1589 matches found
Nation-State Actors MERCURY and Partner DEV-1084 Carry Out Destructive Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MERCURY, a nation-state actor linked to the Iranian government, worked with another actor, DEV-1084, to carry out a destructive attack. To receive real-time threat advisories, please follow HiveForce Lab...
Chinese Cyber Espionage Targets Middle Eastern Telecoms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese cyber espionage actors, Gallium and APT41, linked to Operation Soft Cell campaign, are targeting Middle Eastern telecommunications sector. To receive real-time threat advisories, please follow...
Cyberattack on Medical and Energy Sector by Lazarus Group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for...
Headcrab malware is targeting Redis servers worldwide to mine Monero
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HeadCrab is a new and severe malware that is infiltrating and residing on servers worldwide. It is a custom-made Redis-based malware that is undetectable by traditional anti-virus solutions and has...
A new EmojiDeploy attack has been found in an Azure service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerabilit...
Destructive data wipers and worms targeting Ukrainian organizations
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Cybersecurity & Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have jointly released an advisory and warned of an ongoing cyber attack using destructive malware targeting organizations in Ukrai...
Threat Campaign by Molerats uses NimbleMamba Malware to target Middle East
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An APT group Molerats associated with Gaza has launched a new threat campaign using a malware NimbleMamba aimed at Middle Eastern governments, foreign policy think tanks, and even a state-owned airline. The current attack was...
Goldoon Botnet Exploits Longstanding D-Link Vulnerability
...
Hive Pro Announces Launch of Alliance Partner Program in North America for MSPs and VARs
Herndon, VA – 01 April 2024 – Hive Pro, a pioneer vendor in Threat Exposure Management, announced the formal launch of its North America Alliance Partner Program for Managed Service Providers MSP and Value-Added Resellers VARs. This initiative aims to empower Managed Service Providers MSPs and...
Earth Krahang APT Campaign Targeting Global Governments
Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...
SPIKEDWINE Ploy to Infiltrate EU Diplomatic Circles
Summary: The SPIKEDWINE threat actor has been identified orchestrating a sophisticated cyber operation targeting European Union diplomats with a deceptive wine-tasting event. Its primary goal is to disrupt geopolitical relations between India and Europe through the deployment of a modular backdoo...
MuddyWater Returns with a New Spear-Phishing Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, the Iranian nation-state actor, has been identified in a new spearphishing campaign targeting two Israeli entities and deploying a legitimate remote administration tool known as N-able Advanc...
Celebrity Vulnerability Report | Navigating Challenges with HivePro Uni5
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Cracking ShellTorch Vulnerabilities Exposing TorchServe to RCE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A trio of security vulnerabilities, dubbed ShellTorch, in the open-source machine-learning model TorchServe, a tool for serving and scaling PyTorch models, could be chained to achieve remote code...
EvilProxy Phishing Attack Targets Indeed Job Platform
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new phishing campaign has emerged, specifically targeting high-profile US executives. This campaign takes advantage of open redirects from the jobs platform Indeed and employs EvilProxy to pilfer sessi...
Attacks, Vulnerabilities and Actors 18 September to 24 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, five instance of adversary activity, and eleven vulnerabilities...
Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to...
Storm-0558 Chinese Threat Actor Targets Email Accounts
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approximately 25 organizations using tactics like credential harvesting, OAuth token, and phishing...
Hive Pro’s Take on Gartner’s Top Cybersecurity Trends 2023
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI...
Critical PaperCut Security Vulnerabilities Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Attackers are leveraging severe vulnerabilities in PaperCut MF/NG software to install Atera remote management software, posing a significant risk due to proof-of-concept exploits being available...
Hive Pro: Threat Exposure Management – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
New Zaraza Bot Malware Steals Login Credentials from 38 Web Browsers via Telegram
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new credential-stealing malware named Zaraza bot uses Telegram as its command and control, targeting 38 web browsers and exfiltrating sensitive data for potential identity theft and financial fraud. To...
Kadavro Vector Ransomware spread as a fake Tor browser installer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kadavro Vector is a NoCry ransomware variant that encrypts files and demands Monero XMR cryptocurrency for decryption. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Desert Falcon Strikes with an Upgraded Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Desert Falcons, a cyber-espionage group, has been seen deploying upgraded variants of its malware toolset in strikes against Palestine and Middle Eastern entities. To receive real-time threat advisories,...
Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...
AgentTesla Trojan Returns with Phishing Campaigns Using GuLoader to Steal Secrets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The AgentTesla Trojan continues to pose a threat as attackers use GuLoader to deliver it in new phishing campaigns targeting various industries and countries...
Brazil’s manufacturing industry under attack by Vice Society ransomware group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Vice Society ransomware group is a cyber threat group that made headlines in late 2022 and early 2023 for a series of attacks against various targets, including the rapid transit system in San...
