ALERTS SEPTEMBER 2024 HOME AI APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
2024 March(16) April(92) May(99) June(94) July(88) August(112) SEPTEMBER(67) October(13) November(80) December(6) 2025 January(36) February(50) March(51)
| DATE | NAME | CATEGORY | SUBCATE | INFO |
| 28.09.24 | CVE-2024-8190 - Ivanti Cloud Service Appliance Command Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-8190 is a high severity (CVSS score 7.2) OS Command Injection vulnerability affecting Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 or older. |
| 28.09.24 | Vidar malware spreads via PEC Mail and Telegram profiles | ALERTS | VIRUS | CERT-AGID has identified a new campaign distributing Vidar through PEC mailboxes. |
| 28.09.24 | Louse APT Group launches malware campaign targeting Chinese entities | ALERTS | APT | The Louse APT group (also known as Patchwork and Dropping Elephant) has reportedly launched a malware campaign targeting Chinese entities. |
| 27.09.24 | Malspam campaign targeting transportation industry | ALERTS | CAMPAIGN | Researchers have recently disclosed a malspam campaign targeting organizations in the transportation industry. |
| 27.09.24 | SloppyLemming: Phishing campaigns targeting South and East Asia organizations | ALERTS | CAMPAIGN |
Reports indicate that a
threat actor known as SloppyLemming has been actively targeting
organizations in South and East Asia, particularly in Pakistan and
Bangladesh. This actor employs open-source adversary emulation frameworks such as Cobalt Strike and Havoc. |
| 27.09.24 | New DragonForce ransomware variant targets Global Industries with LockBit and Conti modifications | ALERTS | RANSOM |
New variants of
DragonForce ransomware, featuring modified versions of LockBit and Conti,
have been observed targeting the manufacturing, real estate, and transportation industries worldwide. |
| 27.09.24 | Twelve attack group aims to destroy | ALERTS | HACKING | Established in 2023 in response to the Russian-Ukrainian conflict, the attack group known as Twelve has been observed targeting Russian government organizations. |
| 27.09.24 | New KLogExe and FPSpy | ALERTS | VIRUS | New keylogger malware KLogExe and backdoor variant FPSpy have been used by Sparkling Pisces (aka Kimsuky, THALLIUM, Velvet Chollima) threat group. |
| 25.09.24 | Foxtrot Ransomware - a new MedusaLocker variant | ALERTS | RANSOM | Foxtrot is a latest ransomware variant from the MedusaLocker family. The malware encrypts user files and appends .foxtrot70 to them. |
| 25.09.24 | PDiddySploit Trojan Malware | ALERTS | VIRUS | A recent research study has revealed that the scandal surrounding Sean 'Diddy' Combs, also known as P. Diddy, has been exploited. |
| 25.09.24 | Turkey and Bulgaria Targeted in Remcos RAT Attacks | ALERTS | VIRUS | Symantec has recently observed two ongoing Remcos RAT campaigns from the same actor, targeting companies in Bulgaria and Turkey. |
| 25.09.24 | Nanocore RAT Spreads Through Fake XLS Invoice | ALERTS | VIRUS |
Nanocore RAT was highly
prevalent many years ago and since has drastically dwindled but some
groups and individuals continue to leverage this remote access trojan in their campaigns. |
| 25.09.24 | SnipBot - a new variant of the RomCom malware | ALERTS | VIRUS | Researchers from Palo Alto reported on a new variant of the RomCom malware dubbed SnipBot. |
| 25.09.24 | New Octo2 mobile malware variant observed in the wild | ALERTS | VIRUS | New variant of the Octo Android malware dubbed Octo2 has been identified in the wild. |
| 24.09.24 | SectopRAT malware masqueraded as Notion installer in a recent distribution campaign | ALERTS | VIRUS | A new campaign spreading SectopRAT malware has been identified in the wild. |
| 24.09.24 | Android Malware: Necro Trojan | ALERTS | VIRUS | The latest version of the Necro Trojan has infected various popular applications, including game mods available on Google Play, affecting over 11 million Android devices. |
| 24.09.24 | Earth Baxia: Targeting Asia-Pacific region by exploiting GeoServer vulnerability | ALERTS | CAMPAIGN | According to a recent report from Trend Micro, the threat actor known as Earth Baxia has been targeting government, telecommunications, and energy organizations in the Asia-Pacific region through spear-phishing emails and the exploitation of the GeoServer vulnerability CVE-2024-36401. |
