Tag: 2024-12-11

9 Attack Reports | 35 Vulnerabilities

Attack reports

Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

The XLab threat detection system uncovered an advanced PHP trojan named Glutton, which has been active for over a year without detection. Glutton targets both legitimate businesses and cybercriminal operations, infiltrating popular PHP frameworks like ThinkPHP and Laravel. It employs modular compon…
backdoor
winnti
php
2024-12-11
glutton
Published: December 11, 2024
Downloadable IOCs: 5

Inside a New OT/IoT Cyberweapon: IOCONTROL

Team82 analyzed a sample of IOCONTROL, a custom-built IoT/OT malware used by Iran-affiliated attackers to target Israel and U.S.-based devices. The malware affects various IoT and SCADA/OT devices, including IP cameras, routers, PLCs, HMIs, and firewalls from multiple vendors. IOCONTROL is believed…
iot
2024-12-11
mqtt
iocontrol
scada
Published: December 11, 2024
Downloadable IOCs: 4

AppLite: A New AntiDot Variant Targeting Mobile Employee Devices

A sophisticated Mishing campaign delivers malware to Android devices, enabling credential theft from banking, cryptocurrency, and critical applications. The campaign uses phishing domains to distribute a new variant of the Antidot banking trojan, dubbed AppLite Banker. Attackers pose as recruiters,…
android
banking trojan
2024-12-11
applite
Published: December 11, 2024
Downloadable IOCs: 224

Malware Analysis: A Kernel Land Rootkit Loader for FK_Undead

This analysis delves into a Windows rootkit loader for the FK_Undead malware family, known for intercepting user network traffic through proxy manipulation. The loader, signed with a valid Microsoft certificate, installs itself as a system service and employs various evasion techniques. It download…
rootkit
evasion
windows
proxy
kernel
2024-12-11
vmprotect
driver
deaddrop
fk_undead
Published: December 11, 2024
Downloadable IOCs: 20

Inside Zloader's Latest Trick: DNS Tunneling

Zloader, a modular Trojan based on Zeus source code, has introduced new features in version 2.9.4.0 to enhance its anti-analysis capabilities and resilience against detection. Key updates include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting over a dozen comman…
zloader
dns tunneling
banking trojan
2024-12-11
malware evolution
ghostsocks
zeus variant
Published: December 11, 2024
Downloadable IOCs: 3

Intensifies Attacks On Russia With PhantomCore

The Head Mare hacktivist group has escalated its campaign against Russian targets using the PhantomCore backdoor. The group employs deceptive ZIP archives containing malicious LNK files and executables disguised as archive files to deploy PhantomCore. This C++-compiled backdoor, which replaces earl…
backdoor
apt
ransomware
russia
lockbit
CVE-2023-38831
babuk
phantomcore
2024-12-11
hacktivist
boost.beast
Published: December 11, 2024
Downloadable IOCs: 31

Technical Analysis of Zloader 2.9.0.4

The latest version of Zloader (2.9.4.0) introduces significant enhancements to its capabilities. Key features include a custom DNS tunnel protocol for C2 communications, an interactive shell supporting various commands, and updated anti-analysis techniques. The malware's distribution has become mor…
zloader
zeus
dns tunneling
banking trojan
initial access
2024-12-11
ghostsocks
Published: December 11, 2024
Downloadable IOCs: 18

Inside the incident: Uncovering an advanced phishing attack

A sophisticated phishing campaign targeted a U.K.-based insurance company, using a compromised CEO's email account from a major shipping company. The attack involved a malicious PDF link hosted on AWS, leading to a fake Microsoft authentication page. The threat actor employed tactics like deletion …
phishing
social engineering
credential theft
2024-12-11
account takeover
email security
Published: December 11, 2024
Downloadable IOCs: 4

New Cleo zero-day RCE flaw exploited in data theft attacks

A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execut…
data theft
zero-day
CVE-2024-50623
rce
termite
cleo
lexicom
2024-12-11
vltrader
cleo harmony
Published: December 11, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-11737

