Tag: 2024-12-18

9 Attack Reports | 138 Vulnerabilities

Attack reports

"Breach Report" from UAC-0099 (CERT-UA#12463)

The Ukrainian CERT-UA investigated cyberattacks by UAC-0099 against government organizations during November-December 2024. The attacks involved emails with malicious attachments, including exploits for CVE-2023-38831. The LONEPAGE program, used for command execution, has evolved to use encrypted f…
powershell
CVE-2023-38831
cloudflare
winrar
lnk files
2024-12-18
lonepage program
Published: December 18, 2024
Downloadable IOCs: 25

A Look Back: The Evolution of Latin American eCrime Malware in 2024

Latin American cybercrime continues to evolve as adversaries refine their tactics and techniques. Key developments in 2024 include the adoption of Rust for improved evasion, consistent use of multi-stage infection chains and malspam campaigns, and evidence of collaboration among threat actors. Nota…
phishing
javascript
rust
banking trojan
information stealer
2024-12-18
nirsoft
Published: December 18, 2024
Downloadable IOCs: 32

Your Data Is Under New Management: The Rise of LummaStealer

LummaStealer, a relatively new information-stealing malware, has gained prominence since 2022 for its ability to collect sensitive data from Windows systems. Marketed as Malware-as-a-Service (MaaS) on underground forums, it targets individuals, cryptocurrency users, and small to medium-sized busine…
phishing
social engineering
python
lummastealer
2024-12-18
malware-as-a-service (maas)
Published: December 18, 2024
Downloadable IOCs: 0

Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

A large-scale fake captcha campaign has been distributing Lumma info-stealer malware through malvertising techniques. The campaign, relying on a single ad network, delivers over 1 million daily ad impressions, causing thousands of daily victims to lose their accounts and money. The malicious activi…
malvertising
powershell
lumma stealer
fake captcha
2024-12-18
Published: December 18, 2024
Downloadable IOCs: 50

Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads

The FLUX#CONSOLE campaign involves a sophisticated tax-themed phishing attack that exploits Microsoft Management Console (MSC) files to deliver a stealthy backdoor payload. Threat actors use tax-related lures to trick users into executing malicious code. The attack leverages MSC files, which are no…
javascript
dll sideloading
lnk files
2024-12-18
dismcore.dll
xmlhttp
Published: December 18, 2024
Downloadable IOCs: 5

ICS Threat Analysis: New Malware Can Kill Engineering Processes

An analysis of a public malware repository reveals a persistent presence of OT/ICS malware, with engineering workstations being a significant target. Two notable clusters were identified: Mitsubishi engineering workstation software infected with the Ramnit worm, and a new experimental malware named…
2024-12-18
ramnit
ics
engineering workstations
ot
siemens
chaya_003
discord c2
process termination
mitsubishi
Published: December 18, 2024
Downloadable IOCs: 20

Effective Phishing Campaign Targeting European Companies and Institutions

A sophisticated phishing operation targeting European automotive, chemical, and industrial manufacturing companies has been uncovered. The campaign, which peaked in June 2024, used HubSpot Free Form Builder and Docusign-enabled PDFs to harvest account credentials and infiltrate Microsoft Azure clou…
phishing
persistence
credential harvesting
redirection
docusign
2024-12-18
microsoft azure
european companies
hubspot
Published: December 18, 2024
Downloadable IOCs: 50

Hacktivists attack Russian organizations using rare RATs

The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside commo…
ransomware
russia
belarus
lockbit
meterpreter
telegram
babuk
spark rat
hacktivist
2024-12-18
revenge rat
data destruction
Published: December 18, 2024
Downloadable IOCs: 0

A Deep Dive into TeamTNT and Spinning YARN

TeamTNT is conducting a crypto mining campaign called Spinning YARN, targeting Docker, Redis, YARN, and Confluence. The attack involves server-side scripting vulnerabilities, obfuscated code, and malware deployment. The malware assesses the environment, disables cloud security, establishes persiste…
linux
obfuscation
xmrig
cloud security
docker
yarn
spinning yarn
confluence
2024-12-18
crypto mining
redis
platypus
Published: December 18, 2024
Downloadable IOCs: 35
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-56050

