Lucene search
K
HiveproMost viewed

1589 matches found

hivepro
hivepro
added 2022/03/08 4:41 p.m.1738 views

Dirty Pipe: A privilege escalation vulnerability in Linux Kernel

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A vulnerability in the Linux kernel existed since version 5.8 and allows overwriting data in arbitrary read-only files. Because unprivileged processes can inject code into root processes, this results in privilege escalation. ...

7.2CVSS1.8AI score0.88106EPSS
Exploits100
hivepro
hivepro
added 2021/08/24 10:35 a.m.874 views

ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...

10CVSS0.5AI score0.99999EPSS
Exploits22
hivepro
hivepro
added 2022/02/18 12:20 p.m.682 views

Russian state-sponsored cyber actors targeting U.S. critical infrastructure

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here In a joint cybersecurity advisory, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA revealed that Russian state-sponsored threat actors target...

9CVSS0.4AI score0.99999EPSS
Exploits56
hivepro
hivepro
added 2022/03/15 10:7 a.m.473 views

LockBit 2.0 Ransomware affiliates targeting Renowned Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Since September 2021, LockBit 2.0 has targeted 500+ organizations in vital areas globally. The most recent attack targeted well-known tire producer Bridgestone, software behemoth Accenture, and the French Ministry of Justice...

10CVSS0.3AI score0.99999EPSS
Exploits42
hivepro
hivepro
added 2022/03/25 4:5 a.m.454 views

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

10CVSS0.9AI score0.99999EPSS
Exploits18
hivepro
hivepro
added 2021/12/07 1:24 p.m.450 views

BlackByte ransomware exploits Microsoft Servers ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlackByte ransomware is targeting organizations with unpatched ProxyShell vulnerabilities. Proxy Shell was addressed by hive pro threat researcher in the previous advisory released on August 24. ProxyShell is a combination of...

10CVSS0.9AI score0.99999EPSS
Exploits18
hivepro
hivepro
added 2022/04/27 12:44 p.m.419 views

Weekly Threat Digest: 18 – 24 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 430 5 2 Worldwide 17 46 The fourth week of April 2022 witnessed the discovery of 430 vulnerabilities out of which ...

10CVSS0.3AI score0.99999EPSS
Exploits28
hivepro
hivepro
added 2021/12/14 1:50 p.m.392 views

Cerber targeting organizations with publicly available exploits

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Cerber, ransomware that mysteriously vanished in 2019, has reappeared with a new encryption. The new cerber includes fresh source code and makes use of the new library Crypto+++, whereas the previous form made use of Windows...

7.5CVSS2.1AI score0.99999EPSS
Exploits75
hivepro
hivepro
added 2022/06/15 10:13 a.m.376 views

Follina: A zero-day vulnerability in Microsoft Office

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Microsoft has issued a patch after almost 15 days for a zero-day vulnerability identified as CVE-2022-30190 after various proof-of-concept POCs indicating that it is actively exploited became public. Security...

9.3CVSS1.4AI score0.99374EPSS
Exploits62
hivepro
hivepro
added 2021/12/29 9:27 a.m.368 views

Apache released a patch to address the critical zero-day vulnerability in log4j

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A zero-day remote code execution vulnerability, CVE-2021-44228 was discovered in Apache log4j affecting versions 2.0 to 2.14.1. Apache log4j is a java logging package used by millions of applications. Cloud services such as...

9.3CVSS0.3AI score0.99999EPSS
Exploits353
hivepro
hivepro
added 2022/04/12 2:21 a.m.363 views

RCE Spring Framework Zero-Day vulnerability “Spring4Shell”

THREAT LEVEL: Red For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in the Spring framework, a Java framework that provides infrastructure support for web application development. This vulnerability came to light after a Chinese researcher made a...

