Tag: 2024-12-04

10 Attack Reports | 119 Vulnerabilities

Attack reports

Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader

A new malware called Pronsis Loader has been discovered, with similarities to D3F@ck Loader. Both use JPHP-compiled executables, but Pronsis uses NSIS for installation instead of Inno Setup. Pronsis Loader typically delivers Lumma Stealer and Latrodectus payloads. It employs defense evasion techniq…
lumma stealer
latrodectus
d3f@ck loader
pronsis loader
2024-12-04
jphp
Published: December 4, 2024
Downloadable IOCs: 0

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

This analysis explores the Rockstar 2FA phishing-as-a-service kit, focusing on real-world email campaign examples. It highlights various techniques used by attackers, including the abuse of legitimate services for FUD (Fully Undetectable) links, such as Microsoft OneDrive, OneNote, Dynamics 365, At…
phishing
aitm
email campaigns
microsoft 365
2024-12-03
phishing-as-a-service
dadsec
rockstar 2fa
2024-12-04
rockstar
Published: December 4, 2024
Downloadable IOCs: 51

The Curious Case of an Excellent Resume

This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, …
apt
privilege-escalation
cobalt strike
persistence
credentials
CVE-2023-27532
lateral-movement
skid
more_eggs
spicyomelette
terra loader
2024-12-04
cloudflared
c2 pyramid
Published: December 4, 2024
Linked vulnerabilities : CVE-2023-27532
Downloadable IOCs: 20

Analyzing threat actor Kimsuky email phishing campaign

The report provides an in-depth analysis of the email phishing campaigns conducted by the Kimsuky threat actor group. It highlights their tactics of using diverse themes and subjects to pique the curiosity of recipients, targeting researchers and individuals related to North Korean affairs in an at…
phishing
north korea
impersonation
credential theft
2024-12-04
malwareless
Published: December 4, 2024
Downloadable IOCs: 24

Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries

In this analysis, researchers have uncovered a malicious campaign orchestrated by APT35, a threat group believed to be affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group has been observed using forged recruitment sites and corporate sites to target the aerospace and sem…
cyber espionage
targeted attacks
middle east
2024-12-04
signedconnection.exe
semiconductor industry
secur32.dll
aerospace industry
qt5core.dll
msvcp.dll
Published: December 4, 2024
Downloadable IOCs: 12

XWorm: Analyzing New Infection Tactics With Old Payload

A recent malware campaign utilizes a multi-stage infection chain starting with a LNK file that lures victims into opening an invoice in a web browser. The attack involves PowerShell commands, batch files, and Python scripts to download and execute the XWorm payload. The infection process includes d…
xworm
python
powershell
keylogging
lnk file
shellcode injection
multi-stage infection
2024-12-04
Published: December 4, 2024
Downloadable IOCs: 0

PROXY.AM Powered by Socks5Systemz Botnet

The Socks5Systemz botnet, active since 2013, has been operating under the radar by integrating with other malware as a SOCK5 proxy module. Recently, it has grown to 250,000 compromised systems globally. The botnet powers PROXY.AM, a service providing proxy exit nodes for criminal activities. Origin…
botnet
proxy
2024-12-04
socks5
socks5systemz
Published: December 4, 2024
Downloadable IOCs: 43

Hunting Payroll Pirates: Tracking HR Redirect Phishing Scam

A malicious threat actor group dubbed 'Payroll Pirates' is orchestrating an ongoing human resources payroll redirection phishing scam targeting numerous organizations' employees. The campaign primarily focuses on Workday users and high-profile companies. The actors employ search ads with brand keyw…
phishing
2024-12-04
hr scam
Published: December 4, 2024
Downloadable IOCs: 69

Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection

A sophisticated ongoing attack has been discovered that evades antivirus software, prevents sandbox uploads, and bypasses Outlook's spam filters. The attackers deliberately corrupt files to conceal their type, making detection difficult for security tools. These corrupted files, often identified as…
zero-day
sandbox evasion
2024-12-04
spam filter bypass
antivirus bypass
file corruption
Published: December 4, 2024
Downloadable IOCs: 6

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

A new cluster of Command and Control (C2) servers related to the Andromeda/Gamarue backdoor has been discovered, targeting manufacturing and logistics companies in Asia. The initial infection vector involves USB drive-by attacks, using LNK shortcuts to execute malicious DLLs. The malware employs ru…
2024-12-04
andromeda
gamarue
Published: December 4, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-54661