| 24.09.24 | SambaSpy malware targeting Italian users | ALERTS | VIRUS |
SambaSpy RAT has been
distributed in a new malicious campaign targeting users from Italy. The
campaign has several stages within it's infection chain and is leveraging either malware downloaders or droppers depending on the observed run. |
| 24.09.24 | Go Injector Campaign Deploys Lumma Stealer | ALERTS | VIRUS | Researchers have identified a campaign using Go Injector to deploy Lumma Stealer, a malware designed to steal sensitive information. |
| 20.09.24 | North Korean APT group Appleworm delivers PondRAT via poisoned Python packages | ALERTS | APT | An ongoing campaign involving poisoned Python packages delivering backdoors for Linux and macOS, dubbed PondRAT, has been reported. |
| 20.09.24 | New campaign targets GitHub users with Lumma Stealer malware via phishing emails | ALERTS | CAMPAIGN | CERT-AGID has reported a new campaign delivering Lumma Stealer malware. |
| 18.09.24 | New variant of the Gomorrah Stealer identified in the wild | ALERTS | VIRUS | A new variant of the infostealing malware known as Gomorrah Stealer has been identified in the wild. |
| 17.09.24 | Fireant (APT31) unveils new tools in recent campaign against Asia-Pacific government entities | ALERTS | APT | The China-linked threat actor known as Fireant (also referred to as Mustang Panda or APT31) has recently been observed using new tools, including PUBLOAD, FDMTP, and PTSOCKET, in espionage attacks targeting government entities in the Asia-Pacific region. |
| 17.09.24 | Ajina mobile banking trojan | ALERTS | VIRUS | Ajina is a recently identified mobile banking trojan variant heavily targeting the Central Asia region. |
| 17.09.24 | Stealthy malware targets US-Taiwan Defense Industry conference attendees | ALERTS | VIRUS | A malware campaign targeting entities linked to the upcoming US-Taiwan Defense Industry Conference has been reported. |
| 13.09.24 | Mekotio and Mispadu malware distributed during Gecko Assault campaign | ALERTS | VIRUS | A new malicious campaign dubbed Gecko Assault has been reported by the researchers from SCILabs. |
| 13.09.24 | AutoIt-based credential flusher leveraged alongside StealC infostealer | ALERTS | VIRUS | A new campaign delivering the StealC infostealer malware has been observed in the wild. |
| 13.09.24 | Hadooken - Linux malware targeting Weblogic servers | ALERTS | VIRUS | Hadooken is a new Linux malware variant targeting Oracle Weblogic servers. |
| 13.09.24 | ShrinkLocker Ransomware: Leveraging BitLocker for encryption and system disruption | ALERTS | RANSOM | ShrinkLocker is a recently discovered ransomware that exploits BitLocker, a legitimate Windows feature, to encrypt data and lock users out of their systems. |
| 13.09.24 | New Phishing Campaign Exploiting CapCut | ALERTS | PHISHING | CapCut, a popular video editor, is being exploited in phishing attacks. The latest campaign involves a malicious package that includes a legitimate CapCut app, JamPlus build utility, and a harmful ".lua" script.. |
| 13.09.24 | Veaty and Spearal: Emerging malware in recent campaign against Iraqi Government | ALERTS | VIRUS | A new malware family, Veaty and Spearal, has been reported by Check Point, a CTA member, as being used in a campaign targeting Iraqi government infrastructure. |
| 13.09.24 | Yet Another Silly Stealer (YASS) Infostealer | ALERTS | VIRUS | A new infostealer, being referred to as 'Yet Another Silly Stealer' (YASS), has been observed. While it shares some features with CryptBot, YASS also has distinct characteristics. |
| 13.09.24 | BLX (aka XLABB) Stealer activity | ALERTS | VIRUS | BLX Stealer known also as XLABB Stealer is a malware variant initially discovered back last year. New activity attributed to this infostealer has been observed in the wild. |
| 13.09.24 | SEO manipulation leveraged for PlugX and BadIIS malware delivery | ALERTS | VIRUS | A new malicious campaign attributed to the DragonRank threat group has been discovered by researchers from Cisco Talos. |