7.5CVSS0.8AI score0.99677EPSS
Exploits100
hivepro
hivepro
added 2022/03/10 4:20 p.m.351 views

Prophet Spider exploits Log4j and Citrix vulnerabilities to deploy webshells

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Prophet Spider is a well-known Initial Access Broker IAB group. Prophet Spiders tradecraft continues to grow while exploiting known web-server vulnerabilities such as Citrix and Log4j. A remote code execution RCE...

10CVSS0.2AI score0.99999EPSS
Exploits353
hivepro
hivepro
added 2022/04/22 2:34 p.m.331 views

Hive Ransomware targets organizations with ProxyShell exploit

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Hive Ransomware has been active since its discovery in June 2021, and it is constantly deploying different backdoors, including the Cobalt Strike beacon, on Microsoft Exchange servers that are vulnerable to ProxyShell...

10CVSS0.4AI score0.99999EPSS
Exploits18
hivepro
hivepro
added 2021/12/05 12:31 p.m.322 views

Several Zoho ManageEngine products have been exploited

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Zoho ManageEngine products. The affected products include Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine SupportCenter Plus, Zoho ManageEngine Desktop Central, Zoho...

10CVSS0.4AI score0.99867EPSS
Exploits8
hivepro
hivepro
added 2024/02/05 7:3 a.m.269 views

Leaky Vessels in Cloud Environments Shake Docker and Beyond

Summary: Four vulnerabilities, collectively termed Leaky Vessels, have been uncovered within container engine components, specifically affecting the runC command line tool. In the most severe instances, illicit entry into the underlying host operating system could result in the compromise of vita...

7.3AI score
Exploits0
hivepro
hivepro
added 2022/08/11 8:15 a.m.264 views

Microsoft tackles DogWalk zero-day vulnerability and multiple privilege escalation vulnerabilities

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft Patch Tuesday addresses CVE-2022-34713, also known as DogWalk, as well as numerous issues affecting Microsoft Exchange Server, Microsoft Windows Support Diagnostic Tool MSDT, Windows Print...

2.2AI score0.6798EPSS
Exploits1
hivepro
hivepro
added 2022/01/14 6:23 a.m.262 views

SnatchCrypto campaign carried out by North Korean APT 38 subsidiary BlueNoroff

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlueNoroff, an advanced persistent threat APT group thats part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious...

9.3CVSS8.1AI score0.99933EPSS
Exploits29
hivepro
hivepro
added 2022/04/21 4:59 a.m.252 views

Weekly Threat Digest: 11 – 17 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 765 14 1 2 6 25 The third week of April 2022 witnessed a huge spike on the discovery of 765 vulnerabilities out of...

10CVSS0.3AI score0.99997EPSS
Exploits48
hivepro
hivepro
added 2022/04/05 12:57 p.m.252 views

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

9.3CVSS0.3AI score0.99999EPSS
Exploits348
hivepro
hivepro
added 2022/03/18 8:27 a.m.243 views

Russian threat actor UAC-0056 targets European countries

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...

9.3CVSS8.4AI score0.99945EPSS
Exploits33
hivepro
hivepro
added 2022/03/14 4:24 p.m.230 views

Weekly Threat Digest: 7 – 13 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 538 16 3 42 19 89 The second week of March 2022 witnessed the discovery of 538 vulnerabilities out of which 16...

9.3CVSS0.4AI score0.99999EPSS
Exploits453
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
hivepro
hivepro
added 2022/09/16 9:3 a.m.213 views

Microsoft busts an actively exploited zero-day and several critical flaws

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed a zero-day vulnerability identified as CVE-2022-37969, an Elevation of Privilege vulnerability, in addition to a broad array of other significant flaws that might lead to Remot...

2.7AI score0.28483EPSS
Exploits5
hivepro
hivepro
added 2022/03/21 5:34 a.m.201 views

New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...

6.8CVSS0.5AI score0.96843EPSS
Exploits38
hivepro
hivepro
added 2021/11/18 11:45 a.m.201 views

MuddyWater is taking advantage of old vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, and the United Kingdoms National Cyber Security Centre NCSC have issued a joint...

