DATE

NAME

CATEGORY

SUBCATE

INFO

23.2.24CVE-2024-23204 VulnerebilityCVEThe issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
23.2.24PQ3CryptoCryptoiMessage with PQ3: The new state of the art in quantum-secure messaging at scale
22.2.24SSH-SnakeMalwareWormSSH-Snake: New Self-Modifying Worm Threatens Networks
22.2.24KONNIMalwareRATTo Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer
22.2.24CVE-2023-52161VulnerebilityCVEThe Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
22.2.24CVE-2023-52160 VulnerebilityCVEThe implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication.
21.2.24PlugXMalwareStealerMustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
21.2.24SMUGX CampaignCampaignCHINESE THREAT ACTORS TARGETING EUROPE IN SMUGX CAMPAIGN
21.2.24Operation TexontoOperationOperationOperation Texonto: Information operation targeting Ukrainian speakers in the context of the war
21.2.24VietCredCareMalwareStealerExtra credit: VietCredCare information stealer takes aim at Vietnamese businesses
21.2.24Earth PretaCampaignCampaignEarth Preta Campaign Uses DOPLUGS to Target Asia
21.2.24CVE-2024-22250VulnerebilityCVESession Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
21.2.24CVE-2024-22245VulnerebilityCVEArbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
21.2.24MigoMalwareMinerMigo - a Redis Miner with Novel System Weakening Techniques
21.2.24SysJokerMalwareBackdoorSysjoker is a backdoor malware that was first discovered in December 2021 by Intezer.
21.2.24BiBi-LinuxMalwareWipperAccording to Security Joes, this malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.
21.2.24Tool of First ResortREPORTREPORTIsrael-Hamas War in Cyber
21.2.24CVE-2024-25600VulnerebilityCVECVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.
19.2.24Anatsa MalwareAndroidAnatsa Trojan Returns: Targeting Europe and Expanding Its Reach
19.2.24TAG-70GroupGroupRussia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
19.2.24BASICSTARMalwareBackdoorThrough its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers.
18.2.24Raccoon Stealer v2MalwareStealerRaccoon Stealer v2 – Part 1: The return of the dead
18.2.24RecordbreakerMalwareStealerAn info stealer is malicious software (malware) that seeks to steal private data from a compromised device, including passwords, cookies, autofill information from browsers, and cryptocurrency wallet information.
17.2.24DeliveryCheckMalwareBackdoorAccording to CERT-UA, this malware makes use of XSLT (Extensible Stylesheet Language Transformations) and COM-hijacking. Its specificity is the presence of a server part, which is usually installed on compromised MS Exchange servers in the form of a MOF (Managed Object Format) file using the Desired State Configuration (DCS) PowerShell tool), effectively turning a legitimate server into a malware control center.
17.2.24TinyTurla-NGMalwareBackdoorTinyTurla Next Generation - Turla APT spies on Polish NGOs
17.2.24FLATLINEDVulnerebilityCVEFLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING
17.2.24GoldDiggerMalwareiOSGroup-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
17.2.24BumblebeeMalwareLoaderThis malware is delivered by an ISO file, with an DLL inside with a custom loader. Because of the unique user-agent "bumblebee" this malware was dubbed BUMBLEBEE. At the time of Analysis by Google's Threat Analysis Group (TAG) BumbleBee was observed to fetch Cobalt Strike Payloads.
17.2.24Water HydraAPTAPTWater Hydra’s Zero-Day Attack Chain Targets Financial Traders
17.2.24CVE-2024-21412

Vulnerebility

CVE

Internet Shortcut Files Security Feature Bypass Vulnerability
17.2.24DarkMeMalwareLoaderCVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
17.2.24CVE-2024-20684

Vulnerebility

CVE

(CVSS score: 6.5) - Windows Hyper-V Denial of Service Vulnerability
17.2.24CVE-2024-21357 

Vulnerebility

CVE

(CVSS score: 7.5) - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
17.2.24CVE-2024-21380

Vulnerebility

CVE

(CVSS score: 8.0) - Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
17.2.24CVE-2024-21410