| 13.09.24 | Ransomware activity surge observed in second quarter of 2024 | ALERTS | RANSOM | Ransomware activity increased markedly in the second quarter of 2024 as attackers seemingly recovered their momentum following the disruption experienced in late 2023 and early 2024. |
| 13.09.24 | Linux SSH servers targeted by new SuperShell malware variant | ALERTS | VIRUS | SuperShell malware variant has been observed in a recent campaign targeted at vulnerable or otherwise misconfigured Linux SSH servers. |
| 13.09.24 | ScRansom Ransomware | ALERTS | RANSOM | Researchers have found that the CosmicBeetle group is now using a new ransomware dubbed ScRansom, replacing their old Scarab ransomware. |
| 13.09.24 | VSCode abused by Chinese APT group | ALERTS | APT | Stately Taurus, a Chinese APT group that carries out cyber-espionage attacks, has abused Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. |
| 13.09.24 | New variant of Cicada3301 ransomware found in the wild | ALERTS | RANSOM | According to a recent report from Palo Alto, Repellent Scorpius is a new ransomware-as-a-service (RaaS) group responsible for the delivery of a ransomware variant dubbed Cicada3301. The threat actors have been observed to leverage a variety of Living-Off-the-Land (LOTL) tools in their attacks. |
| 13.09.24 | Mekotio and BBTok malware remain active among the banking trojans targeting LATAM | ALERTS | VIRUS | Mekotio and BBTok malware variants remain active among the banking trojan families distributed lately across the Latin America region. |
| 13.09.24 | Threat actors spoof An Post Ireland services to steal credentials | ALERTS | CRIME | Symantec has identified a new wave of phishing attacks that impersonate An Post Ireland services to steal credentials. |
| 13.09.24 | SpyAgent: Mobile malware stealing cryptocurrency wallets through image scanning | ALERTS | VIRUS | A new mobile malware called SpyAgent has been identified targeting mnemonic keys by scanning for images on your device that might contain them. |
| 13.09.24 | Emerging Loki Backdoor variant employs Mythic Framework and Havoc Techniques | ALERTS | VIRUS | A new version of the Loki backdoor has been discovered targeting Russian organizations. |
| 11.09.24 | Latrodectus campaign impersonates Antivirus software to deploy remote payloads | ALERTS | CAMPAIGN | A campaign deploying Latrodectus malware, disguised as a legitimate antivirus vendor, has been reported. |
| 11.09.24 | CVE-2024-45195: Remote Code Execution (RCE) vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-45195 is a high-severity (CVSS: 7.5) Remote Code Execution (RCE) vulnerability in Apache OFBiz, a comprehensive suite of business applications. |
| 11.09.24 | Ongoing exploitation of CVE-2024-36401 in OSGeo GeoServer GeoTools | ALERTS | VULNEREBILITY | Multiple campaigns are exploiting a recently disclosed security flaw in OSGeo GeoServer GeoTools. The vulnerability, identified as CVE-2024-36401 (with a CVSS score of 9.8), is a critical remote code execution bug that allows malicious actors to take control of affected instances. |
| 11.09.24 | TIDRONE activities in Taiwan | ALERTS | GROUP | In recent news, the TIDRONE group has been targeting Taiwan's military and satellite industries, focusing on drone manufacturers. |
| 11.09.24 | Babylon open-source RAT targets Malaysia | ALERTS | VIRUS | Babylon RAT is an open-source malware variant recently distributed to users in Malaysia. |
| 11.09.24 | ToneShell Backdoor Targets IISS Summit | ALERTS | VIRUS | A cyber espionage campaign involving the ToneShell backdoor, attributed to Mustang Panda, has been reported targeting attendees of the 2024 IISS Defense Summit in Prague. |
| 11.09.24 | BlindEagle strikes Colombia's Insurance sector with Quasar RAT variant | ALERTS | VIRUS | BlindEagle, an advanced persistent threat actor, has been observed targeting Colombia’s insurance sector with the BlotchyQuasar Remote Access Trojan (RAT). |
| 06.09.24 | Tropic Trooper unleashes new China Chopper variant and Crowdoor loader | ALERTS | APT | Tropic Trooper, a Chinese-speaking APT group, has been reported targeting Middle Eastern government entities in a cyber espionage campaign. |