10CVSS8.7AI score0.99999EPSS
Exploits16
hivepro
hivepro
added 2021/11/02 9:42 a.m.198 views

HelloKitty is launching a DDoS attack by exploiting known vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The FBI has issued a warning to private businesses about a new feature of the HelloKitty ransomware group aka FiveHands. The Hello Kitty/FiveHands actor UNC2447 employs the double extortion strategy to place undue pressure on...

7.5CVSS1.6AI score0.83425EPSS
Exploits0
hivepro
hivepro
added 2023/01/10 11:58 a.m.192 views

Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group APT-LY-1005 is a newly identified APT group that is thought to operate in Southeast Asia. The groups main tactic is to use an ISO file as a malicious payload, which when executed, injects a...

2.7AI score
Exploits0
hivepro
hivepro
added 2022/10/11 7:22 a.m.189 views

Vulnerability in Fortinet allows authentication bypass

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary FortiOS and FortiProxy has an authentication bypass vulnerability, CVE-2022-40684, that could allow remote attackers access to the administrative interface...

5.1AI score0.99984EPSS
Exploits25
hivepro
hivepro
added 2021/11/23 10:56 a.m.189 views

Microsoft could not patch this vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft released patches for 44 vulnerabilities on November 9th. CVE-2021-41379 was among them. However, installing this patch does not completely eliminate the vulnerability. An exploit for a new Windows zero-day local...

4.6CVSS8.1AI score0.20255EPSS
Exploits0
hivepro
hivepro
added 2021/08/18 11:1 a.m.180 views

Have you patched the vulnerabilities in Microsoft Exchange Server?

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft Exchange Server vulnerabilities have been officially patched for five months now. These vulnerabilities are actively exploited by multiple threat actors named DeadRinger. DeadRinger has been affecting the...

7.5CVSS0.5AI score0.99999EPSS
Exploits66
hivepro
hivepro
added 2022/07/25 11:10 a.m.176 views

Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Atlassian has released patches to address a critical security flaw, being tracked as CVE-2022-26138 involving the usage of hard-coded credentials in the Questions For Confluence app for Confluence Server...

2AI score0.9817EPSS
Exploits1
hivepro
hivepro
added 2023/02/09 6:52 a.m.175 views

The ESXiArgs ransomware attack is targeting VMware ESXi servers globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A global ransomware attack, known as ESXiArgs, is affecting servers using VMware ESXi hypervisors version 6.x prior to 6.7 due to a vulnerability CVE-2021-21974 caused by a heap overflow issue in the Ope...

5.8CVSS3.6AI score0.45063EPSS
Exploits7
hivepro
hivepro
added 2022/05/13 2:16 a.m.173 views

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...

7.2CVSS0.8AI score0.09823EPSS
Exploits0
hivepro
hivepro
added 2023/08/17 7:45 a.m.172 views

Unveiling The TunnelCrack VPN Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to...

6.5AI score
Exploits0
hivepro
hivepro
added 2022/03/18 1:58 p.m.172 views

Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting...

9CVSS3.3AI score0.99759EPSS
Exploits41
hivepro
hivepro
added 2023/02/20 10:28 a.m.169 views

APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Earth Kitsune, an advanced persistent threat APT actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor called...

2.9AI score
Exploits0
hivepro
hivepro
added 2022/03/29 1:56 p.m.169 views

Weekly Threat Digest: 21 – 27 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10...

10CVSS0.99999EPSS
Exploits90
hivepro
hivepro
added 2022/04/13 6:34 a.m.158 views

Weekly Threat Digest: 4 – 10 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 438 3 3 53 16 54 The second week of April 2022 witnessed the discovery of 438 vulnerabilities out of which 3 gaine...

