Tag: 2024-12-16

9 Attack Reports | 205 Vulnerabilities

Attack reports

Technical Analysis of RiseLoader

RiseLoader, a new malware loader family observed in October 2024, implements a custom TCP-based binary network protocol similar to RisePro. It uses VMProtect for obfuscation and has been observed dropping malware families like Vidar, Lumma Stealer, XMRig, and Socks5Systemz. The malware collects inf…
xmrig
cryptocurrency
lumma stealer
malware loader
vidar
risepro
socks5systemz
2024-12-16
riseloader
Published: December 16, 2024
Downloadable IOCs: 0

Widespread Exploitation of Cleo File Transfer Software

Critical vulnerabilities in Cleo file transfer products, including VLTrader, Harmony, and LexiCom, are being actively exploited. Initially stemming from an insufficient patch for CVE-2024-50623, a new critical vulnerability (CVE-2024-55956) allows unauthenticated users to execute arbitrary commands…
cleo
CVE-2024-55956
2024-12-16
Published: December 16, 2024
Linked vulnerabilities : CVE-2024-50623 (CVSS 8.8), CVE-2024-55956 (CVSS 9.8)
Downloadable IOCs: 6

New Yokai Side-loaded Backdoor Targets Thai Officials

A new backdoor named Yokai has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut files that create decoy documents and execute a dropper. The dropper deploys a legitimate iTop Data Recovery application used to side-load the Yokai backdoor DLL. Yo…
backdoor
dropper
2024-12-16
thailand
yokai
Published: December 16, 2024
Downloadable IOCs: 20

A PAINFUL QUICKHEAL

This report analyzes a QUICKHEAL malware sample associated with the Chinese PLA-linked Needleminer group. The 32-bit DLL, protected by VMProtect, targets the telecom sector and was compiled in April 2022. It can steal credentials from Firefox and Internet Explorer browsers. The malware communicates…
quickheal
vmprotect
2024-12-16
pla
redfoxtrot
nomad panda
Published: December 16, 2024
Downloadable IOCs: 0

VIPKeyLogger Infostealer in the Wild

A new infostealer called VIPKeyLogger has been observed with increased activity. It shares similarities with Snake Keylogger and is distributed through phishing campaigns. The malware is delivered as an archive or Microsoft 365 file attachment, which downloads and executes a .NET compiled file. VIP…
infostealer
CVE-2017-11882
keylogger
snake keylogger
2024-12-16
vipkeylogger
Published: December 16, 2024
Downloadable IOCs: 0

Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)

Threat actors are exploiting the CVE-2023-46604 vulnerability in Apache ActiveMQ to attack Korean systems, particularly using Mauri ransomware. The vulnerability allows remote code execution on unpatched servers. Attackers use XML configuration files to add backdoor accounts, install remote access …
quasar rat
CVE-2023-46604
2024-12-16
apache activemq
mauri ransomware
Published: December 16, 2024
Downloadable IOCs: 0

Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite

Elastic Security Labs has uncovered a new intrusion set targeting Chinese-speaking regions, dubbed REF3864. The threat group employs a custom loader called SADBRIDGE to deploy GOSAR, a Golang-based reimplementation of the QUASAR backdoor. The infection chain involves trojanized MSI installers masqu…
backdoor
keylogger
golang
quasar
2024-12-16
sadbridge
gosar
Published: December 16, 2024
Downloadable IOCs: 13

Declawing PUMAKIT

PUMAKIT is a sophisticated multi-stage Linux malware consisting of a dropper, memory-resident executables, an LKM rootkit, and a userland rootkit. It employs advanced stealth techniques to hide its presence and maintain C2 communication. The rootkit hooks 18 syscalls and kernel functions using ftra…
rootkit
privilege escalation
2024-12-16
pumakit
kitsune
syscall hooking
Published: December 16, 2024
Downloadable IOCs: 12