9.8
    socat
Published: December 4, 2024

CVE-2024-40744

9.8
    Joomla Convert Forms
Published: December 4, 2024

CVE-2024-48453

9.8
    INOVANCE AM401_CPU1608TPTN
Published: December 4, 2024

CVE-2024-40717

8.8
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-42452

8.8
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-42456

8.8
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-10587

8.8
    WordPress Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin
Published: December 4, 2024

CVE-2024-51465

8.8
    IBM App Connect Enterprise Certified Container
Published: December 4, 2024

CVE-2024-11643

8.8
    Accessibility by AllAccessible plugin for WordPress
Published: December 4, 2024

CVE-2024-39163

8.8
    binux pyspider
Published: December 4, 2024

CVE-2024-39219

8.8
    Aginode GigaSwitch
Published: December 4, 2024

CVE-2024-37574

8.2
    GriceMobile com.grice.call application
Published: December 4, 2024

CVE-2024-11398

8.1
    Synology Router Manager (SRM)
Published: December 4, 2024

CVE-2024-11293

8.1
    Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress
Published: December 4, 2024

CVE-2024-12149

8.1
    Devolutions Remote Desktop Manager
Published: December 4, 2024

CVE-2024-54154

8.0
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-54664

7.8
    Veritas NetBackup
Published: December 4, 2024

CVE-2024-53126

7.8
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53133

7.8
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53139

7.8
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-42451

7.7
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-42457

7.7
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-45204

7.7
    UNKNOWN
Published: December 4, 2024

CVE-2024-10567

7.5
    TI WooCommerce Wishlist plugin for WordPress
Published: December 4, 2024

CVE-2024-11952

7.5
    Classic Addons - WPBakery Page Builder plugin for WordPress
Published: December 4, 2024

CVE-2024-12107

7.5
    UD3TN BPv7
Published: December 4, 2024

CVE-2024-37575

7.5
    org.mistergroup.shouldianswer application for Android
Published: December 4, 2024