9.9
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-56052

9.9
    WPLMS
Published: December 18, 2024

CVE-2024-56057

9.9
    WPLMS
Published: December 18, 2024

CVE-2024-21546

9.8
    laravel-filemanager
Published: December 18, 2024

CVE-2024-12287

9.8
    Biagiotti Membership plugin for WordPress
Published: December 18, 2024

CVE-2024-1610

9.8
    OPPO Store APP
Published: December 18, 2024

CVE-2024-4995

9.8
    Wapro ERP Desktop
Published: December 18, 2024

CVE-2024-4996

9.8
    Wapro ERP Desktop
Published: December 18, 2024

CVE-2024-56058

9.8
    VRPConnector
Published: December 18, 2024

CVE-2024-56059

9.8
    Mighty Digital Partners
Published: December 18, 2024

CVE-2023-34990

9.8
    Fortinet FortiWLM
Published: December 18, 2024

CVE-2024-54383

9.8
    WooCommerce PDF Vouchers plugin
Published: December 18, 2024

CVE-2024-55461

9.8
    SeaCMS
Published: December 18, 2024

CVE-2024-56054

9.1
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-12259

8.8
    CRM WordPress Plugin - RepairBuddy
Published: December 18, 2024

CVE-2024-39703

8.8
    ThreatQuotient ThreatQ
Published: December 18, 2024

CVE-2024-47810

8.8
    Foxit Reader
Published: December 18, 2024

CVE-2024-49576

8.8
    Foxit Reader
Published: December 18, 2024

CVE-2024-55088

8.8
    GetSimple CMS CE
Published: December 18, 2024

CVE-2024-56048

8.8
    WPLMS
Published: December 18, 2024

CVE-2024-12692

8.8
    Google Chrome
Published: December 18, 2024

CVE-2024-12694

8.8
    Google Chrome
Published: December 18, 2024

CVE-2024-12695

8.8
    Google Chrome
Published: December 18, 2024

CVE-2024-55506

8.8
    CodeAstro's Complaint Management System
Published: December 18, 2024

CVE-2024-56116

8.8
    Amiro.CMS
Published: December 18, 2024

CVE-2024-55975

8.5
    Dr Affiliate
Published: December 18, 2024

CVE-2024-55983

8.5
    PowerFormBuilder
Published: December 18, 2024

CVE-2024-55984

8.5
    Saksh Escrow System
Published: December 18, 2024

CVE-2024-55985

8.5
    YDS Support Ticket System
Published: December 18, 2024

CVE-2024-56047

8.5
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-56049

8.5
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-56051

8.5
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-56055

8.5
    WPLMS
Published: December 18, 2024

CVE-2024-12432

8.1
    WPC Shop as a Customer for WooCommerce plugin for WordPress
Published: December 18, 2024

CVE-2024-56174

8.1
    Optimizely Configured Commerce
Published: December 18, 2024

CVE-2024-54270

8.1
    Axeptio
Published: December 18, 2024

CVE-2024-12693

8.0
    Google Chrome
Published: December 18, 2024

CVE-2024-47480

7.8
    Dell Inventory Collector Client
Published: December 18, 2024

CVE-2024-12741

7.8
    DAQExpress
Published: December 18, 2024

CVE-2024-49202

7.6
    Keyfactor Command
Published: December 18, 2024

CVE-2024-56053

7.6
    VibeThemes WPLMS
Published: December 18, 2024

CVE-2024-12025

7.5
    Collapsing Categories plugin for WordPress
Published: December 18, 2024

CVE-2024-21547

7.5
    spatie/browsershot
Published: December 18, 2024

CVE-2024-21548

7.5
    Bun
Published: December 18, 2024

CVE-2024-4464

7.5
    Synology Media Server
Published: December 18, 2024

CVE-2024-47397

7.5
    AE1021
Published: December 18, 2024

CVE-2024-11912

7.5
    Travel Booking WordPress Theme theme