New I2PRAT communicates via anonymous peer-to-peer network

A novel malware strain, I2PRAT, has been discovered utilizing the I2P network for command and control communication. The infection begins with a phishing email leading to a fake CAPTCHA page, which tricks users into executing a malicious PowerShell script. The malware employs UAC bypass, Microsoft …
phishing
uac bypass
privateloader
2024-12-16
i2p
i2prat
Published: December 16, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-54370

9.9
    Video & Photo Gallery for Ultimate Member
Published: December 16, 2024

CVE-2024-49775

9.8
    Totally Integrated Automation Portal (TIA Portal) V16
    Totally Integrated Automation Portal (TIA Portal) V17
    Totally Integrated Automation Portal (TIA Portal) V18
    Opcenter Execution Foundation
    Opcenter Intelligence
    Opcenter Quality
    Opcenter RDL
    SIMATIC PCS neo V4.0
    SIMATIC PCS neo V4.1
    SIMATIC PCS neo V5.0
    SINEC NMS
    Totally Integrated Automation Portal (TIA Portal) V19
Published: December 16, 2024

CVE-2024-54363

9.8
    Wp NssUser Register
Published: December 16, 2024

CVE-2024-54367

9.8
    ForumWP
Published: December 16, 2024

CVE-2024-56012

9.8
    Flash News / Post (Responsive)
Published: December 16, 2024

CVE-2024-43234

9.8
    Woffice
Published: December 16, 2024

CVE-2024-54229

9.8
    Straightvisions GmbH SV100 Companion
Published: December 16, 2024

CVE-2024-55557

9.8
    Weasis
Published: December 16, 2024

CVE-2024-29671

9.8
    NEXTU FLATA AX1500 Router
Published: December 16, 2024

CVE-2024-52949

9.8
    iptraf-ng
Published: December 16, 2024

CVE-2024-55085

9.8
    GetSimple CMS CE
Published: December 16, 2024

CVE-2024-12641

9.6
    TenderDocTransfer from Chunghwa Telecom
Published: December 16, 2024

CVE-2024-54368

9.6
    GitSync
Published: December 16, 2024

CVE-2024-54372

9.6
    Insertify
Published: December 16, 2024

CVE-2024-54361

9.3
    Instant Appointment
Published: December 16, 2024

CVE-2024-55972

9.3
    Chris Carvache eTemplates
Published: December 16, 2024

CVE-2024-55976

9.3
    Critical Site Intel
Published: December 16, 2024

CVE-2024-55977

9.3
    LaunchPage.app Importer
Published: December 16, 2024

CVE-2024-55978

9.3
    Code Generator Pro
Published: December 16, 2024

CVE-2024-55980

9.3
    Webriderz Wr Age Verification
Published: December 16, 2024

CVE-2024-55981

9.3
    Nabz Image Gallery
Published: December 16, 2024

CVE-2024-55982

9.3
    richteam Share Buttons – Social Media
Published: December 16, 2024

CVE-2024-55988

9.3
    Navayan CSV Export
Published: December 16, 2024

CVE-2024-54280

9.3
    WPBookit
Published: December 16, 2024

CVE-2024-54369

9.1
    Zita Site Builder
Published: December 16, 2024

CVE-2024-54285

9.1
    SeedProd LLC SeedProd Pro
Published: December 16, 2024

CVE-2024-53376

8.8
    CyberPanel
Published: December 16, 2024

CVE-2024-54352

8.8
    Sogrid
Published: December 16, 2024

CVE-2024-54365

8.8
    KH Easy User Settings
Published: December 16, 2024

CVE-2024-54378

8.8
    Quietly Insights
Published: December 16, 2024

CVE-2024-54379

8.8
    Minterpress
Published: December 16, 2024

CVE-2024-56013

8.8
    Wovax IDX
Published: December 16, 2024

CVE-2024-12089

8.7
    ENOVIA Collaborative Industry Innovator
Published: December 16, 2024

