1589 matches found
The Spyder Loader malware targets organizations in Hong Kong
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Spyder Loader malware was first publicly documented in March 2021. The recent Spyder Loader malware campaign appears to have had the ultimate goal of information theft, and the threat actor behind th...
Multiple Iranian actors have launched attacks against the Albanian government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors acting on behalf of the Iranian government launched a devastating attack that knocked the Albanian governments websites and public services down. Each stage of the attack was carried out by...
APT28 exploits Follina to deploy CredoMap
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Google Chrome addresses nine vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...
OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as OilRig has began delivering malicious email to a Jordanian government employee at the foreign ministry. The email includes a malicious Excel sheet that installs the Saitama backdoor...
Russia under Attack from New RURansom Wiper
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A series of Wiper Malware attacks have been launched in the continuing cyber war between Russia and Ukraine. Researchers have discovered the RURansom wiper malware, which adds to the current collection of harmful malware. The...
PwnKit vulnerability affects major Linux distributors
...
AntiVirus Evasion Techniques
Introduction Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing...
VMware patches 2 Critical Vulnerabilities in Carbon Black App Control, VMWare Tools and VMWare Remote Console
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has patched an authentication bypass vulnerabilityCVE-2021-21998 in the carbon black app control management server. Apart from this vulnerability VMware also patched a privilege escalation vulnerabilityCVE-2021-21999...
Cisco IOS XR Flaws Enable Privilege Elevation and DoS Attacks
Summary: Three high-severity vulnerabilities have been discovered in the Cisco IOS XR software, posing risks of denial-of-service DoS attacks and elevation of privilege. These vulnerabilities are tracked as CVE-2024-20320, CVE-2024-20318, and CVE-2024-20327. Threat Level - Amber | Vulnerability...
Roundcube Webmail Faces Unrelenting Exploitation
Summary: The Roundcube email server vulnerability, identified as CVE-2023-43770 and previously mitigated in September 2023, is currently being actively exploited. This flaw enables attackers to gain access to restricted information, with potential repercussions including sensitive data theft, use...
Russian SVR Exploits Critical TeamCity Vulnerability Globally
Summary: A critical vulnerability CVE-2023-45247 in JetBrains TeamCity is actively exploited by Russias SVR cyber actors APT 29, allowing full server compromise. The targeted software widely used by developers poses a significant threat, enabling access to sensitive information and potential...
A Comprehensive CTEM Guide for CISOs
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
GhostSec Pioneering the Hacktivist Front with GhostLocker
Summary: GhostSec, a hacktivist coalition stemming from the Anonymous group and part of The Five Families, has introduced GhostLocker, an advanced Ransomware-as-a-Service RaaS framework. Threat Level - RED | Attack Report For a detailed threat advisory, download the pdf file here To receive...
Chinese APT Masquerading as Cloud Services in Cambodia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese APT targets Cambodian government via disguised cloud services, aiming to access sensitive data, aligning with Chinas regional interests. Actors adapt work hours, signaling Chinese origin, urging...
CISA Known Exploited Vulnerability Catalog October 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Stop Putting Out Fires Its Time to Change Vulnerability Management For the Better
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
YoroTrooper Covert Cyber Espionage Masters of Kazakhstan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary YoroTrooper, a stealthy threat actor primarily focused on espionage, first emerged in June 2022. YoroTroopers targets appear to be concentrated within the Commonwealth of Independent States CIS nations,...
LostTrust Ransomware Unmasking the Gang Behind the Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LostTrust ransomware, emerged in September 2023, is a multi-extortion threat related to SFile and Mindware, employing techniques reminiscent of MetaEncryptor, encrypting files, and demanding ransoms. It...
QakBot Resurges Latest Strikes with Ransom Knight and Remcos RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The QakBot malware has been associated with a persistent phishing campaign since the beginning of August 2023, leading to the deployment of both the Ransom Knight ransomware and the Remcos RAT. To receiv...
BlackTech: China-Linked Cyber Actors Exploit Router Firmware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BlackTech, a Peoples Republic of China PRC-linked cyber actor group, poses a significant threat by modifying router firmware and targeting diverse sectors, highlighting the need for enhanced cybersecurity...
Deadglyph Malware Emerges as a Game Changer for Stealth Falcon
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The cyber espionage group Stealth Falcon commenced covert operations and employed advanced backdoor malware called "Deadglyph" primarily to infiltrate Middle Eastern government entities. To receive...
Hive Pro Partners with Tech Titan to Fortify Cybersecurity Landscape in Southeast Asia
HERNDON, VA., Sept. 26, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce a strategic partnership with Tech Titan Group, a leading IT Solutions Provider renowned for its innovation-driven approach and dedication to addressing evolving customer needs across...
LokiBot Data Exfiltrating Trojan Targets Windows Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LokiBot, an infamous data-exfiltrating Trojan, has maintained a prominent presence since 2015. This pernicious malware predominantly sets its sights on Windows systems, diligently striving to acquire...
Hive Pro Unveils Enhanced Version of HivePro Uni5 Threat Exposure Management Platform v2.1.0
Featuring diversified deployment options, seamless tool integration, and a refined user interface. Milpitas, CA – 3rd April 2023 – Hive Pro, a prominent cybersecurity firm specializing in Threat Exposure Management, today introduced the version update v2.1.0 to its flagship HivePro Uni5 platform,...
