January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(186) October(0) November(0) December(0) | BATTLEFIELD UKRAINE
DATE | NAME | CATEGORY |
SUBCATE |
INFO |
|
28.12.24 | Skuld Infostealer malware continues to target developers via npm registry | ALERTS | VIRUS | A malware campaign deploying the Skuld infostealer via the npm registry has been reported, targeting developers with ambiguous packages. |
|
28.12.24 | Gosar - a new Golang-based variant of Quasar backdoor | ALERTS | VIRUS | Gosar is a recently identified Golang-based variant of the Quasar backdoor. The malware is spread in campaigns leveraging .MSI installer files disguised as legitimate software packages (such as Telegram or Opera). |
|
28.12.24 | Latest XWorm distribution campaign targets the hospitality sector | ALERTS | VIRUS | A new campaign distributing the XWorm commodity malware has been reported in the wild. The attack targets the hospitality sector in the UK. |
|
28.12.24 | Recent I2PRAT malware variant leverages anonymous peer-to-peer network communication | ALERTS | VIRUS | The latest I2PRAT malware variant has been observed to leverage I2P anonymous peer-to-peer network for the purpose of C2 communication. |
|
28.12.24 | CVE-2024-12856 | VULNEREBILITY | VULNEREBILITY | The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. |
|
28.12.24 | OtterCookie | MALWARE | JavaScript | OtterCookie, a new malware used by Contagious Interview |
|
28.12.24 | Cloud Atlas | GROUP | GROUP | Cloud Atlas seen using a new tool in its attacks |
|
28.12.24 | CVE-2024-3393 | VULNEREBILITY | VULNEREBILITY | CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet |
|
28.12.24 | CAPSAICIN | BOTNET | BOTNET | Botnets Continue to Target Aging D-Link Vulnerabilities |
|
28.12.24 | CVE-2024-52046 | VULNEREBILITY | VULNEREBILITY | The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. |
|
26.12.24 | CVE-2024-47146 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. |
|
26.12.24 | CVE-2024-52324 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. |
|
26.12.24 | CVE-2024-48874 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. |
|
26.12.24 | CVE-2024-46874 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. |
|
26.12.24 | CVE-2024-47791 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. |
|
26.12.24 | CVE-2024-45722 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. |
|
26.12.24 | CVE-2024-47043 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. |
|
26.12.24 | CVE-2024-51727 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. |
|
26.12.24 | CVE-2024-42494 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services |
|
26.12.24 | CVE-2024-47547 | VULNEREBILITY | VULNEREBILITY | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. |
|
26.12.24 | CVE-2024-45387 | VULNEREBILITY | VULNEREBILITY | An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. |
|
26.12.24 | BellaCPP | MALWARE | Malware | BellaCPP: Discovering a new BellaCiao variant written in C++ |
|
26.12.24 | CVE-2021-44207 | VULNEREBILITY | VULNEREBILITY | Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. |
|
26.12.24 | CVE-2024-50379 | VULNEREBILITY | VULNEREBILITY | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). |
|
26.12.24 | CVE-2024-56337 | VULNEREBILITY | VULNEREBILITY | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. |
|
26.12.24 | FlowerStorm | PHISHING | PHAAS | Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces |
|
22.12.24 | HeartCrypt | MALWARE | Crypto | HeartCrypt was originally discovered through underground forums and reported by security researchers in February and March 2024. During HeartCrypt's eight months of operation, it has been used to pack over 2,000 malicious payloads, involving roughly 45 different malware families. |
|
22.12.24 | WezRat | MALWARE | RAT | The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). WezRat can execute commands, take screenshots, upload files, perform keylogging, and steal clipboard content and cookie files. |
| 21.12.24 | CookiePlus Malware | MALWARE | Backdoor | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware |
| 21.12.24 | 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged | BOTNET | BOTNET | On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. |
| 21.12.24 | cShell DDoS Bot Attack | HACKING | HACKING | ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. The threat actor initially targeted poorly managed SSH services and ultimately installed a DDoS bot named cShell. cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks. |
| 21.12.24 | CVE-2023-48788 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability |
| 21.12.24 | CVE-2021-44529 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability |
| 21.12.24 | CVE-2019-7256 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 10.0) - Nice Linear eMerge E3-Series OS Command Injection Vulnerability |
| 21.12.24 | CVE-2024-12356 | VULNEREBILITY | VULNEREBILITY | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability |
| 21.12.24 | CVE-2024-12727 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. |
| 21.12.24 | CVE-2024-12728 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) cluster initialization that remains active even after the HA establishment process completed, thereby exposing an account with privileged access if SSH is enabled. |
| 21.12.24 | CVE-2024-12729 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.8) - A post-auth code injection vulnerability in the User Portal that allows authenticated users to gain remote code execution. |
| 21.12.24 | CVE-2023-48782 | VULNEREBILITY | VULNEREBILITY | (CVSS score: 8.8), an authenticated command injection flaw that has also been fixed in FortiWLM 8.6.6, to obtain remote code execution in the context of root. |
| 21.12.24 | CVE-2023-34990 | VULNEREBILITY | VULNEREBILITY | [FortiWLM] Unauthenticated limited file read vulnerability |
| 18.12.24 | HubPhish | CAMPAIGN | Phishing | Effective Phishing Campaign Targeting European Companies and Organizations |
| 18.12.24 | CVE-2024-53677 | VULNEREBILITY | VULNEREBILITY | File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. |
| 18.12.24 | Earth Koshchei | APT | APT | Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks |
| 18.12.24 | CVE-2024-12356 | VULNEREBILITY | VULNEREBILITY | A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. |
| 18.12.24 | CryptoRom | SPAM | SPAM | Sha zhu pan scam uses AI chat tool to target iPhone and Android users |
| 18.12.24 | DarkGate | MALWARE | RAT | Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion |
| 18.12.24 | FLUX#CONSOLE | MALWARE | Backdoor | Analyzing FLUX#CONSOLE: Using Tax-Themed Lures, Threat Actors Exploit Windows Management Console to Deliver Backdoor Payloads |
| 17.12.2024 | TA397 | GROUP | GROUP | Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar. |
| 17.12.2024 | BITTER APT | APT | APT | BITTER APT Targets Chinese Government Agency |
| 17.12.2024 | WmRAT | MALWARE | RAT | Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] , which had not been discovered before. Forcepoint named it "BITTER" based on the network communication headers of the remote access tool (RAT) used by the group. In the same year, QiAnXin Threat Intelligence Center discovered a related attack in China and named it "Manlinghua". |
| 17.12.2024 | MiyaRAT | MALWARE | RAT | Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets |
| 17.12.2024 | CoinLurker | MALWARE | STEALER | CoinLurker: The Stealer Powering the Next Generation of Fake Updates |
| 17.12.2024 | Mask APT | APT | APT | Careto is back: what’s new after 10 years of silence? |
| 17.12.2024 | CVE-2024-20767 | VULNEREBILITY | CVE | (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 2024) |
| 17.12.2024 | CVE-2024-35250 | VULNEREBILITY | CVE | (CVSS score: 7.8) - Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 2024) |
| 17.12.2024 | DrayTek Routers | EXPLOIT | EXPLOIT | DrayTek Routers Exploited in Massive Ransomware Campaign: Analysis and Recommendations |
| 16.12.2024 | DeceptionAds | CAMPAIGN | MALWARETISING | “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising |
| 16.12.2024 | NoviSpy | MALWARE | ANDROID | “A Digital Prison”: Surveillance and the suppression of civil society in Serbia |
| 16.12.2024 | Glutton | MALWARE | BACKDOOR | Glutton: A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals |
| 16.12.2024 | Melofee | MALWARE | BACKDOOR | New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9 |
| 16.12.2024 | BADBOX | BOTNET | BOTNET | BADBOX Botnet Is Back |
| 14.12.2024 | Yokai | MALWARE | BACKDOOR | New Yokai Side-loaded Backdoor Targets Thai Officials |
| 14.12.2024 | NodeLoader | MALWARE | LOADER | NodeLoader Exposed: The Node.js Malware Evading Detection |
| 14.12.2024 | MUT-1244 | GROUP | GROUP | Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials |
| 13.12.2024 | CVE-2024-54143 | VULNEREBILITY | CVE | openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. |
| 13.12.2024 | IOCONTROL | MALWARE | IoT | Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices. |
| 13.12.2024 | PUMAKIT | MALWARE | ROOTKIT | PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. |
| 12.12.2024 | BoneSpy | MALWARE | ANDROID | Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
| 12.12.2024 | PlainGnome | MALWARE | ANDROID | Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT |
| 12.12.2024 | Gamaredon | GROUP | APT | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. |
| 12.12.2024 | CVE-2024-44131 | VULNEREBILITY | CVE | Unauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackers |
| 12.12.2024 | CVE-2024-11972 | VULNEREBILITY | CVE | Unauthorized Plugin Installation/Activation in Hunk Companion |
| 11.12.2024 | Secret Blizzard | GROUP | GROUP | Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine |
| 11.12.2024 | Kazuar | MALWARE | BACKDOOR | Upgraded Kazuar Backdoor Offers Stealthy Power |
| 11.12.2024 | Windows UI Automation | HACKING | HACKING | Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation |
| 11.12.2024 | Microsoft Azure MFA Bypass | VULNEREBILITY | CVE | Oasis Security Research Team Discovers Microsoft Azure MFA Bypass |
| 11.12.2024 | Zloader’s | MALWARE | TROJAN | Inside Zloader’s Latest Trick: DNS Tunneling |
| 11.12.2024 | EagleMsgSpy | MALWARE | SPYWARE | Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus |
| 11.12.2024 | Rakshasa | APT | APT | Likely China-based Attackers Target High-profile Organizations in Southeast Asia |
| 11.12.2024 | CVE-2024-11639 | VULNEREBILITY | CVE | (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access |
| 11.12.2024 | CVE-2024-11772 | VULNEREBILITY | CVE | (CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution |
| 11.12.2024 | CVE-2024-11773 | VULNEREBILITY | CVE | (CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements |
| 11.12.2024 | CVE-2024-11633 | VULNEREBILITY | CVE | (CVSS score: 9.1) - An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 that allows a remote authenticated attacker with admin privileges to achieve remote code execution |
| 11.12.2024 | CVE-2024-11634 | VULNEREBILITY | CVE | (CVSS score: 9.1) - A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with admin privileges to achieve remote code execution |
| 11.12.2024 | CVE-2024-8540 | VULNEREBILITY | CVE | (CVSS score: 8.8) - An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows a local authenticated attacker to modify sensitive application components |
| 10.12.2024 | CVE-2024-55956 | VULNEREBILITY | CVE | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. |
| 10.12.2024 | Antidot | MALWARE | BANKING | AppLite: A New AntiDot Variant Targeting Mobile Employee Devices |
| 10.12.2024 | Operation Digital Eye | OPERATION | APT | Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels |
| 10.12.2024 | Operation Soft Cell | OPERATION | APT | Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers |
| 10.12.2024 | Operation Tainted Love | OPERATION | APT | Operation Tainted Love | Chinese APTs Target Telcos in New Attacks |
| 09.12.2024 | Drops Zbot | CAMPAIGN | RANSOMWARE | Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware |
| 09.12.2024 | Socks5Systemz | BOTNET | BOTNET | PROXY.AM Powered by Socks5Systemz Botnet |