Vulnerebility

CVE

(CVSS score: 9.8) - Microsoft Exchange Server Elevation of Privilege Vulnerability
17.2.24CVE-2024-21413 

Vulnerebility

CVE

(CVSS score: 9.8) - Microsoft Outlook Remote Code Execution Vulnerability
17.2.24CVE-2024-21412

Vulnerebility

CVE

(CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability
17.2.24CVE-2024-21351 

Vulnerebility

CVE

(CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability
17.2.24GluptebaBOTNETBOTNETDiving Into Glupteba's UEFI Bootkit
17.2.24GluptebaMalwareBootkitDiving Into Glupteba's UEFI Bootkit
17.2.24PikaBotMalwareLoaderPikabot is a malware loader that originally emerged in early 2023. Over the past year, ThreatLabz has been tracking the development of Pikabot and its modus operandi.
17.2.24CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
17.2.24DSLogMalwareBackdoorIvanti Connect Secure: Journey to the core of the DSLog backdoor
17.2.24CVE-2023-43770 

Vulnerebility

CVE

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

17.2.24

Akira ransomware

Ransomware

Ransomware

Akira Ransomware and Exploitation of Cisco Anyconnect Vulnerability CVE-2020-3259

17.2.24

CVE-2020-3259 

Vulnerebility

CVE

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information.

17.2.24

RustDoor

Malware

macOS

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

17.2.24

SNS Sender

Campaign

Spam

SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud

12.2.24

Rhysida Decryption Tool

Ransomware

Anti-Ransom tool

Korea Internet & Security Agency (KISA) distribuuje nastroj pro obnovu ransomwaru Rhysida.

12.2.24

Warzone RAT

Malware

RAT

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

10.2.24

RustDoor

Malware

Backdoor

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

10.2.24

RASPBERRY ROBIN

Malware

Worm

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

10.2.24

Online Nurse Hiring System 1.0 - Time-Based SQL Injection

Exploit

WebApps

PHP

10.2.24

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit

WebApps

PHP

10.2.24

Wordpress Seotheme - Remote Code Execution Unauthenticated

Exploit

WebApps

PHP

10.2.24

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit

WebApps

PHP

10.2.24

Elasticsearch - StackOverflow DoS

Exploit

DoS

Multiple

10.2.24

Zyxel zysh - Format string

Exploit

Remote

Hardware

10.2.24

Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit

WebApps

PHP

10.2.24

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

Exploit

Remote

Hardware

10.2.24

Wordpress 'simple urls' Plugin < 115 - XSS

Exploit

WebApps

PHP

10.2.24

TASKHUB-2.8.8 - XSS-Reflected

Exploit

WebApps

PHP

10.2.24

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit

WebApps

Multiple

10.2.24

MISP 2.4.171 - Stored XSS

Exploit

WebApps

PHP

10.2.24

Clinic's Patient Management System 1.0 - Unauthenticated RCE

Exploit

WebApps

PHP

10.2.24

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Exploit

WebApps

PHP

10.2.24

GYM MS - GYM Management System - Cross Site Scripting (Stored)

Exploit

WebApps

PHP

9.2.24

MoqHao 

Malware

Android

MoqHao evolution: New variants start automatically right after installation

9.2.24

Coyote

Malware

Banking

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

9.2.24

CVE-2024-21762

Vulnerebility

CVE

FortiOS - Out-of-bound Write in sslvpnd

9.2.24

CVE-2024-22024

Vulnerebility

CVE

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

9.2.24

Zardoor

Malware

Backdoor

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

8.2.24

HijackLoader

Malware

Loader

HijackLoader Expands Techniques to Improve Defense Evasion

8.2.24

Troll Stealer

Malware

Stealer

Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

8.2.24

CVE-2024-22241

Vulnerebility

CVE

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

8.2.24

CVE-2024-22240 

Vulnerebility

CVE

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

8.2.24

CVE-2024-22239

Vulnerebility

CVE

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

8.2.24

CVE-2024-22238

Vulnerebility

CVE

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

8.2.24

CVE-2024-22237

Vulnerebility

CVE

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

8.2.24

CVE-2024-23109

Vulnerebility

CVE

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

8.2.24

CVE-2024-23108 

Vulnerebility

CVE

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

8.2.24

CVE-2024-20255

Vulnerebility

CVE

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

8.2.24

CVE-2024-20254

Vulnerebility

CVE

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

8.2.24

CVE-2024-20252

Vulnerebility

CVE

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.