Published: December 18, 2024

CVE-2024-56008

7.5
    Spreadr Woocommerce
Published: December 18, 2024

CVE-2024-53270

7.5
    Envoy
Published: December 18, 2024

CVE-2024-53580

7.5
    iperf
Published: December 18, 2024

CVE-2024-56317

7.5
    Matter (connectedhomeip/Project CHIP)
Published: December 18, 2024

CVE-2024-56318

7.5
    Project CHIP
Published: December 18, 2024

CVE-2024-56319

7.5
    Matter (aka connectedhomeip or Project CHIP)
Published: December 18, 2024

CVE-2024-11614

7.4
    DPDK
Published: December 18, 2024

CVE-2024-49363

7.4
    Misskey
Published: December 18, 2024

CVE-2024-53688

7.2
    AE1021 firmware
Published: December 18, 2024

CVE-2024-54457

7.2
    AE1021 Firmware
    AE1021PE Firmware
Published: December 18, 2024

CVE-2024-48889

7.2
    FortiManager
Published: December 18, 2024

CVE-2024-55086

7.2
    GetSimple CMS
Published: December 18, 2024

CVE-2024-36694

7.2
    OpenCart
Published: December 18, 2024

CVE-2024-49677

7.1
    Bootstrap Buttons
Published: December 18, 2024

CVE-2024-51646

7.1
    Saoshyant Element
Published: December 18, 2024

CVE-2024-54350

7.1
    HJYL hmd
Published: December 18, 2024

CVE-2024-56010

7.1
    Device Detector
Published: December 18, 2024

CVE-2024-56016

7.1
    WPTooling Image Mapper
Published: December 18, 2024

CVE-2024-54381

7.1
    Advance Menu Manager
Published: December 18, 2024

CVE-2024-53271

7.1
    Envoy Proxy
Published: December 18, 2024

CVE-2024-39804

7.1
    Microsoft PowerPoint for macOS
Published: December 18, 2024

CVE-2024-41138

7.1
    Microsoft Teams
Published: December 18, 2024

CVE-2024-41145

7.1
    Microsoft Teams (work or school) for macOS
Published: December 18, 2024

CVE-2024-41159

7.1
    Microsoft OneNote
Published: December 18, 2024

CVE-2024-41165

7.1
    Microsoft Word for macOS
Published: December 18, 2024

CVE-2024-42004

7.1
    Microsoft Teams
Published: December 18, 2024

CVE-2024-42220

7.1
    Microsoft Outlook
Published: December 18, 2024

CVE-2024-43106

7.1
    Microsoft Excel for macOS
Published: December 18, 2024

CVE-2024-47104

6.8
    IBM i
Published: December 18, 2024

CVE-2024-45082

6.8
    Ibm
  • Cognos Analytics
Published: December 18, 2024

CVE-2024-12686

6.6
    Beyondtrust
  • Privileged Remote Access
  • Remote Support
Published: December 18, 2024

CVE-2024-12698

6.5
    UNKNOWN
Published: December 18, 2024

CVE-2024-11926

6.5
    Travel Booking WordPress Theme
Published: December 18, 2024

CVE-2024-52485

6.5
    WP Menu Image
Published: December 18, 2024

CVE-2024-55997

6.5
    Order Delivery & Pickup Location Date Time
Published: December 18, 2024

CVE-2024-51470

6.5
    IBM MQ
    IBM MQ Appliance
    IBM MQ for HPE NonStop
Published: December 18, 2024

CVE-2024-11439

6.4
    ScanCircle plugin for WordPress
Published: December 18, 2024

CVE-2024-11748

6.4
    Taeggie Feed plugin for WordPress
Published: December 18, 2024

CVE-2024-11881

6.4
    Easy Waveform Player plugin for WordPress
Published: December 18, 2024

CVE-2024-12500

6.4
    Philantro - Donations and Donor Management plugin for WordPress
Published: December 18, 2024

CVE-2024-12513

6.4
    Contests by Rewards Fuel plugin for WordPress
Published: December 18, 2024

CVE-2024-12449

6.4
    Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress
Published: December 18, 2024