| 06.09.24 | Spammers abusing uncommon TLDs | ALERTS | SPAM | Symantec has recently observed a new phishing campaign being delivered from recently created domains designed to steal credentials and/or banking information. |
| 06.09.24 | Formbook Targets Global Sectors with Fake RFQ from Chemical-Oil Joint Venture | ALERTS | VIRUS | Symantec has recently observed a Formbook actor impersonating a major joint venture between a global chemical company based in Germany and a national oil and gas company from Malaysia. In this malicious email campaign, they're targeting companies across multiple countries and various industry sectors, including: |
| 06.09.24 | Acab Infostealer | ALERTS | VIRUS | Acab is a Python-based infostealing malware variant recently observed in the wild. The malware shows some code similarities to another variant known as 1312 Stealer. |
| 06.09.24 | CVE-2024-5932 - GiveWP WordPress Plugin vulnerability | ALERTS | VULNEREBILITY | CVE-2024-5932 is a recently disclosed vulnerability affecting GiveWP plugin, which is a Donation and Fundraising Platform plugin for WordPress. |
| 06.09.24 | MacroPack generated payloads distributed in latest campaigns | ALERTS | CAMPAIGN | A payload generation framework called MacroPack has been leveraged to create miscellaneous payloads in a series of malicious activities recently observed by the researchers from Cisco Talos. |
| 06.09.24 | KTLVdoor backdoor leveraged by the Funnelweb APT | ALERTS | VIRUS | A new Golang-based backdoor dubbed KTLVdoor has been discovered by researchers from Trend Micro. |
| 06.09.24 | SLOW#TEMPEST campaign targets Chinese entities | ALERTS | CAMPAIGN | A recently identified malware campaign named SLOW#TEMPEST was uncovered targeting Chinese entities. |
| 06.09.24 | Latrodectus 1.4: New version unveiled with advanced capabilities | ALERTS | VIRUS | A newer version of the Latrodectus downloader has been observed, featuring enhancements like a new string deobfuscation method, a revised C2 endpoint, and two additional backdoor commands. |
| 05.09.24 | Emansrepo infostealer | ALERTS | VIRUS | Researchers from Fortinet reported on a new Python-based infostealer variant dubbed Emansrepo. |
| 05.09.24 | Zharkbot malware | ALERTS | VIRUS | Zharkbot is a C++based malware loader variant being dropped by Amadey trojan in some recently observed campaigns. |
| 05.09.24 | CVE-2024-24809 & CVE-2024-31214 vulnerabilities affecting Traccar 5 | ALERTS | VULNEREBILITY | CVE-2024-24809 and CVE-2024-31214 are recently disclosed vulnerabilities affecting Traccar 5 which is an open-source GPS tracking system. |
| 05.09.24 | CVE-2024-22319 - JNDI Injection Vulnerability in IBM Operational Decision Manager | ALERTS | VULNEREBILITY | CVE-2024-22319 is a critical (CVSS: 9.8) JNDI injection vulnerability in IBM Operational Decision Manager. |
| 05.09.24 | Stone Wolf campaign targets Russian firms with Meduza Stealer malware | ALERTS | CAMPAIGN | A malicious campaign by the Stone Wolf threat actor targeting Russian firms has been reported. |
| 05.09.24 | WailingCrab: A WikiLoader variant exploiting VPN Spoofs | ALERTS | VIRUS | A recent report from Palo Alto reveals that WailingCrab, a variant of WikiLoader, is being distributed through SEO poisoning and spoofed GlobalProtect VPN software. |
| 05.09.24 | Luxy Infostealer | ALERTS | VIRUS | Luxy is a recently discovered malware variant with both infostealing and ransomware capabilities. |
| 05.09.24 | Cybercriminals Target Malaysia’s Digital Lifestyle with SpyNote | ALERTS | VIRUS | Around the world, E-commerce (shopping), service-oriented (food delivery, ride-hailing, and on-demand services), digital payment and deal aggregator android applications are highly popular. |
| 05.09.24 | CVE-2024-7593 - Ivanti Virtual Traffic Manager (vTM) Authentication Bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-7593 is a critical (CVSS score 9.8) XML authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM). |
| 05.09.24 | RAZR Ransomware | ALERTS | RANSOM | RAZR is a recently identified ransomware variant that abuses web hosting service called PythonAnywhere for hosting the malicious binaries. |