8.2.24

KV-Botnet

BOTNET

BOTNET

KV-Botnet: Don’t Call It A Comeback

7.2.24

CVE-2023-40546

Vulnerebility

CVE

(CVSS score: 5.3) - Out-of-bounds read when printing error messages, resulting in a denial-of-service (DoS) condition

7.2.24

CVE-2023-40548

Vulnerebility

CVE

(CVSS score: 7.4) - Buffer overflow in shim when compiled for 32-bit processors that can lead to a crash or data integrity issues during the boot phase

7.2.24

CVE-2023-40549

Vulnerebility

CVE

(CVSS score: 5.5) - Out-of-bounds read in the authenticode function that could permit an attacker to trigger a DoS by providing a malformed binary

7.2.24

CVE-2023-40550

Vulnerebility

CVE

(CVSS score: 5.5) - Out-of-bounds read when validating Secure Boot Advanced Targeting (SBAT) information that could result in information disclosure

7.2.24

CVE-2023-40551

Vulnerebility

CVE

(CVSS score: 7.1) - Out-of-bounds read when parsing MZ binaries, leading to a crash or possible exposure of sensitive data

7.2.24

BOLDMOVE

Malware

Backdoor

According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).

7.2.24

BOLDMOVE

Malware

ELF

According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.

7.2.24

COATHANGER

Malware

RAT

Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances.

7.2.24

CVE-2023-40547

Vulnerebility

CVE

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response.

7.2.24

CVE-2024-23917

Vulnerebility

CVE

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

6.2.24

CrackedCantil

Malware

Stealer

CrackedCantil: A Malware Symphony Breakdown

6.2.24

Ov3r_Stealer

Malware

Stealer

Facebook Advertising Spreads Novel Malware Variant

6.2.24

CVE-2023-38156

Vulnerebility

CVE

(CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability

6.2.24

CVE-2023-36419

Vulnerebility

CVE

(CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability

6.2.24

GambleForce

Group

Group

Analysis of TTPs tied to GambleForce, which carried out SQL injection attacks against companies in the APAC region

6.2.24

CVE-2024-21887

Vulnerebility

CVE

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

6.2.24

CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

6.2.24

Epeius

Malware

Spyware

A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets

6.2.24

Skygofree

Malware

Android

Skygofree: Following in the footsteps of HackingTeam

5.2.24

VajraSpy

Malware

RAT

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

5.2.24

Pegasus

Malware

Spyware

New spyware attacks exposed: civil society targeted in Jordan

5.2.24

DiceLoader

Malware

Loader

This report aims to detail the functioning of a malware used by FIN7 since 2021, named DiceLoader (also known Icebot), and to provide a comprehensive approach of the threat by detailing the related Techniques...

5.2.24

Phemedrone Stealer

Malware

Stealer

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

5.2.24

Mispadu Stealer

Malware

Stealer

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019

5.2.24

CVE-2023-36025

Vulnerebility

CVE

Windows SmartScreen Security Feature Bypass Vulnerability

3.2.24

Cloudflare Breach

Incident

Incident

Thanksgiving 2023 security incident

3.2.24

AnyDesk Incident Response 2-2-2024

Incident

Incident

Following indications of an incident on some of our systems, we conducted a security audit and found evidence of compromised production systems. We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully.

3.2.24

CVE-2024-23832

Vulnerebility

CVE

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.

3.2.24

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit

WebApps

PHP

3.2.24

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Exploit

DoS

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploit

WebApps

Hardware

3.2.24

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure

Exploit

WebApps

Hardware

3.2.24

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit

WebApps

Hardware

3.2.24

TP-Link TL-WR740N - UnAuthenticated Directory Transversal

Exploit

WebApps

Hardware

3.2.24

PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow

Exploit

Remote

Windows

3.2.24

mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page

Exploit

WebApps

PHP

3.2.24

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit

Remote

Windows

3.2.24

COLDRIVER

Group

Group

The Coldriver Group, also known as Callisto and SEABORGIUM, is a threat actor known to attack government organizations, think tanks, and journalists in Europe and the Caucasus regions through spearphishing campaigns.

