaeMendis
Published: November 14, 2024

CVE-2024-47916

7.5
    Boa web server
Published: November 14, 2024

CVE-2024-50305

7.5
    Apache Traffic Server
Published: November 14, 2024

CVE-2022-2232

7.5
    Keycloak
Published: November 14, 2024

CVE-2024-52378

7.5
    Labs64 DigiPass
Published: November 14, 2024

CVE-2024-52383

7.5
    KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Published: November 14, 2024

CVE-2024-3760

7.5
    Lunary
  • Lunary
Published: November 14, 2024

CVE-2024-50968

7.5
    Adonesevangelista
  • Agri-Trading Online Shopping System
Published: November 14, 2024

CVE-2022-31668

7.4
    Linuxfoundation
  • Harbor
Published: November 14, 2024

CVE-2022-31671

7.4
    Linuxfoundation
  • Harbor
Published: November 14, 2024

CVE-2024-7730

7.4
    QEMU
Published: November 14, 2024

CVE-2024-6068

7.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-5125

7.3
    parisneo/lollms-webui
Published: November 14, 2024

CVE-2024-50832

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50834

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50835

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50824

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50825

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50826

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50827

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50828

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50829

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50830

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-50831

7.2
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-51688

7.1
    FraudLabs Pro SMS Verification
Published: November 14, 2024

CVE-2024-51684

7.1
    W3P SEO
Published: November 14, 2024

CVE-2024-51687

7.1
    Platform.Ly Official
Published: November 14, 2024

CVE-2024-51658

7.1
    WP Course Manager
Published: November 14, 2024

CVE-2024-51659

7.1
    UNKNOWN
Published: November 14, 2024

CVE-2024-51679

7.1
    Appointmind
  • Appointmind
Published: November 14, 2024

CVE-2024-7404

6.8
    Gitlab
  • Gitlab
Published: November 14, 2024

CVE-2024-10921

6.8
    MongoDB Server
Published: November 14, 2024

CVE-2023-34049

6.7
    Salt-SSH
Published: November 14, 2024

CVE-2024-11215

6.5
    EasyPHP
Published: November 14, 2024

CVE-2024-41206

6.5
    tsMuxer
Published: November 14, 2024

CVE-2024-41217

6.5
    tsMuxer
Published: November 14, 2024

CVE-2024-49776

6.5
    tsMuxer
Published: November 14, 2024

CVE-2022-31667

6.4
    Linuxfoundation
  • Harbor
Published: November 14, 2024

CVE-2022-31669

6.4
    Linuxfoundation
  • Harbor
Published: November 14, 2024

CVE-2024-11209

6.3
    Apereo
  • Central Authentication Service
Published: November 14, 2024

CVE-2024-11212

6.3
    Mayurik
  • Best Employee Management System
Published: November 14, 2024

CVE-2024-8648

6.1
    Gitlab
  • Gitlab
Published: November 14, 2024

CVE-2024-3447

6.0
    QEMU
Published: November 14, 2024

CVE-2024-45670

5.6
    Ibm
  • Soar
Published: November 14, 2024

CVE-2023-4134

5.5
    Linux
  • Linux Kernel
    Fedoraproject
Published: November 14, 2024

CVE-2017-13227

5.5
    Google
  • Android
Published: November 14, 2024

CVE-2024-52613

5.5
    Justdan96
  • Tsmuxer
Published: November 14, 2024

CVE-2024-10146

5.4
    Simple File List WordPress plugin
Published: November 14, 2024

CVE-2024-8180

5.4
    Gitlab
  • Gitlab
Published: November 14, 2024

CVE-2024-50839

5.4
    KASHIPARA E-learning Management System Project
Published: November 14, 2024

CVE-2024-50840

5.4
    KASHIPARA E-learning Management System Project
Published: November 14, 2024

CVE-2024-50841

5.4
    KASHIPARA E-learning Management System pProject
Published: November 14, 2024