VMware addresses Security Flaws in vRealize Log Insight
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has patched four security flaws in vRealize Log Insight aka Aria Operations for Logs that could potentially expose users to remote code execution attacks and allow an unauthenticated attack...
DragonSpark Attacks Targeting East Asian Countries Using SparkRAT Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Recently, a group of cyber-attacks against organizations in East Asia has been identified and named "DragonSpark". These attacks are known for using a relatively unknown open-source tool called SparkRAT,...
NetSupport RAT employs phishing campaigns that incorporate Pokemon lures
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary NetSupport Manager is a remote control tool that can be used by ordinary or corporate users to remotely control systems, but it is being abused by threat actors as it allows external control over specifi...
Cisco patched multiple critical vulnerabilities in StarOS Software
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Cisco patched two critical vulnerabilities in Redundancy Configuration Manager for StarOS software. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. An attacker could exploit th...
Breaking Down Andariel APT’s Strike on South Korean Entities
...
Over 2 Million Malicious Repositories Planted on Docker Hub
...
‘Operation FlightNight’ Targeting India with Deceptive Air Force Invitations
Summary: In a campaign dubbed Operation FlightNight, unidentified threat actors have focused on Indian government agencies and energy companies, aiming to deploy a modified variant of an open-source information stealer malware known as HackBrowserData. The threat actors have been observed...
Earth Preta’s DOPLUGS Leaves its Mark in Asia
Summary: The Chinese threat actor, Earth Preta, strategically targeted numerous Asian countries by employing a customized version of the PlugX backdoor known as DOPLUGS. This sophisticated threat was allegedly revealed during the SMUGX campaign in July 2023. Threat Level - Red | Attack Report For...
Decoding UAC-0050’s Cyber Espionage Playbook
Summary: UAC-0050, a threat actor focused on Ukraine, is using new tactics to spread the Remcos RAT. In their latest move, UAC-0050 shows advanced adaptability by cleverly avoiding detection through a hidden data transfer method and outsmarting EDR systems. Threat Level - Amber | Attack Report Fo...
PikaBot Malware Unleashes Threat via Malvertising
Summary: PikaBot, a recently identified malware family, has become a prominent threat in malvertising campaigns, particularly through search engine ads. Associated with the TA577 threat actor and linked to ransomware distribution, PikaBot employs advanced tactics, such as decoy websites and...
NKAbuse: A New Multiplatform Threat Exploiting the Blockchain Protocol
Summary: A novel malware called NKAbuse stands out as a new, Go-based, multi-platform threat. What makes this malware distinctive is its pioneering use of the peer-to-peer network connectivity protocol NKN New Kind of Network technology for data exchange. This utilization of NKN technology makes...
CVSS 4.0 Decoded: Understanding & Implementing Changes
What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...
BlueNoroff Unleashes New macOS Malware ObjCShellz
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new macOS malware variant linked to the financially motivated BlueNoroff APT group, named "ObjCShellz,“ featuring remote shell capabilities and suspicious domain communication. The malware, written in...
From Bullets to Bytes The Hamas-Israel Conflict Goes Digital
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the midst of the ongoing Israeli-Hamas conflict, a group of pro-Hamas hacktivists has emerged, utilizing a sophisticated Linux-based wiper malware known as BiBi-Linux Wiper. In the broader context of...
Summary of Vulnerabilities, Actors & Attacks: August 2023
...
New Wave of Akira Ransomware Expands Arsenal with Cisco VPN Flaws
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Akira ransomware group targets Cisco VPN to breach corporate networks and leverages tools like RustDesk for stealthy access. Avasts decryptor is ineffective against the groups updated ransomware...
TargetCompany Ransomware’s FUD Obfuscation Maneuvers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TargetCompany ransomware employs a combination of its proprietary variant and the BatCloak obfuscator engine, acclaimed for its full undetectability FUD capabilities. Accompanying this fusion is the...
Hive Pro Achieves ISO/IEC 27001: 2022 Certification
Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...
Attacks, Vulnerabilities and Actors 31 July to 6 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of one executed attack, one instance of adversary activity, and thirteen vulnerabilities,...
New Rilide Stealer Version Evades Chrome Manifest V3 Protections
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new version of the Rilide Stealer malware, evading Chromes security measures to target Chromium-based browsers in campaigns that exploit user trust through fake plugins and games, posing a significant...
Surge in 8Base Ransomware Group Activity
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary 8Base Ransomware group define themselves as “honest and simple pentesters”, have spiked their activities recently and was observed to be within the top 2 performing ransom groups. To receive real-time...
RedEyes Exploiting Ably Platform Using FadeStealer and Wiretapping Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RedEyes, a state-sponsored APT group, is targeting individuals through spear phishing emails and employing an Infostealer with wiretapping capabilities, utilizing the Ably platform for command and contro...