Tag: 2024-12-03

10 Attack Reports | 86 Vulnerabilities

Attack reports

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

This analysis explores the Rockstar 2FA phishing-as-a-service kit, focusing on real-world email campaign examples. It highlights various techniques used by attackers, including the abuse of legitimate services for FUD (Fully Undetectable) links, such as Microsoft OneDrive, OneNote, Dynamics 365, At…
phishing
aitm
email campaigns
microsoft 365
2024-12-03
phishing-as-a-service
dadsec
rockstar 2fa
2024-12-04
rockstar
Published: December 4, 2024
Downloadable IOCs: 51

Inside Akira Ransomware's Rust Experiment

Check Point Research analyzed the Rust version of Akira ransomware that targeted ESXi servers in early 2024. The malware's complex assembly is attributed to Rust idioms, boilerplate code, and compiler strategies. The analysis reveals the ransomware's use of the seahorse CLI framework, indicatif lib…
ransomware
rust
akira
2024-12-03
Published: December 3, 2024
Downloadable IOCs: 0

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…
phishing
plugins
credential theft
smokeloader
CVE-2017-0199
CVE-2017-11882
taiwan
modular malware
2024-12-03
microsoft office
vulnerabilities
andeloader
Published: December 3, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 28

Gafgyt Malware Broadens Its Scope in Recent Attacks

Trend Micro researchers have identified threat actors exploiting misconfigured Docker servers to spread Gafgyt malware, traditionally known for targeting IoT devices. This shift in behavior involves attackers creating Docker containers based on legitimate 'alpine' images to deploy the malware. The …
privilege-escalation
ddos
iot
botnet
gafgyt
docker
api
2024-12-03
lizkebab
container
bashlite
Published: December 3, 2024
Downloadable IOCs: 25

Howling Scorpius (Akira Ransomware)

Howling Scorpius, the entity behind Akira ransomware-as-a-service, has become one of the top five most active ransomware groups since emerging in early 2023. They target small to medium-sized businesses across various sectors in North America, Europe, and Australia using a double extortion strategy…
ransomware
akira
raas
double extortion
megazord
2024-12-03
howling scorpius
Published: December 3, 2024
Linked vulnerabilities : CVE-2024-0012 (CVSS 9.8), CVE-2024-9474 (CVSS 7.2), CVE-2023-20269, CVE-2020-3259
Downloadable IOCs: 44

Beware of phishing attacks by APT-C-01 (Poison Ivy)

APT-C-01, known as Poison Ivy, is a persistent threat group targeting defense, government, technology, and education sectors since 2007. They specialize in phishing attacks, including watering hole and spear-phishing, using personalized bait content. Recent observations show the group creating fake…
apt
phishing
poison ivy
2024-12-03
sliver rat
Published: December 3, 2024
Downloadable IOCs: 7

Analysis report on recent phishing attacks by APT-C-48 (CNC)

APT-C-48 (CNC), a South Asian government-backed APT group, has been targeting government, military, education, research, healthcare, and media sectors. They use spear-phishing emails with resume-related topics to deliver malicious payloads. The group modifies executable file icons to resemble PDF f…
spear-phishing
anti-vm
2024-12-03
anti-debugging
apt-c-48
Published: December 3, 2024
Downloadable IOCs: 5

TaxOff: You've Got a Backdoor...

A sophisticated threat group named TaxOff has been discovered targeting Russian government agencies. The group uses phishing emails with legal and financial themes to deliver the Trinper backdoor, a multithreaded C++ malware with advanced features. Trinper employs STL containers, custom serializati…
espionage
phishing
keylogging
2024-12-03
code injection
russian government
trinper backdoor
Published: December 3, 2024
Downloadable IOCs: 11

Ransomware Roundup - Interlock

The Interlock ransomware is a new variant targeting Microsoft Windows and FreeBSD systems. It encrypts files and demands ransom for decryption. The malware has both Windows and FreeBSD versions, using AES-CBC encryption and adding a '.interlock' extension to encrypted files. It excludes certain fil…
ransomware
encryption
interlock
2024-12-03
Published: December 3, 2024
Downloadable IOCs: 5