CVE-2024-50842

5.4
    KASHIPARA E-learning Management System Project
Published: November 14, 2024

CVE-2024-11210

5.4
    Eyoucms
  • Eyoucms
Published: November 14, 2024

CVE-2024-50837

5.4
    KASHIPARA E-learning Management System Project
Published: November 14, 2024

CVE-2024-50838

5.4
    UNKNOWN
Published: November 14, 2024

CVE-2024-52505

5.4
    matrix-appservice-irc
Published: November 14, 2024

CVE-2024-4311

5.4
    zenml-io/zenml
Published: November 14, 2024

CVE-2024-49025

5.4
    Microsoft Edge (Chromium-based)
Published: November 14, 2024

CVE-2024-40579

5.4
    Virtuozzo Hybrid Server for WHMCS Open Source
Published: November 14, 2024

CVE-2024-45642

5.3
    Ibm
  • Security Qradar Edr
    Linux
Published: November 14, 2024

CVE-2024-50843

5.3
    PHPGurukul User Registration & Login and User Management System
Published: November 14, 2024

CVE-2024-39707

5.3
    InsydeH2O UEFI BIOS
Published: November 14, 2024

CVE-2024-52396

4.9
    WOLF
Published: November 14, 2024

CVE-2024-50836

4.8
    Lopalopa
  • E-Learning Management System
Published: November 14, 2024

CVE-2024-48284

4.8
    Phpgurukul
  • User Registration \& Login And User Management System
Published: November 14, 2024

CVE-2024-11211

4.7
    Eyoucms
  • Eyoucms
Published: November 14, 2024

CVE-2024-11213

4.7
    Mayurik
  • Best Employee Management System
Published: November 14, 2024

CVE-2024-11214

4.7
    Mayurik
  • Best Employee Management System
Published: November 14, 2024

CVE-2024-51156

4.7
    07FLYCMS
Published: November 14, 2024

CVE-2024-47914

4.5
    VaeMendis
Published: November 14, 2024

CVE-2024-11207

4.3
    Apereo CAS
Published: November 14, 2024

CVE-2024-1682

4.3
    UNKNOWN
Published: November 14, 2024

CVE-2024-10976

4.2
    PostgreSQL
Published: November 14, 2024

CVE-2024-10978

4.2
    PostgreSQL
Published: November 14, 2024

CVE-2023-4458

4.0
    Linux Kernel
Published: November 14, 2024

CVE-2024-11208

3.7
    Apereo
  • Central Authentication Service
Published: November 14, 2024

CVE-2024-42188

3.7
    HCL Connections
Published: November 14, 2024

CVE-2024-45099

3.1
    Ibm
  • Security Qradar Edr
    Linux
Published: November 14, 2024

CVE-2024-10977

3.1
    PostgreSQL
Published: November 14, 2024

CVE-2024-9633

3.1
    Gitlab
  • Gitlab
Published: November 14, 2024

CVE-2024-5083

None
    Sonatype Nexus Repository
Published: November 14, 2024

CVE-2024-5082

None
    Sonatype Nexus Repository
Published: November 14, 2024

CVE-2024-7787

None
    ITG Computer Technology vSRM Supplier Relationship Management System
Published: November 14, 2024

CVE-2024-2550

None
    Palo Alto Networks PAN-OS software
Published: November 14, 2024

CVE-2024-2551

None
    Palo Alto Networks PAN-OS
Published: November 14, 2024

CVE-2024-2552

None
    Palo Alto Networks PAN-OS software
Published: November 14, 2024

CVE-2024-5917

None
    PAN-OS
Published: November 14, 2024

CVE-2024-5918

None
    Palo Alto Networks PAN-OS
Published: November 14, 2024

CVE-2024-5919

None
    Palo Alto Networks PAN-OS
Published: November 14, 2024

CVE-2024-5920

None
    Palo Alto Networks PAN-OS
Published: November 14, 2024

CVE-2024-9472

None
    Palo Alto Networks PAN-OS
Published: November 14, 2024

CVE-2024-7124

None
    DInGO dLibra software
Published: November 14, 2024

CVE-2024-11136

None
    TCL Camera application
Published: November 14, 2024

CVE-2024-52302

None
    Spring Boot
Published: November 14, 2024

CVE-2024-52524

None
    Giskard
Published: November 14, 2024

CVE-2024-10394

None
    OpenAFS
Published: November 14, 2024

CVE-2024-10396

None
    UNKNOWN
Published: November 14, 2024

CVE-2024-10397

None
    OpenAFS
Published: November 14, 2024
Click here to see more Vulnerabilities