3.2.24

HeadLace

Malware

Backdoor

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

3.2.24

CVE-2023-23397

Vulnerebility

CVE

Microsoft Outlook Elevation of Privilege Vulnerability

3.2.24

Shuckworm

Group

Group

Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine

3.2.24

NTLM Relay Attacks

Attack

Attack

NTLM relay attacks A dangerous game of hot potato

3.2.24

LitterDrifter

Group

Group

Malware Spotlight – Into the Trash: Analyzing LitterDrifter

3.2.24

UAC-0027

Group

Group

UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

3.2.24

DirtyMoe

Malware

Backdoor

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2.2.24

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

Exploit

Remote

macOS

2.2.24

Proxmox VE - TOTP Brute Force

Exploit

Remote

Linux

2.2.24

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit

WebApps

Multiple

2.2.24

Grocy <=4.0.2 - CSRF

Exploit

WebApps

PHP

2.2.24

101 News 1.0 - Multiple-SQLi

Exploit

WebApps

PHP

2.2.24

Academy LMS 6.2 - SQL Injection

Exploit

WebApps

PHP

2.2.24

Academy LMS 6.2 - Reflected XSS

Exploit

WebApps

PHP

2.2.24

UNC5221

Group

CyberSpy

UNC5221: Unreported and Undetected WIREFIRE Web Shell Variant

2.2.24

Frog4Shell

BOTNET

Botnet

Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal

2.2.24

BPFdoor

Malware

Rootkit

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

2.2.24

Commando Cat

Campaign

Cryptocurrency

The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker

2.2.24

Volt Typhoon

Group

Group

[Microsoft] Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

2.2.24

HeadCrab 2.0

Malware

Backdoor

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

2.2.24

CVE-2024-23222

Vulnerebility

CVE

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3.

2.2.24

CVE-2022-48618

Vulnerebility

CVE

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2.

1.2.24

CVE-2024-23653 

Vulnerebility

CVE

'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally

1.2.24

CVE-2024-23652

Vulnerebility

CVE

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

1.2.24

CVE-2024-23651 

Vulnerebility

CVE

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

1.2.24

CVE-2024-21626

Vulnerebility

CVE

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.

1.2.24

CVE-2024-21893

Vulnerebility

CVE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

1.2.24

CVE-2024-21888

Vulnerebility

CVE

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

1.2.24

Telekopye

Botnet

Bot

Telekopye: Hunting Mammoths using Telegram bot

1.2.24

Scammers Paradise

Operation

Phishing

“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations

1.2.24

QUIETBOARD

Malware

Python

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

EMPTYSPACE

Malware

Backdoor

Mandiant has observed UNC4990 leverage EMPTYSPACE (also known as VETTA Loader and BrokerLoader), a downloader that can execute any payload served by the command and control (C2) server, and QUIETBOARD, which is a backdoor that was delivered using EMPTYSPACE.

1.2.24

UNC4990

Group

Group

Evolution of UNC4990: Uncovering USB Malware's Hidden Depths

1.2.24

2023 Adversary Infrastructure Report

REPORT

Report

2023 Adversary Infrastructure Report

1.2.24

KRUSTYLOADER

Malware

Loader

KRUSTYLOADER - RUST MALWARE LINKED TO IVANTI CONNECTSECURE COMPROMISES

1.2.24

CVE-2024-21887

Vulnerebility

CVE

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

1.2.24

CVE-2023-46805

Vulnerebility

CVE

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

1.2.24

CVE-2023-4911

Vulnerebility

CVE

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.

1.2.24

CVE-2023-6780

Vulnerebility

CVE

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions.

1.2.24

CVE-2023-6779

Vulnerebility

CVE

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.

1.2.24

CVE-2023-6246

Vulnerebility

CVE

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions