1589 matches found
Headcrab malware is targeting Redis servers worldwide to mine Monero
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HeadCrab is a new and severe malware that is infiltrating and residing on servers worldwide. It is a custom-made Redis-based malware that is undetectable by traditional anti-virus solutions and has...
A new EmojiDeploy attack has been found in an Azure service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerabilit...
Destructive data wipers and worms targeting Ukrainian organizations
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Cybersecurity & Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have jointly released an advisory and warned of an ongoing cyber attack using destructive malware targeting organizations in Ukrai...
Threat Campaign by Molerats uses NimbleMamba Malware to target Middle East
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An APT group Molerats associated with Gaza has launched a new threat campaign using a malware NimbleMamba aimed at Middle Eastern governments, foreign policy think tanks, and even a state-owned airline. The current attack was...
Goldoon Botnet Exploits Longstanding D-Link Vulnerability
...
Earth Krahang APT Campaign Targeting Global Governments
Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...
SPIKEDWINE Ploy to Infiltrate EU Diplomatic Circles
Summary: The SPIKEDWINE threat actor has been identified orchestrating a sophisticated cyber operation targeting European Union diplomats with a deceptive wine-tasting event. Its primary goal is to disrupt geopolitical relations between India and Europe through the deployment of a modular backdoo...
Malware Leveraging Google OAuth for Persistent Account Access
Summary: Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service MaaS stealer...
MuddyWater Returns with a New Spear-Phishing Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, the Iranian nation-state actor, has been identified in a new spearphishing campaign targeting two Israeli entities and deploying a legitimate remote administration tool known as N-able Advanc...
Celebrity Vulnerability Report | Navigating Challenges with HivePro Uni5
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Cracking ShellTorch Vulnerabilities Exposing TorchServe to RCE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A trio of security vulnerabilities, dubbed ShellTorch, in the open-source machine-learning model TorchServe, a tool for serving and scaling PyTorch models, could be chained to achieve remote code...
EvilProxy Phishing Attack Targets Indeed Job Platform
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new phishing campaign has emerged, specifically targeting high-profile US executives. This campaign takes advantage of open redirects from the jobs platform Indeed and employs EvilProxy to pilfer sessi...
Attacks, Vulnerabilities and Actors 18 September to 24 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, five instance of adversary activity, and eleven vulnerabilities...
Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to...
Storm-0558 Chinese Threat Actor Targets Email Accounts
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approximately 25 organizations using tactics like credential harvesting, OAuth token, and phishing...
Hive Pro’s Take on Gartner’s Top Cybersecurity Trends 2023
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI...
Critical PaperCut Security Vulnerabilities Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Attackers are leveraging severe vulnerabilities in PaperCut MF/NG software to install Atera remote management software, posing a significant risk due to proof-of-concept exploits being available...
Hive Pro: Threat Exposure Management – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Kadavro Vector Ransomware spread as a fake Tor browser installer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kadavro Vector is a NoCry ransomware variant that encrypts files and demands Monero XMR cryptocurrency for decryption. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Desert Falcon Strikes with an Upgraded Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Desert Falcons, a cyber-espionage group, has been seen deploying upgraded variants of its malware toolset in strikes against Palestine and Middle Eastern entities. To receive real-time threat advisories,...
Chinese Cyber Espionage Targets Middle Eastern Telecoms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese cyber espionage actors, Gallium and APT41, linked to Operation Soft Cell campaign, are targeting Middle Eastern telecommunications sector. To receive real-time threat advisories, please follow...
Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...
AgentTesla Trojan Returns with Phishing Campaigns Using GuLoader to Steal Secrets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The AgentTesla Trojan continues to pose a threat as attackers use GuLoader to deliver it in new phishing campaigns targeting various industries and countries...
Cyberattack on Medical and Energy Sector by Lazarus Group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for...
Brazil’s manufacturing industry under attack by Vice Society ransomware group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Vice Society ransomware group is a cyber threat group that made headlines in late 2022 and early 2023 for a series of attacks against various targets, including the rapid transit system in San...
VMware addresses Security Flaws in vRealize Log Insight
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has patched four security flaws in vRealize Log Insight aka Aria Operations for Logs that could potentially expose users to remote code execution attacks and allow an unauthenticated attack...
NetSupport RAT employs phishing campaigns that incorporate Pokemon lures
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary NetSupport Manager is a remote control tool that can be used by ordinary or corporate users to remotely control systems, but it is being abused by threat actors as it allows external control over specifi...
Cisco patched multiple critical vulnerabilities in StarOS Software
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Cisco patched two critical vulnerabilities in Redundancy Configuration Manager for StarOS software. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. An attacker could exploit th...
Breaking Down Andariel APT’s Strike on South Korean Entities
...