CVE-2024-12090

8.7
    ENOVIA Collaborative Industry Innovator
Published: December 16, 2024

CVE-2024-12091

8.7
    ENOVIA Collaborative Industry Innovator
Published: December 16, 2024

CVE-2024-12092

8.7
    ENOVIA Collaborative Industry Innovator
Published: December 16, 2024

CVE-2024-55973

8.5
    TSB Occasion Editor
Published: December 16, 2024

CVE-2024-55974

8.5
    AMS Nexe Iberica Mimoos
Published: December 16, 2024

CVE-2024-55979

8.5
    Webriderz Wr Age Verification
Published: December 16, 2024

CVE-2024-55986

8.5
    serviceonline Service
Published: December 16, 2024

CVE-2024-55987

8.5
    Advanced What should we write next about
Published: December 16, 2024

CVE-2024-10095

8.4
    Telerik
  • Ui For Wpf
Published: December 16, 2024

CVE-2024-12668

8.2
    Velocidex WinPmem
Published: December 16, 2024

CVE-2024-54359

8.2
    Banner System by Saul Morales Pacheco
Published: December 16, 2024

CVE-2024-56083

8.1
    Cognition Devin
Published: December 16, 2024

CVE-2024-12642

8.1
    TenderDocTransfer from Chunghwa Telecom
Published: December 16, 2024

CVE-2024-12643

8.1
    tbm-client from Chunghwa Telecom
Published: December 16, 2024

CVE-2024-12646

8.1
    topm-client from Chunghwa Telecom
Published: December 16, 2024

CVE-2024-6001

8.1
    LADM
Published: December 16, 2024

CVE-2024-37774

8.0
    Sunbird DCIM dcTrack
Published: December 16, 2024

CVE-2024-4762

7.8
    UNKNOWN
Published: December 16, 2024

CVE-2024-55989

7.6
    WP Simple Pay Lite Manager
Published: December 16, 2024

CVE-2024-55990

7.6
    Mollie for Contact Form 7
Published: December 16, 2024

CVE-2024-54283

7.6
    SeedProd LLC SeedProd Pro
Published: December 16, 2024

CVE-2024-54284

7.6
    SeedProd Pro
Published: December 16, 2024

CVE-2024-8058

7.6
    FileZ Client
Published: December 16, 2024

CVE-2024-8798

7.5
    zephyr
Published: December 16, 2024

CVE-2024-54373

7.5
    EduAdmin Booking
Published: December 16, 2024

CVE-2024-54374

7.5
    Sogrid
Published: December 16, 2024

CVE-2024-54375

7.5
    Woolook
Published: December 16, 2024

CVE-2024-54380

7.5
    WP Cookies Enabler
Published: December 16, 2024

CVE-2024-54279

7.5
    WP-NERD Toolkit
Published: December 16, 2024

CVE-2024-54376

7.5
    EazyDocs
Published: December 16, 2024

CVE-2024-11144

7.5
    FTP Server
Published: December 16, 2024

CVE-2024-37775

7.5
    Sunbird DCIM dcTrack
Published: December 16, 2024

CVE-2024-10972

7.3
    Velocidex WinPmem
Published: December 16, 2024

CVE-2024-54385

7.2
    SoftLab Radio Player
Published: December 16, 2024

CVE-2024-55103

7.2
    Online Nurse Hiring System
Published: December 16, 2024

CVE-2024-55104

7.2
    Online Nurse Hiring System
Published: December 16, 2024

CVE-2024-56084

7.1
    Logpoint UniversalNormalizer
Published: December 16, 2024

CVE-2024-56086

7.1
    Logpoint
Published: December 16, 2024

CVE-2024-12644

7.1
    tbm-client from Chunghwa Telecom
Published: December 16, 2024

CVE-2024-54331

7.1
    I Plant A Tree
Published: December 16, 2024

CVE-2024-54332

7.1
    WP Currency Exchange Rates
Published: December 16, 2024

CVE-2024-54353

7.1
    WPGear Hack-Info
Published: December 16, 2024

CVE-2024-54358

7.1
    Avatar 3D Creator
Published: December 16, 2024

CVE-2024-54364

7.1
    Feedpress Generator