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Earth Estries, a Chinese APT group, has been aggressively targeting critical sectors globally since 2023. The group employs advanced techniques and multiple backdoors, including GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, to compromise organizations in telecommunications, government, and other industrie…
government
telecommunications
demodex
crowdoor
2024-12-03
chinese apt
masol rat
sparrowdoor
snappybee
Published: December 3, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-26855, CVE-2023-48788, CVE-2022-3236, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065
Downloadable IOCs: 57
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-52544

9.8
    DP Service
Published: December 3, 2024

CVE-2024-51363

9.8
    Hodoku
Published: December 3, 2024

CVE-2024-10074

8.8
    Openatom
  • Openharmony
Published: December 3, 2024

CVE-2024-12053

8.8
    Google Chrome
Published: December 3, 2024

CVE-2024-51114

8.8
    Beijing Digital China Yunke Information Technology Co.Ltd
Published: December 3, 2024

CVE-2024-46625

8.8
    InfoDom Performa 365
Published: December 3, 2024

CVE-2024-46624

8.8
    InfoDom Performa
Published: December 3, 2024

CVE-2024-42422

8.3
    Dell NetWorker
Published: December 3, 2024

CVE-2024-49415

8.1
    UNKNOWN
Published: December 3, 2024

CVE-2024-45106

8.1
    Apache Ozone
Published: December 3, 2024

CVE-2024-53999

8.1
    Mobile Security Framework (MobSF)
Published: December 3, 2024

CVE-2024-40691

8.0
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-47476

7.8
    Dell NetWorker Management Console
Published: December 3, 2024

CVE-2024-29404

7.8
    Razer Synapse 3
Published: December 3, 2024

CVE-2024-8748

7.5
    Zyxel VMG8825-T50K
Published: December 3, 2024

CVE-2024-49420

7.5
    GamingHub
Published: December 3, 2024

CVE-2024-11391

7.5
    Advanced File Manager plugin for WordPress
Published: December 3, 2024

CVE-2024-54000

7.5
    Mobile Security Framework (MobSF)
Published: December 3, 2024

CVE-2024-37302

7.5
    Synapse
Published: December 3, 2024

CVE-2024-41777

7.5
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-48080

7.5
    aedes
Published: December 3, 2024

CVE-2024-50948

7.5
    mochiMQTT
Published: December 3, 2024

CVE-2024-9200

7.2
    Zyxel VMG4005-B50A
Published: December 3, 2024

CVE-2024-52547

7.2
    DHIP Service
Published: December 3, 2024

CVE-2024-51771

7.2
    HPE Aruba Networking ClearPass Policy Manager
Published: December 3, 2024

CVE-2024-45068

7.1
    Hitachi Ops Center Common Services
    Hitachi Ops Center OVA
Published: December 3, 2024

CVE-2024-49413

7.1
    SmartSwitch
Published: December 3, 2024

CVE-2024-52548

6.7
    UNKNOWN
Published: December 3, 2024

CVE-2024-49418

6.5
    GamingHub
Published: December 3, 2024

CVE-2024-11732

6.5
    BP Profile Shortcodes Extra plugin for WordPress
Published: December 3, 2024

CVE-2024-41776

6.5
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-52545

6.5
    UNKNOWN
Published: December 3, 2024

CVE-2024-9694

6.4
    CMSMasters Elementor Addon plugin for WordPress
Published: December 3, 2024

CVE-2024-10484

6.4
    Spectra - WordPress Gutenberg Blocks plugin
Published: December 3, 2024

CVE-2024-9058

6.4
    Element Pack Elementor Addons plugin
Published: December 3, 2024

CVE-2024-11453

6.4
    WordPress Pinterest Plugin
Published: December 3, 2024

CVE-2024-11853

6.4
    jAlbum Bridge plugin for WordPress
Published: December 3, 2024

CVE-2024-11898

6.4
    WordPress Scratch & Win Plugin
Published: December 3, 2024