CVE-2024-52579

6.4
    Misskey
Published: December 18, 2024

CVE-2024-11254

6.1
    AMP for WP - Accelerated Mobile Pages plugin for WordPress
Published: December 18, 2024

CVE-2024-56175

6.1
    Optimizely Configured Commerce
Published: December 18, 2024

CVE-2024-12454

6.1
    SliceWP Affiliates plugin for WordPress
Published: December 18, 2024

CVE-2024-55492

6.1
    Winmail Server
Published: December 18, 2024

CVE-2024-56115

6.1
    Amiro.CMS
Published: December 18, 2024

CVE-2024-47119

5.9
    IBM Storage Defender - Resiliency Service
Published: December 18, 2024

CVE-2024-56140

5.9
    Astro
Published: December 18, 2024

CVE-2024-52361

5.7
    IBM Storage Defender - Resiliency Service
Published: December 18, 2024

CVE-2024-10892

5.4
    Cost Calculator Builder WordPress plugin
Published: December 18, 2024

CVE-2024-12554

5.4
    Peter’s Custom Anti-Spam plugin for WordPress
Published: December 18, 2024

CVE-2024-25042

5.4
    Ibm
  • Cognos Analytics
Published: December 18, 2024

CVE-2024-41752

5.4
    Ibm
  • Cognos Analytics
Published: December 18, 2024

CVE-2024-55232

5.4
    PHPGurukul Online Notes Sharing Management System
Published: December 18, 2024

CVE-2024-55239

5.4
    Portabilis i-Educar
Published: December 18, 2024

CVE-2024-12250

5.3
    Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress
Published: December 18, 2024

CVE-2024-56170

5.3
    Fort
Published: December 18, 2024

CVE-2024-11295

5.3
    Simple Page Access Restriction plugin for WordPress
Published: December 18, 2024

CVE-2024-11291

5.3
    Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress
Published: December 18, 2024

CVE-2024-56128

5.3
    Apache Kafka
Published: December 18, 2024

CVE-2024-45338

5.3
    Go programming language
Published: December 18, 2024

CVE-2024-50570

5.0
    FortiClientWindows
    FortiClientLinux
Published: December 18, 2024

CVE-2022-40732

5.0
    Windows 11
    Windows Server 2022
Published: December 18, 2024

CVE-2022-40733

5.0
    Windows 11
    Windows Server 2022
Published: December 18, 2024

CVE-2024-56173

4.7
    Optimizely Configured Commerce
Published: December 18, 2024

CVE-2024-37649

4.6
    SecureSTATION
Published: December 18, 2024

CVE-2024-53269

4.5
    Envoy Proxy
Published: December 18, 2024

CVE-2023-50956

4.4
    IBM Storage Defender - Resiliency Service
Published: December 18, 2024

CVE-2024-12061

4.3
    Elementor Events Addon plugin for WordPress
Published: December 18, 2024

CVE-2024-12596

4.3
    LifterLMS plugin for WordPress
Published: December 18, 2024

CVE-2024-12340

4.3
    Animation Addons for Elementor plugin for WordPress
Published: December 18, 2024

CVE-2024-49201

4.3
    Keyfactor Remote File Orchestrator
Published: December 18, 2024

CVE-2024-55231

4.3
    PHPGurukul Online Notes Sharing Management System
Published: December 18, 2024

CVE-2024-56169

None
    Fort
Published: December 18, 2024

CVE-2024-12371

None
    Rockwell Automation Power Monitor 1000
Published: December 18, 2024

CVE-2024-12372

None
    Rockwell Automation Power Monitor 1000
Published: December 18, 2024

CVE-2024-12373

None
    Rockwell Automation Power Monitor 1000
Published: December 18, 2024

CVE-2024-55089

None
    Rhymix
Published: December 18, 2024

CVE-2024-47038

None
    UNKNOWN
Published: December 18, 2024

CVE-2024-47039

None
    UNKNOWN
Published: December 18, 2024

CVE-2024-47040

None
    UNKNOWN
Published: December 18, 2024

CVE-2024-55952

None
    DataEase
Published: December 18, 2024

CVE-2024-55953

None
    DataEase
Published: December 18, 2024

CVE-2024-52590

None
    Misskey
Published: December 18, 2024

CVE-2024-52591

None
    Misskey
Published: December 18, 2024

CVE-2024-52592

None
    Misskey
Published: December 18, 2024

CVE-2024-52593

None
    Misskey
Published: December 18, 2024

CVE-2024-56145

None
    Craft CMS
Published: December 18, 2024

CVE-2024-55505

None
    CodeAstro Complaint Management System
Published: December 18, 2024
Click here to see more Vulnerabilities