Published: December 16, 2024

CVE-2024-54386

7.1
    Push Monkey Pro - Web Push Notifications
    WooCommerce Abandoned Cart
Published: December 16, 2024

CVE-2024-54387

7.1
    Jaytesh Barange Posts Date Ranges
Published: December 16, 2024

CVE-2024-54388

7.1
    Multiple Admin Emails
Published: December 16, 2024

CVE-2024-54389

7.1
    addWeather
Published: December 16, 2024

CVE-2024-54390

7.1
    TagGator
Published: December 16, 2024

CVE-2024-54391

7.1
    WordPress Filter
Published: December 16, 2024

CVE-2024-54392

7.1
    WP微信机器人
Published: December 16, 2024

CVE-2024-54393

7.1
    UNKNOWN
Published: December 16, 2024

CVE-2024-54394

7.1
    Mandrill WP
Published: December 16, 2024

CVE-2024-54395

7.1
    Increase Sociability
Published: December 16, 2024

CVE-2024-54397

7.1
    Go Animate
Published: December 16, 2024

CVE-2024-54398

7.1
    Project Caruso Flaming Forms
Published: December 16, 2024

CVE-2024-54399

7.1
    CRUDLab Google Plus Button
Published: December 16, 2024

CVE-2024-54400

7.1
    AppMaps
Published: December 16, 2024

CVE-2024-54401

7.1
    Turcu Ciprian Advanced Fancybox
Published: December 16, 2024

CVE-2024-54403

7.1
    Visual Recent Posts
Published: December 16, 2024

CVE-2024-54404

7.1
    MDC Comment Toolbar
Published: December 16, 2024

CVE-2024-54405

7.1
    ECT Social Share
Published: December 16, 2024

CVE-2024-54406

7.1
    Comments On Feed
Published: December 16, 2024

CVE-2024-54407

7.1
    UNKNOWN
Published: December 16, 2024

CVE-2024-54409

7.1
    XPD Reduce Image Filesize
Published: December 16, 2024

CVE-2024-54410

7.1
    SOPA Blackout
Published: December 16, 2024

CVE-2024-54411

7.1
    WP Controller
Published: December 16, 2024

CVE-2024-54412

7.1
    Ecommerce Templates ECT Product Carousel
Published: December 16, 2024

CVE-2024-54413

7.1
    Display Future Posts
Published: December 16, 2024

CVE-2024-54414

7.1
    Geoportail Shortcode
Published: December 16, 2024

CVE-2024-54415

7.1
    WP-HideThat
Published: December 16, 2024

CVE-2024-54416

7.1
    Wp Login with Ajax
Published: December 16, 2024

CVE-2024-54420

7.1
    Metrika
Published: December 16, 2024

CVE-2024-54421

7.1
    Floating Video Player
Published: December 16, 2024

CVE-2024-54422

7.1
    Evernote Sync
Published: December 16, 2024

CVE-2024-54423

7.1
    Jesse Overright Social Media Sharing
Published: December 16, 2024

CVE-2024-54424

7.1
    Like in Vk.com
Published: December 16, 2024

CVE-2024-54425

7.1
    LionScripts: Site Maintenance & Noindex Nofollow Plugin
Published: December 16, 2024

CVE-2024-54426

7.1
    LeaderBoard Plugin
Published: December 16, 2024

CVE-2024-54427

7.1
    Linda MacPhee-Cobb Category of Posts
Published: December 16, 2024

CVE-2024-54428

7.1
    Add image to Post
Published: December 16, 2024

CVE-2024-54429

7.1
    Aphorismus
Published: December 16, 2024

CVE-2024-54431

7.1
    Admin Customization
Published: December 16, 2024

CVE-2024-54432

7.1
    WP Flipkart Importer
Published: December 16, 2024

CVE-2024-54433

7.1
    Simple Booking Widget
Published: December 16, 2024

CVE-2024-54434

7.1
    phZoom
Published: December 16, 2024

CVE-2024-54435

7.1
    Onlywire Multi Autosubmitter
Published: December 16, 2024

CVE-2024-54436

7.1
    Jet Footer Code
Published: December 16, 2024

