January(137) February(207) March(430) April(317) May(278) June(237) July(216) August(316) September(23) October(0) November(0) December(0) | i |
DATE | NAME | CATEGORY | SUBCATE | INFO |
7.9.24 | CVE-2024-44000 | VULNEREBILITY | CVE | Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin |
7.9.24 | CVE-2024-45195 | VULNEREBILITY | CVE | Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. |
7.9.24 | Tropic Trooper | APT | Tropic Trooper spies on government entities in the Middle East | |
7.9.24 | Veeam Security Bulletin (September 2024) | VULNEREBILITY | CVE | All vulnerabilities disclosed in this section were discovered during internal testing (unless otherwise indicated) and affect Veeam Backup & Replication 12.1.2.172 and all earlier version 12 builds. |
6.9.24 | Tropic Trooper unleashes new China Chopper variant and Crowdoor loader | APT | Tropic Trooper, a Chinese-speaking APT group, has been reported targeting Middle Eastern government entities in a cyber espionage campaign. The attackers focused on systems related to human rights studies, using a new China Chopper variant deployed on a compromised Umbraco CMS server. The group employed DLL hijacking to load malicious payloads, including Crowdoor, a loader linked to the SparrowDoor backdoor. | |
6.9.24 | Spammers abusing uncommon TLDs | SPAM | Symantec has recently observed a new phishing campaign being delivered from recently created domains designed to steal credentials and/or banking information. In this campaign we have observed over 200 newly registered domains, most of these domains are registered with uncommon TLDs such as '.best', '.rest' or '.shop'. The subjects and message content attempt to lure recipients in with promises of dubious health products. | |
6.9.24 | Formbook Targets Global Sectors with Fake RFQ from Chemical-Oil Joint Venture | VIRUS | Symantec has recently observed a Formbook actor impersonating a major joint venture between a global chemical company based in Germany and a national oil and gas company from Malaysia. In this malicious email campaign, they're targeting companies across multiple countries and various industry sectors, including: | |
6.9.24 | Acab Infostealer | VIRUS | Acab is a Python-based infostealing malware variant recently observed in the wild. The malware shows some code similarities to another variant known as 1312 Stealer. Acab has the functionality to extract various confidential information from infected endpoints including credentials, banking information, crypto-wallet data, application data/tokens, various information stored in web browsers and others. | |
6.9.24 | CVE-2024-5932 - GiveWP WordPress Plugin vulnerability | VULNEREBILITY | CVE-2024-5932 is a recently disclosed vulnerability affecting GiveWP plugin, which is a Donation and Fundraising Platform plugin for WordPress. The flaw allows for malicious injection within the vulnerable version of the plugin, up to 3.14.1. Successfully exploitation of this flaw might allow unauthenticated attackers to inject an arbitrary PHP Object which can further lead up to arbitrary code execution within the context of the vulnerable application. A patched version 3.14.2 of the plugin has been already released. | |
6.9.24 | MacroPack generated payloads distributed in latest campaigns | CAMPAIGN | A payload generation framework called MacroPack has been leveraged to create miscellaneous payloads in a series of malicious activities recently observed by the researchers from Cisco Talos. The attackers have been using Word, Excel or PowerPoint lures that once opened run malicious MacroPack VBA code that ultimately leads to the final payload delivery and execution. Among the distributed payloads were Brute Ratel and Havoc post-exploitation tools as well as a new variant of the PhantomCore RAT. | |
6.9.24 | KTLVdoor backdoor leveraged by the Funnelweb APT | VIRUS | A new Golang-based backdoor dubbed KTLVdoor has been discovered by researchers from Trend Micro. The malware has been attributed to the Funnelweb APT (also known as Earth Lusca). KTLVdoor is a highly obfuscated malware that comes in variants supporting both Windows and Linux platforms. Functionality-wise the malware is capable of running commands and shellcode received from the C2 servers, various file and directory operations on the infected machine including file download/upload, among others. | |
6.9.24 | SLOW#TEMPEST campaign targets Chinese entities | CAMPAIGN | A recently identified malware campaign named SLOW#TEMPEST was uncovered targeting Chinese entities. The attack chain starts by way of malspam attachments in the form of zip files which are bundled with a shortcut lnk file in addition to dll/exe files. Successful execution of the available content leads to the establishment of a foothold in the targeted environment. Through this position, the attackers can execute further TTPs to accomplish their goals (such as credential harvesting, lateral movement, persistence and privilege escalation). | |
6.9.24 | Latrodectus 1.4: New version unveiled with advanced capabilities | VIRUS | A newer version of the Latrodectus downloader has been observed, featuring enhancements like a new string deobfuscation method, a revised C2 endpoint, and two additional backdoor commands. The infection chain begins with a heavily obfuscated JavaScript file, which uses numerous comments to inflate file size and complexity, complicating analysis. The malware then extracts and executes hidden code, subsequently downloading and installing an MSI file from a remote server. This MSI file loads an obfuscated DLL to perform its malicious tasks. | |