BianLian ransomware ramps up data-leak extortion and improves operational security
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BianLian ransomware group is ramping up data-leak extortion to extract payments, using similar tactics & a custom backdoor, and bringing 30 new C2 servers online monthly. To receive real-time threat...
APT 29 Launches Malevolent Campaign Targeting Governments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT 29 has launched a novel campaign targeting Western countries. This latest operation involves the use of a malevolent dropper called ROOTSAW. To receive real-time threat advisories, please follow...
Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A malware campaign called "Hiatus" that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign...
Iran-based Agrius deploys Fantasy wiper to attack IT firms in Israel
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iran-based Agrius group has targeted Israel and the United Arab Emirates since 2020. In the beginning, the group deployed a wiper called Apostle, disguised as ransomware, which was later modified into...
Aurora Botnet evolves into a Stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Aurora was first discovered in Russian-speaking underground forums and was capable of stealing, downloading, and gaining remote access. A threat actor by the name of Cheshire is selling this...
Kinsing malware continues to exploit these two-year-old vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware...
UNC4034 slips in a backdoor with trojanized PuTTY
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4034, a North Korean threat actor, uses a fake job posting to trick victims into downloading a trojanized version of PuTTY. When the malicious PuTTY binary is executed on the host, a backdoor named...
Evilnum strikes commodities and cryptocurrency Forum
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary In recent campaigns, the Evilnum actor group has targeted the Decentralized Finance DeFi sector using Evilnum Malware. The latest iteration of Evilnum backdoor employs a diverse set of ISO, Microsoft Word, and...
Attackers Escape Kubernetes Containers using “cr8escape” Vulnerability in CRI-O
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A flaw in CRI-O, an open-source Linux implementation of Kubernetes Container Runtime Interface CRI, was discovered that may allow an attacker to gain remote control of servers and potentially poison the container with attack...
Iranian APT is targeting Middle Eastern Aerospace and Telecommunications companies
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. ShellClient is a powerful new Remote Access Trojan RAT that was used in highly targeted attacks on a select few Aerospace and Telecommunications firms, primarily in the Middle East, with other victims in the United States,...
LunarWeb and LunarMail: The Secret Weapons of the Turla APT
...
Earth Hundun’s Deuterbear Sets Sights on High-Value Sectors
...
New Linux Variant of Bifrost RAT Utilizes Deceptive Domain for Evasion
Summary: A new Linux variant of the Bifrost RAT evades detection using a deceptive VMware domain, aiming to compromise systems. This persistent threat spreads through malicious emails and sites, harvesting sensitive data and now includes an ARM version, emphasizing the need for vigilant...
Androxgh0st Malware Uses Stealthy Tactics in Pilfering Credentials
Summary: The Androxgh0st malware is building a botnet, specifically aimed at illicitly obtaining cloud credentials from popular applications such as Amazon Web Services AWS, Microsoft Office 365, SendGrid, and Twilio. This stolen data is then utilized to disseminate additional harmful payloads...
Seeing the Full Threat Exposure Picture With Uni5 Xposure
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Malicious CPU-Z App Distributed Through Ads on Fake Windows News Site
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor has been using Google Ads as a platform to distribute a tampered version of the CPU-Z tool. CPU-Z is a widely-used utility that provides information about various hardware components in a...
Farnetwork the Mastermind of Five Ransomware Strains
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Farnetwork, a highly skilled threat actor fluent in Russian, has played a key role in five distinct ransomware-as-a-service RaaS programs, assuming diverse roles such as orchestrator and contributor to...
Iran-Backed Agrius APT’s Attacks on Israeli Institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a series of harmful cyberattacks that occurred from January 2023 to October 2023, the Iranian-backed Advanced Persistent Threat APT group known as Agrius targeted Israels education and technology...
Redfly Targets Critical Infrastructure in Asia with ShadowPad Trojan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Redfly, an espionage group, targeted Asian critical infrastructure, compromising a national grid for six months using ShadowPad. This underscores a rising trend in such attacks, raising global concerns...
Nation-State Actors Infiltrate U.S. by Exploiting Zoho and Fortinet Flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple nation-state entities infiltrated a prominent U.S. aeronautics organization by capitalizing on vulnerabilities within Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus,...
Fortifying Financial Services Cybersecurity with Hive Pro
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
A New Akira Ransomware Targets Multiple Industries and Demands Millions in Extortion
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Akira ransomware is a new threat targeting corporate networks and has already attacked several companies in various industries, stealing their data and demanding ransom from $200,000 to millions of...
Malevolent EvilExtractor Stealer Attacks Strike Europe and US
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary EvilExtractor is a new type of malware that extracts sensitive data from Windows systems. Its a data theft tool gaining notoriety due to increased attacks in Europe and the US. To receive real-time threa...
A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...
Trigona Ransomware Targets Improperly Managed MS-SQL Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trigona ransomware is installed on vulnerable MS-SQL servers that are not properly managed, allowing attackers to execute malicious commands and encrypt files without distinguishing file extensions. To...
Nation-State Actors MERCURY and Partner DEV-1084 Carry Out Destructive Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MERCURY, a nation-state actor linked to the Iranian government, worked with another actor, DEV-1084, to carry out a destructive attack. To receive real-time threat advisories, please follow HiveForce Lab...