CVE-2024-54437

7.1
    jCarousel
Published: December 16, 2024

CVE-2024-54438

7.1
    GAxx Gaxx Keywords
Published: December 16, 2024

CVE-2024-54439

7.1
    Amazon Product Price
Published: December 16, 2024

CVE-2024-54440

7.1
    WP-Ban-User
Published: December 16, 2024

CVE-2024-56015

7.1
    Tidy Up
Published: December 16, 2024

CVE-2024-54249

7.1
    Jules Colle Advanced Options Editor
Published: December 16, 2024

CVE-2024-54257

7.1
    Molefed
Published: December 16, 2024

CVE-2024-56017

7.1
    Tom Royal Stop Registration Spam
Published: December 16, 2024

CVE-2024-12645

6.5
    topm-client
Published: December 16, 2024

CVE-2024-54083

6.5
    Mattermost
Published: December 16, 2024

CVE-2024-54682

6.5
    Mattermost
Published: December 16, 2024

CVE-2024-54354

6.5
    Termin-Kalender
Published: December 16, 2024

CVE-2024-54360

6.5
    Gutensee
Published: December 16, 2024

CVE-2024-54408

6.5
    Youtube Video Grid
Published: December 16, 2024

CVE-2024-54441

6.5
    Meini Utech World Time
Published: December 16, 2024

CVE-2024-54443

6.5
    Advanced Data Table For Elementor
Published: December 16, 2024

CVE-2024-56001

6.5
    Ksher
Published: December 16, 2024

CVE-2024-56005

6.5
    Posti Shipping
Published: December 16, 2024

CVE-2024-56011

6.5
    Responsive Google Maps by imbaa
Published: December 16, 2024

CVE-2024-54348

6.5
    YayCommerce Brand
Published: December 16, 2024

CVE-2024-12443

6.4
    CRM Perks WordPress HelpDesk Integration plugin
Published: December 16, 2024

CVE-2024-12478

6.3
    InvoicePlane
Published: December 16, 2024

CVE-2024-56112

6.1
    CyberPanel
Published: December 16, 2024

CVE-2024-55996

6.1
    Dreamfox Media Payment gateway per Product for Woocommerce
Published: December 16, 2024

CVE-2024-56085

5.9
    Logpoint
Published: December 16, 2024

CVE-2024-56087

5.9
    LogPoint
Published: December 16, 2024

CVE-2024-54442

5.9
    Better WP Login Page
Published: December 16, 2024

CVE-2024-11358

5.7
    Mattermost Android Mobile Apps
Published: December 16, 2024

CVE-2024-12653

5.5
    Fabulatech
  • Usb Over Network
Published: December 16, 2024

CVE-2024-12654

5.5
    Fabulatech
  • Usb Over Network
Published: December 16, 2024

CVE-2024-12655

5.5
    Fabulatech
  • Usb Over Network
Published: December 16, 2024

CVE-2024-12656

5.5
    Fabulatech
  • Usb Over Network
Published: December 16, 2024

CVE-2024-12657

5.5
    Iobit
  • Advanced Systemcare Ultimate
Published: December 16, 2024

CVE-2024-12658

5.5
    Iobit
  • Advanced Systemcare Ultimate
Published: December 16, 2024

CVE-2024-12659

5.5
    Iobit
  • Advanced Systemcare Ultimate
Published: December 16, 2024

CVE-2024-12660

5.5
    Iobit
  • Advanced Systemcare Ultimate
Published: December 16, 2024

CVE-2024-12661

5.5
    IObit Advanced SystemCare Ultimate
Published: December 16, 2024

CVE-2024-12662

5.5
    Iobit
  • Advanced Systemcare Ultimate
Published: December 16, 2024

CVE-2024-11841

5.4
    Tithe.ly Giving Button WordPress plugin
Published: December 16, 2024

CVE-2024-54356

5.4
    Online Booking & Scheduling Calendar for WordPress by vcita
Published: December 16, 2024

CVE-2024-54418

5.4
    Diversified Technology Corp. DTC Documents
    WPYog
    Gagan Deep Singh DTC Documents
Published: December 16, 2024