9.8
    UNKNOWN
Published: December 11, 2024

CVE-2024-28139

8.8
    UNKNOWN
Published: December 11, 2024

CVE-2024-53290

8.4
    Dell ThinOS
  • Version(s): 2408
Published: December 11, 2024

CVE-2024-53289

7.8
    Dell ThinOS
  • Version(s): 2408
Published: December 11, 2024

CVE-2024-10251

7.8
    Ivanti
  • Security Controls
Published: December 11, 2024

CVE-2024-11597

7.8
    Ivanti Performance Manager
  • Version(s): before 2024.3 HF1, 2024.1 HF1, 2023.3 HF1
Published: December 11, 2024

CVE-2024-11598

7.8
    Ivanti Application Control
  • Version(s): before 2024.3 HF1, before 2024.1 HF2, before 2023.3 HF3
Published: December 11, 2024

CVE-2024-8496

7.8
    Ivanti
  • Workspace Control
Published: December 11, 2024

CVE-2024-9845

7.8
    Ivanti
  • Automation
Published: December 11, 2024

CVE-2024-53292

7.2
    Dell VxVerify
  • Version(s): before x.40.405
Published: December 11, 2024

CVE-2024-12363

7.1
    TeamViewer Patch & Asset Management
  • Version(s): before 24.12
Published: December 11, 2024

CVE-2024-11840

7.1
    RapidLoad - Optimize Web Vitals Automatically plugin for WordPress
  • Version(s): up to 2.4.2
Published: December 11, 2024

CVE-2024-52537

6.3
    Dell Client Platform Firmware Update Utility
Published: December 11, 2024

CVE-2024-28141

6.3
    UNKNOWN
Published: December 11, 2024

CVE-2024-12004

6.1
    WPC Order Notes for WooCommerce plugin for WordPress
  • Version(s): up to 1.5.2
Published: December 11, 2024

CVE-2024-12283

6.1
    WP Pipes plugin for WordPress
  • Version(s): up to 1.4.1
Published: December 11, 2024

CVE-2024-12325

6.1
    WordPress Waymark plugin
  • Version(s): up to 1.4.1
Published: December 11, 2024

CVE-2024-28140

6.1
    UNKNOWN
Published: December 11, 2024

CVE-2024-10511

5.3
    UNKNOWN
Published: December 11, 2024

CVE-2024-11008

5.3
    Members - Membership & User Role Editor Plugin
  • Version(s): up to 3.2.10
Published: December 11, 2024

CVE-2024-12294

5.3
    WordPress Last Viewed Posts by WPBeginner plugin
  • Version(s): up to 1.0.1
Published: December 11, 2024

CVE-2024-11351

5.3
    Restrict – membership, site, content and user access restrictions for WordPress plugin
  • Version(s): up to 2.2.8
Published: December 11, 2024

CVE-2024-50585

4.7
    UNKNOWN
Published: December 11, 2024

CVE-2024-35117

4.4
    IBM OpenPages with Watson
  • Version(s): 9.0
Published: December 11, 2024

CVE-2024-54269

4.3
    Ninja Team Notibar
  • Version(s): n/a, 2.1.4
Published: December 11, 2024

CVE-2024-51460

4.3
    IBM InfoSphere Information Server
  • Version(s): 11.7
Published: December 11, 2024

CVE-2024-11053

3.4
    curl
Published: December 11, 2024

CVE-2023-23472

3.1
    IBM InfoSphere DataStage Flow Designer
  • Version(s): 11.7
Published: December 11, 2024

CVE-2023-37395

2.5
    Ibm
  • Aspera Faspex
Published: December 11, 2024

CVE-2024-11401

None
    Rapid7 Insight Platform
  • Version(s): before November 13th 2024
Published: December 11, 2024

CVE-2024-47758

None
    GLPI
  • Version(s): 9.3.0 - 10.0.16
Published: December 11, 2024

CVE-2024-53677

None
    Apache Struts
  • Version(s): 2.0.0 - 6.4.0
Published: December 11, 2024

CVE-2024-47760

None
    GLPI
  • Version(s): 9.1.0, before 10.0.17
Published: December 11, 2024

CVE-2024-47761

None
    GLPI
  • Version(s): 0.80 - 10.0.16
Published: December 11, 2024

CVE-2024-48912

None
    GLPI
  • Version(s): 0.80 - 10.0.16
Published: December 11, 2024
Click here to see more Vulnerabilities