CVE-2024-50947

7.5
    kmqtt
Published: December 4, 2024

CVE-2024-42453

7.4
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-10952

7.3
    WordPress The Authors List plugin
Published: December 4, 2024

CVE-2024-42449

7.1
    VSPC
Published: December 4, 2024

CVE-2024-42455

7.1
    Veeam Backup & Replication
Published: December 4, 2024

CVE-2024-45205

7.1
    UniFi iOS App
Published: December 4, 2024

CVE-2024-45207

7.0
    Veeam Agent for Windows
Published: December 4, 2024

CVE-2024-45717

7.0
    SolarWinds Platform
Published: December 4, 2024

CVE-2018-9392

6.7
    Google
  • Android
Published: December 4, 2024

CVE-2018-9393

6.7
    Google
  • Android
Published: December 4, 2024

CVE-2018-9394

6.7
    Google
  • Android
Published: December 4, 2024

CVE-2018-9395

6.7
    Google
  • Android
Published: December 4, 2024

CVE-2018-9396

6.7
    Google
  • Android
Published: December 4, 2024

CVE-2024-45206

6.5
    Veeam Service Provider Console
Published: December 4, 2024

CVE-2024-53135

6.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53614

6.5
    Thinkware Cloud APK
Published: December 4, 2024

CVE-2024-12147

6.5
    Netgear R6900
Published: December 4, 2024

CVE-2024-12196

6.5
    Devolutions Server
Published: December 4, 2024

CVE-2024-11747

6.4
    Responsive Videos plugin for WordPress
Published: December 4, 2024

CVE-2024-11897

6.4
    Contact Form, Survey & Form Builder – MightyForms plugin for WordPress
Published: December 4, 2024

CVE-2024-10885

6.4
    SearchIQ - The Search Solution plugin for WordPress
Published: December 4, 2024

CVE-2024-11769

6.4
    WordPress plugin Flower Delivery by Florist One
Published: December 4, 2024

CVE-2024-11903

6.4
    WP eCards plugin for WordPress
Published: December 4, 2024

CVE-2024-11880

6.4
    B Testimonial WordPress plugin
Published: December 4, 2024

CVE-2024-5020

6.4
    WordPress FancyBox plugin
Published: December 4, 2024

CVE-2024-11854

6.4
    Listdom Business Directory and Classified Ads Listings WordPress Plugin
Published: December 4, 2024

CVE-2024-8962

6.4
    WPBITS Addons For Elementor Page Builder plugin
Published: December 4, 2024

CVE-2024-11935

6.4
    Email Address Obfuscation plugin for WordPress
Published: December 4, 2024

CVE-2024-12138

6.3
    horilla
Published: December 4, 2024

CVE-2024-10832

6.1
    Posti Shipping plugin for WordPress
Published: December 4, 2024

CVE-2024-11807

6.1
    NPS computy plugin for WordPress
Published: December 4, 2024

CVE-2024-11813

6.1
    Pulsating Chat Button plugin for WordPress
Published: December 4, 2024

CVE-2023-6978

6.1
    WP Job Manager - Company Profiles plugin for WordPress
Published: December 4, 2024

CVE-2024-11466

6.1
    WordPress Intro Tour Tutorial DeepPresentation plugin
Published: December 4, 2024

CVE-2024-11814

6.1
    Additional Custom Order Status for WooCommerce plugin
Published: December 4, 2024

CVE-2024-54674

6.1
    MISP
Published: December 4, 2024

CVE-2024-54675

6.1
    MISP
Published: December 4, 2024

CVE-2024-11093

5.5
    SG Helper plugin for WordPress
Published: December 4, 2024

CVE-2024-53127

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53128

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53129

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53130

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53131

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53132

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53134

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53137

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53138

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-53140

5.5
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-40745

5.4
    Joomla Convert Forms component
Published: December 4, 2024

CVE-2024-52676

5.4
    Itsourcecode Online Discussion Forum Project
Published: December 4, 2024

CVE-2024-9404

5.3
    Moxa IP Cameras
Published: December 4, 2024

CVE-2024-7488

5.3
    Online Ordering System
Published: December 4, 2024

CVE-2024-54002

5.3
    Dependency-Track
Published: December 4, 2024

CVE-2024-51210

5.3
    Firepad
Published: December 4, 2024

CVE-2024-20397

5.2
    Cisco NX-OS Software
Published: December 4, 2024

CVE-2024-12151

5.0
    Devolutions Server
Published: December 4, 2024

CVE-2024-53136

4.7
    Linux
  • Linux Kernel
Published: December 4, 2024

CVE-2024-11985

4.4
    ASUS Router
Published: December 4, 2024

CVE-2024-10663

4.3
    Eleblog - Elementor Blog And Magazine Addons plugin for WordPress
Published: December 4, 2024

CVE-2024-12099

4.3
    The Dollie Hub - Build Your Own WordPress Cloud Platform plugin
Published: December 4, 2024

CVE-2023-52943

4.3
    Synology Surveillance Station
Published: December 4, 2024

CVE-2023-52944

4.3
    Synology Surveillance Station
Published: December 4, 2024

CVE-2024-10664

4.3
    BasePress Docs plugin for WordPress
Published: December 4, 2024

CVE-2024-10787

4.3
    LA-Studio Element Kit for Elementor plugin for WordPress
Published: December 4, 2024

CVE-2024-54157

4.3
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-12148

4.3
    Devolutions Server
Published: December 4, 2024

CVE-2024-54156

4.2
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-54155

3.7
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-38829

3.7
    VMware Tanzu Spring LDAP
Published: December 4, 2024

CVE-2024-54158

3.5
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-12180

3.5
    Dedecms
  • Dedecms
Published: December 4, 2024

CVE-2024-12181

3.5
    Dedecms
  • Dedecms
Published: December 4, 2024

CVE-2024-12182

3.5
    Dedecms
  • Dedecms
Published: December 4, 2024

CVE-2024-12183

3.5
    Dedecms
  • Dedecms
Published: December 4, 2024

CVE-2024-54153

3.1
    JetBrains YouTrack
Published: December 4, 2024

CVE-2024-11479

None
    Issuetrak
Published: December 4, 2024

CVE-2024-12123

None
    Issuetrak
Published: December 4, 2024

CVE-2024-52272

None
    Tenda AC6V2
Published: December 4, 2024

CVE-2024-52273

None
    Tenda AC6V2
Published: December 4, 2024

CVE-2024-52274

None
    Tenda AC6V2 Router
Published: December 4, 2024

CVE-2024-52275

None
    Tenda AC6V2
Published: December 4, 2024

CVE-2024-52276

None
    UNKNOWN
Published: December 4, 2024

CVE-2024-52277

None
    DocuSeal
Published: December 4, 2024

CVE-2024-10576

None
    Infinix Mobile devices
Published: December 4, 2024

CVE-2024-52269

None
    UNKNOWN
Published: December 4, 2024

CVE-2024-52278

None
    UNKNOWN
Published: December 4, 2024

CVE-2024-8894

None
    Open Design Alliance Drawings SDK
Published: December 4, 2024

CVE-2024-53125

None
    Linux kernel
Published: December 4, 2024

CVE-2024-12056

None
    OAuth
Published: December 4, 2024

CVE-2024-54132

None
    GitHub CLI
Published: December 4, 2024

CVE-2024-54134

None
    @solana/web3.js
Published: December 4, 2024

CVE-2024-53982

None
    ZOO-Project
Published: December 4, 2024
Click here to see more Vulnerabilities