CVE-2024-54419

5.4
    Ui Slider Filter By Price
Published: December 16, 2024

CVE-2024-54430

5.4
    EELV Newsletter
Published: December 16, 2024

CVE-2024-55992

5.4
    WooCommerce Basic Ordernumbers
Published: December 16, 2024

CVE-2024-55998

5.4
    Popup Surveys & Polls for WordPress (Mare.io)
Published: December 16, 2024

CVE-2024-56004

5.4
    Easy Site Importer
Published: December 16, 2024

CVE-2024-55554

5.4
    Intrexx Portal Server
Published: December 16, 2024

CVE-2024-55452

5.4
    UJCMS
Published: December 16, 2024

CVE-2024-8116

5.3
    GitLab CE/EE
Published: December 16, 2024

CVE-2024-8650

5.3
    GitLab CE/EE
Published: December 16, 2024

CVE-2024-5333

5.3
    WordPress Events Calendar
Published: December 16, 2024

CVE-2024-9679

5.3
    DLP Extension
Published: December 16, 2024

CVE-2024-54366

5.3
    Vimeography
Published: December 16, 2024

CVE-2024-54417

5.3
    PixProof
Published: December 16, 2024

CVE-2024-55993

5.3
    Job Board Manager
Published: December 16, 2024

CVE-2024-56009

5.3
    Spreadr Woocommerce
Published: December 16, 2024

CVE-2024-55999

5.3
    XML Multilanguage Sitemap Generator
Published: December 16, 2024

CVE-2024-35230

5.3
    GeoServer
Published: December 16, 2024

CVE-2024-9678

4.9
    DLP Extension
Published: December 16, 2024

CVE-2024-54382

4.9
    Bold-Themes
  • Bold Page Builder
Published: December 16, 2024

CVE-2024-48872

4.8
    Mattermost
Published: December 16, 2024

CVE-2024-55100

4.8
    Online Nurse Hiring System
Published: December 16, 2024

CVE-2024-37773

4.8
    Sunbird DCIM dcTrack
Published: December 16, 2024

CVE-2024-37776

4.8
    Sunbird DCIM dcTrack
Published: December 16, 2024

CVE-2024-55451

4.8
    UJCMS
Published: December 16, 2024

CVE-2024-12666

4.7
    Classcms
  • Classcms
Published: December 16, 2024

CVE-2024-12362

4.3
    InvoicePlane
Published: December 16, 2024

CVE-2024-37251

4.3
    Advanced Custom Fields PRO
Published: December 16, 2024

CVE-2024-54355

4.3
    WP Mailster
Published: December 16, 2024

CVE-2024-54384

4.3
    Falcon – WordPress Optimizations & Tweaks
Published: December 16, 2024

CVE-2024-54396

4.3
    Bet sport Free
Published: December 16, 2024

CVE-2024-54402

4.3
    Arabic Webfonts
Published: December 16, 2024

CVE-2024-55994

4.3
    畅言评论系统
Published: December 16, 2024

CVE-2024-56007

4.3
    Ram Segev Leader
Published: December 16, 2024

CVE-2024-54357

4.3
    ThemeFusion Avada
Published: December 16, 2024

CVE-2024-56003

4.3
    Caldera SMTP Mailer
Published: December 16, 2024

CVE-2024-12663

3.7
    Mee-Admin
Published: December 16, 2024

CVE-2024-12667

3.7
    Invoiceplane
  • Invoiceplane
Published: December 16, 2024

CVE-2024-12664

3.5
    Ruifang-Tech
  • Rebuild
Published: December 16, 2024

CVE-2024-12665

3.5
    Ruifang-Tech
  • Rebuild
Published: December 16, 2024

CVE-2024-6002

None
    UNKNOWN
Published: December 16, 2024

CVE-2024-12687

None
    PlexTrac
Published: December 16, 2024

CVE-2024-55949

None
    MinIO
Published: December 16, 2024

CVE-2024-55951

None
    Metabase
Published: December 16, 2024
Click here to see more Vulnerabilities