Over 2 Million Malicious Repositories Planted on Docker Hub
...
‘Operation FlightNight’ Targeting India with Deceptive Air Force Invitations
Summary: In a campaign dubbed Operation FlightNight, unidentified threat actors have focused on Indian government agencies and energy companies, aiming to deploy a modified variant of an open-source information stealer malware known as HackBrowserData. The threat actors have been observed...
Earth Preta’s DOPLUGS Leaves its Mark in Asia
Summary: The Chinese threat actor, Earth Preta, strategically targeted numerous Asian countries by employing a customized version of the PlugX backdoor known as DOPLUGS. This sophisticated threat was allegedly revealed during the SMUGX campaign in July 2023. Threat Level - Red | Attack Report For...
Decoding UAC-0050’s Cyber Espionage Playbook
Summary: UAC-0050, a threat actor focused on Ukraine, is using new tactics to spread the Remcos RAT. In their latest move, UAC-0050 shows advanced adaptability by cleverly avoiding detection through a hidden data transfer method and outsmarting EDR systems. Threat Level - Amber | Attack Report Fo...
PikaBot Malware Unleashes Threat via Malvertising
Summary: PikaBot, a recently identified malware family, has become a prominent threat in malvertising campaigns, particularly through search engine ads. Associated with the TA577 threat actor and linked to ransomware distribution, PikaBot employs advanced tactics, such as decoy websites and...
NKAbuse: A New Multiplatform Threat Exploiting the Blockchain Protocol
Summary: A novel malware called NKAbuse stands out as a new, Go-based, multi-platform threat. What makes this malware distinctive is its pioneering use of the peer-to-peer network connectivity protocol NKN New Kind of Network technology for data exchange. This utilization of NKN technology makes...
CVSS 4.0 Decoded: Understanding & Implementing Changes
What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...
BlueNoroff Unleashes New macOS Malware ObjCShellz
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new macOS malware variant linked to the financially motivated BlueNoroff APT group, named "ObjCShellz,“ featuring remote shell capabilities and suspicious domain communication. The malware, written in...
From Bullets to Bytes The Hamas-Israel Conflict Goes Digital
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the midst of the ongoing Israeli-Hamas conflict, a group of pro-Hamas hacktivists has emerged, utilizing a sophisticated Linux-based wiper malware known as BiBi-Linux Wiper. In the broader context of...
Summary of Vulnerabilities, Actors & Attacks: August 2023
...
New Wave of Akira Ransomware Expands Arsenal with Cisco VPN Flaws
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Akira ransomware group targets Cisco VPN to breach corporate networks and leverages tools like RustDesk for stealthy access. Avasts decryptor is ineffective against the groups updated ransomware...
Hive Pro Achieves ISO/IEC 27001: 2022 Certification
Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...
Attacks, Vulnerabilities and Actors 31 July to 6 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of one executed attack, one instance of adversary activity, and thirteen vulnerabilities,...
New Rilide Stealer Version Evades Chrome Manifest V3 Protections
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new version of the Rilide Stealer malware, evading Chromes security measures to target Chromium-based browsers in campaigns that exploit user trust through fake plugins and games, posing a significant...
Surge in 8Base Ransomware Group Activity
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary 8Base Ransomware group define themselves as “honest and simple pentesters”, have spiked their activities recently and was observed to be within the top 2 performing ransom groups. To receive real-time...
RedEyes Exploiting Ably Platform Using FadeStealer and Wiretapping Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RedEyes, a state-sponsored APT group, is targeting individuals through spear phishing emails and employing an Infostealer with wiretapping capabilities, utilizing the Ably platform for command and contro...
Flea APT Targets Foreign Ministries with New Backdoor.Graphican
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Flea APT15 targeted foreign ministries with their new backdoor, Backdoor.Graphican, leveraging Microsoft Graph API and OneDrive for C&C communication. To receive real-time threat advisories, please follo...
New Zaraza Bot Malware Steals Login Credentials from 38 Web Browsers via Telegram
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new credential-stealing malware named Zaraza bot uses Telegram as its command and control, targeting 38 web browsers and exfiltrating sensitive data for potential identity theft and financial fraud. To...
Multiple Command Injection Vulnerabilities Found in Cisco EPNM, ISE, and Prime Infrastructure
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary An attacker with authenticated, local access can exploit these vulnerabilities to escape the restricted shell and gain root privileges on the operating system. To receive real-time threat...
New HinataBot Go-Based Botnet with DDoS Capabilities and Mirai Connection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HinataBot is a newly discovered Go-based botnet that spreads through old vulnerabilities and weak credentials. It carries out DDoS flooding attacks and has a connection with the Mirai malware family. To...