9.3CVSS0.1AI score0.99999EPSS
Exploits440
hivepro
hivepro
added 2022/09/30 10:21 a.m.154 views

Unpatched zero-day vulnerabilities of Microsoft Exchange Server

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Exchange Server has two unpatched zero-day vulnerabilities. One of them is a Server-Side Request Forgery SSRF vulnerabilityCVE-2022-41040, while the second is a remote code execution RCE...

2.6AI score0.99964EPSS
Exploits16
hivepro
hivepro
added 2022/08/04 11:47 a.m.154 views

VMware products impacted by an authentication bypass vulnerability and other flaws

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary VMware has addressed multiple vulnerabilities, including an authentication bypass CVE-2022-31656, remote code execution CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665, and many more flaws...

3.2AI score0.18428EPSS
Exploits2
hivepro
hivepro
added 2021/09/23 1:47 p.m.154 views

Are you a victim of the Conti Ransomware?

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Conti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a...

9.3CVSS0.1AI score0.99759EPSS
Exploits112
hivepro
hivepro
added 2022/10/20 9:17 a.m.153 views

Text2Shell: Vulnerability like Log4Shell in Apache Common Texts

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new vulnerability in Apache Commons Text has been named text2shell. The vulnerability allows unauthenticated attackers to remotely execute code on servers running affected applications. Due to t...

5.1AI score
Exploits0
hivepro
hivepro
added 2021/12/16 11:12 a.m.152 views

Microsoft released patch for actively exploited spoofing vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Microsoft AppX has a spoofing vulnerability that has been assigned CVE-2021-43890. Attackers are taking advantage of this critical vulnerability by deploying well-known malwares such as Emotet, Trickbot, and Bazaloader. Thi...

6CVSS8.6AI score0.10295EPSS
Exploits1
hivepro
hivepro
added 2022/03/29 12:17 p.m.151 views

Muhstik botnet adds another vulnerability exploit to its arsenal

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...

10CVSS0.7AI score0.99993EPSS
Exploits89
hivepro
hivepro
added 2021/12/08 9:54 a.m.143 views

Grafana releases an emergency patch for a Zero-Day vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft Edge Chromium-based exists as a result of a use-after-free Grafana, a database analyzing, and monitoring tool used by major companies has been affected by a high severe zero-day...

5CVSS1.1AI score0.88849EPSS
Exploits44
hivepro
hivepro
added 2021/11/10 11:20 a.m.142 views

Microsoft’s Patch Tuesday Security Updates for November

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. For the month of November, Microsoft has reported a total of 55 vulnerabilities, 6CVE-2021-38666, CVE-2021-26443, CVE-2021-42279, CVE-2021-42298, CVE-2021-42316, CVE-2021-3711 of which have been rated critical. Four...

9.3CVSS8.1AI score0.90388EPSS
Exploits11
hivepro
hivepro
added 2022/08/16 5:0 a.m.138 views

Vulnerabilities & Threats that Matter 08 – 14th Aug

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...

9.3CVSS1AI score0.9981EPSS
Exploits220
hivepro
hivepro
added 2022/04/18 1:6 p.m.135 views

Two actively exploited vulnerabilities affect multiple VMware products

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could...

10CVSS1.4AI score0.99997EPSS
Exploits31
hivepro
hivepro
added 2021/09/16 3:2 p.m.132 views

Google patches chrome zero-day vulnerabilities being exploited in the wild

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Google just released a major security update for Google Chrome that addresses eleven vulnerabilities, including two zero-day flaws that have been exploited in the wild. A remote attacker might take use of the flaws by trickin...

6.8CVSS0.4AI score0.64546EPSS
Exploits4
hivepro
hivepro
added 2022/04/05 10:11 a.m.131 views

Weekly Threat Digest: 28 March – 3 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 500 7 3 27 16 46 The fourth week of March 2022 witnessed the discovery of 500 vulnerabilities out of which 7 gaine...

7.5CVSS1.4AI score0.99796EPSS
Exploits112
Total number of security vulnerabilities1589