5.9.24 | Emansrepo infostealer | VIRUS | Researchers from Fortinet reported on a new Python-based infostealer variant dubbed Emansrepo. This malware has been distributed via phishing campaigns masquerading the malicious emails as purchase invoices or orders. The initial attack chain stage varies depending on the campaign and may leverage different attachments such as .html or .7z. | |
5.9.24 | Zharkbot malware | VIRUS | Zharkbot is a C++based malware loader variant being dropped by Amadey trojan in some recently observed campaigns. Zharkbot employs various anti-analysis, anti-VM and sandbox detection/evasion techniques. Once on the compromised machine, the malware will attempt to set up persistence by copying itself to the temp folder and setting up a scheduled task execution. | |
5.9.24 | CVE-2024-24809 & CVE-2024-31214 vulnerabilities affecting Traccar 5 | VULNEREBILITY | CVE-2024-24809 and CVE-2024-31214 are recently disclosed vulnerabilities affecting Traccar 5 which is an open-source GPS tracking system. The vulnerabilities are rated as CVSS score: 8.5 and CVSS score: 9.7 respectively. Successful exploitation in the affected product versions 5.1 through 5.12 could provide unauthenticated attackers with path traversal and unrestricted upload of arbitrary files. | |
5.9.24 | CVE-2024-22319 - JNDI Injection Vulnerability in IBM Operational Decision Manager | VULNEREBILITY | CVE-2024-22319 is a critical (CVSS: 9.8) JNDI injection vulnerability in IBM Operational Decision Manager. IBM ODM is a comprehensive decision automation solution that helps organizations automate and optimize their decision-making processes. Attackers can exploit this flaw by injecting malicious code into an unchecked argument passed to a specific API through JNDI (Java Naming and Directory Interface). | |
5.9.24 | Stone Wolf campaign targets Russian firms with Meduza Stealer malware | CAMPAIGN | A malicious campaign by the Stone Wolf threat actor targeting Russian firms has been reported. The attackers use phishing emails impersonating a legitimate industrial automation provider to deliver the Meduza Stealer malware. The attack vector involves an archive containing a legitimate document alongside a malicious link to download and execute the Stealer payload. | |
5.9.24 | WailingCrab: A WikiLoader variant exploiting VPN Spoofs | VIRUS | A recent report from Palo Alto reveals that WailingCrab, a variant of WikiLoader, is being distributed through SEO poisoning and spoofed GlobalProtect VPN software. This campaign primarily targets the U.S. higher education and transportation sectors. The attack vector involves multiple stages like DLL sideloading, shellcode injection, and using MQTT for command and control. | |
5.9.24 | Luxy Infostealer | VIRUS | Luxy is a recently discovered malware variant with both infostealing and ransomware capabilities. Luxy collects various confidential information from the compromised machines including credentials, browser data, cookies, cryptocurrency wallets, etc. The ransomware module is used to encrypt files on the infected endpoint using AES256 algorithm. | |
5.9.24 | Cybercriminals Target Malaysia’s Digital Lifestyle with SpyNote | VIRUS | Around the world, E-commerce (shopping), service-oriented (food delivery, ride-hailing, and on-demand services), digital payment and deal aggregator android applications are highly popular. | |
5.9.24 | CVE-2024-7593 - Ivanti Virtual Traffic Manager (vTM) Authentication Bypass vulnerability | VULNEREBILITY | CVE-2024-7593 is a critical (CVSS score 9.8) XML authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM). Successful exploitation of this flaw could allow the attackers to bypass authentication and create new administrative users. | |
5.9.24 | RAZR Ransomware | RANSOM | RAZR is a recently identified ransomware variant that abuses web hosting service called PythonAnywhere for hosting the malicious binaries. The malware uses AES-256 algorithm for encryption and appends .raz extension to the filenames. The ransom note is dropped in form of a text file README.txt in which the attackers also threaten that the confidential files have not only been encrypted but also exfiltrated. | |
5.9.24 | Macropack | HACKING | Malware | Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads |
5.9.24 | KTLVdoor | MALWARE | Backdoor | Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion |
5.9.24 | CVE-2024-20439 | VULNEREBILITY | CVE | (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system |
5.9.24 | CVE-2024-20440 | VULNEREBILITY | CVE | (CVSS score: 9.8) - A vulnerability arising due to an excessively verbose debug log file that an attacker could exploit to access such files by means of a crafted HTTP request and obtain credentials that can be used to access the API |
5.9.24 | APT Lazarus | APT | APT | APT Lazarus: Eager Crypto Beavers, Video calls and Games |
5.9.24 | RansomHub Ransomware | RANSOMWARE | RANSOMWARE | #StopRansomware: RansomHub Ransomwa |
5.9.24 | CVE-2024-7261 | VULNEREBILITY | CVE | The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. |
5.9.24 | Revival Hijack | HACKING | HACKING | Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk |
5.9.24 | CVE-2024-32896 | VULNEREBILITY | CVE | there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
5.9.24 | WikiLoader | MALWARE | Loader | Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant |
5.9.24 | Head Mare | GROUP | GROUP | Head Mare: adventures of a unicorn in Russia and Belarus |
5.9.24 | Cicada3301 | RANSOMWARE | RANSOMWARE | Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis |
5.9.24 | Rocinante | MALWARE | Trojan | Rocinante: The trojan horse that wanted to fly |