| 07.12.2024 | Realst | MALWARE | STEALER | Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows |
| 06.12.2024 | Pegasus | MALWARE | MOBILE | iVerify Mobile Threat Investigation Uncovers New Pegasus Samples |
| 06.12.2024 | Exploiting ML Clients and “Safe” Model Formats | AI | Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats | |
| 06.12.2024 | CVE-2024-27132 | VULNEREBILITY | CVE | (CVSS score: 7.2) - An insufficient sanitization issue in MLflow that leads to a cross-site scripting (XSS) attack when running an untrusted recipe in a Jupyter Notebook, ultimately resulting in client-side remote code execution (RCE) |
| 06.12.2024 | CVE-2024-6960 | VULNEREBILITY | CVE | (CVSS score: 7.5) - An unsafe deserialization issue in H20 when importing an untrusted ML model, potentially resulting in RCE |
| 06.12.2024 | CVE-2023-5245 | VULNEREBILITY | CVE | (CVSS score: 7.5) - A path traversal issue in MLeap when loading a saved model in zipped format can lead to a Zip Slip vulnerability, resulting in arbitrary file overwrite and potential code execution |
| 06.12.2024 | Venom | MALWARE | LOADER | Unveiling RevC2 and Venom Loader |
| 06.12.2024 | GammaDrop | MALWARE | DROPPER | BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure |
| 06.12.2024 | DroidBot | MALWARE | ANDROID | DroidBot: Insights from a new Turkish MaaS fraud operation |
| 06.12.2024 | CVE-2024-41713 | VULNEREBILITY | CVE | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. |
| 05.12.2024 | MOONSHINE | EXPLOIT | EXPLOIT KIT | MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks |
| 05.12.2024 | Earth Kasha Spear | CAMPAIGN | PHISHING | Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 |
| 05.12.2024 | CVE-2024-51378 | VULNEREBILITY | CVE | (CVSS score: 10.0) - An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property |
| 05.12.2024 | CVE-2023-45727 | VULNEREBILITY | CVE | (CVSS score: 7.5) - An improper restriction of XML External Entity (XXE) reference vulnerability that could allow a remote, unauthenticated attacker to conduct an XXE attack |
| 05.12.2024 | CVE-2024-11680 | VULNEREBILITY | CVE | (CVSS score: 9.8) - An improper authentication vulnerability that allows a remote, unauthenticated attacker to create accounts, upload web shells, and embed malicious JavaScript |
| 05.12.2024 | CVE-2024-11667 | VULNEREBILITY | CVE | (CVSS score: 7.5) - A path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL |
| 04.12.2024 | Snowblind | APT | APT | Snowblind: The Invisible Hand of Secret Blizzard |
| 04.12.2024 | Secret Blizzard | CAMPAIGN | ESPIONAGE | Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage |
| 04.12.2024 | CVE-2024-42448 | VULNEREBILITY | CVE | From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. |
| 04.12.2024 | CVE-2024-10905 | VULNEREBILITY | CVE | IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. |
| 04.12.2024 | ANY.RUN | EXPLOIT | EXPLOIT | The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox |
| 03.12.2024 | CVE-2014-2120 | VULNEREBILITY | CVE | Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. |
| 03.12.2024 | CVE-2024-5921 | VULNEREBILITY | CVE | (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, and Linux that allows the app to be connected to arbitrary servers, leading to the deployment of malicious software (Addressed in version 6.2.6 for Windows) |
| 03.12.2024 | CVE-2024-29014 | VULNEREBILITY | CVE | (CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute arbitrary code when processing an End Point Control (EPC) Client update. (Affects versions 10.2.339 and earlier, addressed in version 10.2.341) |
| 03.12.2024 | Kimsuky | APT | APT | Analysis of Kimsuky Threat Actor's Email Phishing Campaign |
| 03.12.2024 | NetSupport RAT | MALWARE | RAT | Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
| 03.12.2024 | BurnsRAT | MALWARE | RAT | Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT |
| 02.12.2024 | SmokeLoader | MALWARE | LOADER | SmokeLoader Attack Targets Companies in Taiwan |
| 02.12.2024 | SpyLoan | MALWARE | SPYWARE | SpyLoan: A Global Threat Exploiting Social Engineering |