CVE-2024-11866

6.4
    BMLT Tabbed Map plugin for WordPress
Published: December 3, 2024

CVE-2024-11782

6.4
    WP Mailster plugin for WordPress
Published: December 3, 2024

CVE-2024-51772

6.4
    ClearPass Policy Manager
Published: December 3, 2024

CVE-2024-11461

6.1
    Form Data Collector plugin for WordPress
Published: December 3, 2024

CVE-2024-11707

6.1
    My auctions allegro plugin for WordPress
Published: December 3, 2024

CVE-2024-11805

6.1
    Quick License Manager - WooCommerce Plugin
Published: December 3, 2024

CVE-2024-11326

6.1
    Campaign Monitor Forms by Optin Cat plugin for WordPress
Published: December 3, 2024

CVE-2024-11200

6.1
    Goodlayers Core plugin for WordPress
Published: December 3, 2024

CVE-2024-49410

5.9
    Samsung SMR
Published: December 3, 2024

CVE-2021-29892

5.9
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-41775

5.9
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2018-9441

5.5
    Google
  • Android
Published: December 3, 2024

CVE-2018-9449

5.5
    Google
  • Android
Published: December 3, 2024

CVE-2024-49412

5.5
    Samsung Galaxy Watch
Published: December 3, 2024

CVE-2024-12082

5.5
    Openatom
  • Openharmony
Published: December 3, 2024

CVE-2024-9978

5.5
    Openatom
  • Openharmony
Published: December 3, 2024

CVE-2024-25019

5.5
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-25020

5.5
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-25035

5.3
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-37303

5.3
    Synapse
Published: December 3, 2024

CVE-2024-52546

5.3
    DHIP Service
Published: December 3, 2024

CVE-2024-11325

5.2
    AWeber Forms by Optin Cat plugin for WordPress
Published: December 3, 2024

CVE-2024-9197

4.9
    Zyxel VMG3625-T50B
Published: December 3, 2024

CVE-2024-53257

4.9
    Vitess
Published: December 3, 2024

CVE-2024-10893

4.8
    WP Booking Calendar WordPress plugin
Published: December 3, 2024

CVE-2024-51773

4.8
    HPE Aruba ClearPass Policy Manager
Published: December 3, 2024

CVE-2024-53672

4.7
    ClearPass Policy Manager
Published: December 3, 2024

CVE-2024-49411

4.3
    ThemeCenter
Published: December 3, 2024

CVE-2024-49419

4.3
    GamingHub
Published: December 3, 2024

CVE-2024-49421

4.3
    Quick Share Agent
Published: December 3, 2024

CVE-2024-11844

4.3
    IdeaPush plugin for WordPress
Published: December 3, 2024

CVE-2024-12062

4.3
    Charity Addon for Elementor plugin for WordPress
Published: December 3, 2024

CVE-2024-25036

4.3
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-53867

4.3
    Synapse
Published: December 3, 2024

CVE-2024-45676

4.3
    Ibm
  • Cognos Controller
Published: December 3, 2024

CVE-2024-49416

4.0
    SmartThings
Published: December 3, 2024

CVE-2024-53502

3.8
    Seecms
Published: December 3, 2024

CVE-2024-53921

2.8
    Samsung Magician
Published: December 3, 2024

CVE-2024-49414

2.4
    Samsung Dex
Published: December 3, 2024

CVE-2024-49417

2.0
    Smart Touch Call
Published: December 3, 2024

CVE-2024-12101

None
    UNKNOWN
Published: December 3, 2024

CVE-2024-52805

None
    Synapse
Published: December 3, 2024

CVE-2024-52815

None
    Synapse
Published: December 3, 2024

CVE-2024-53863

None
    Synapse
Published: December 3, 2024

CVE-2023-7255

None
    UNKNOWN
Published: December 3, 2024

CVE-2024-45757

None
    Centreon BAM
Published: December 3, 2024

CVE-2024-54131

None
    Kolide Agent (Launcher)
Published: December 3, 2024

CVE-2024-40391

None
    UNKNOWN
Published: December 3, 2024
Click here to see more Vulnerabilities