1589 matches found
Internet Explorer Zero-Day Vulnerability Exploited by APT 37
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korean hackers identified as APT37 exploited a previously unknown Internet Explorer zero-day vulnerability to infect South Koreans, North Korean defectors, policymakers, journalists, and human righ...
Authentication Bypass Vulnerabilities in VMware Workspace ONE Assist
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities exist in VMwares Workspace ONE Assist solution, some of which can be exploited for authentication bypassing to gain admin-level access. A vulnerability in VMware...
Zero-day vulnerability uncovered in Trend Micro Apex One
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, along with several other issues, has been addressed by Trend Micro. It has been identified as CVE-2022- 40139 and could allow attackers to execute remote code...
Novel remote access trojan CodeRAT uncovered
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CodeRAT is a remote access trojan RAT. The malicious operation, which appears to have originated in Iran, employed a Word document with a Microsoft Dynamic Data Exchange DDE exploit to target...
Moisha Ransomware spotted launching highly targeted attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Moisha ransomware based on .Net was first mentioned in mid-August, along with the PTMOISHA team, the threat actor behind it. This ransomware was developed to carry out very targeted attacks, as indicated...
Hive Pro Welcomes Pierre Noel as New Chief Information Security Officer
New CISO to Support Growth Milpitas, California, July 28, 2022 -- Hive Pro, a cyber security company specializing in Cyber Threat Exposure Management, has appointed Pierre Noel as its new Chief Information Security Officer CISO. He has been hired with the vision of supporting growth in the compan...
Weekly Digest 30 May – 5 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 412 24 1 45 3 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 412 vulnerabilities out of which 2...
Lazarus distributes Nukesped to VMware Horizon Servers by exploiting Log4J
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Lazarus, a North Korean threat actor group, is deploying Nukesped aka Manuscrypt malware on unpatched VMware Horizon servers by exploiting the Log4J remote code execution vulnerability...
Actively exploited vulnerability affects Trend Micro Apex Central
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here Trend Micro Apex Central on-premise and as a Service has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulti...
Zero-day vulnerability in Zimbra Servers being exploited-in-the-wild
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day cross-site scripting XSS vulnerability has been discovered in the Zimbra email software. A threat actor is taking advantage of this issue by launching a targeted spear-phishing attack named Operation EmailThief. Two...
TA558’s SteganoAmor Campaign Targets Organizations Worldwide
...
Attackers Exploit 8-Year-Old Redis Servers to Deploy Metasploit Meterpreter
...
Malvertising Campaign Unleashes Nitrogen Malware Via Fake Installers
...
StrelaStealer Resurfaces with Upgraded Attack Chain
Summary: A recent wave of phishing attacks has been detected, targeting over 100 organizations across the United States and the European Union. These attacks aim to distribute StrelaStealer, a dynamic information-stealing malware. The attackers employ spam emails containing attachments that...
The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group
Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEPGOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan RAT software for full control over infected hosts, while employing legitimate services like Dropbox for comman...
TA4903 Spoofing Government Entities and SMBs for Financial Gain
Summary: TA4903, a financially motivated threat actor, conducts high-volume email campaigns targeting U.S. organizations for credential phishing and business email compromise BEC. They spoof various U.S. government agencies and private businesses, employing tools like EvilProxy and incorporating ...
New Backdoor Masquerading as a Software Update Agent, Targets macOS
Summary: Apple macOS users are currently being targeted by a newly discovered Rust-based backdoor known as RustDoor. This backdoor masquerades as an update for Microsoft Visual Studio and is designed to target both Intel and Arm architectures. RustDoor is equipped with various commands, enabling ...
Kimsuky Group’s Intriguing Exploits with AppleSeed Malware
Summary: The Kimsuky group has been actively utilizing weaponized LNK files to deploy the AppleSeed malware. While the group typically relies on spear-phishing attacks for initial access, their recent campaigns have prominently featured the use of shortcut-type malware in LNK file format. AppleSe...
Atomic Stealer Sneaks In via Fake Browser Updates
Summary: The macOS information-stealing malware known as Atomic, or AMOS, is currently being delivered to targets through a deceptive web browser update chain known as ClearFake. ClearFake is a recent malware campaign that exploits compromised websites to distribute fake browser updates. Threat...
ExelaStealer A New Entrant in the InfoStealer Landscape
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ExelaStealer is a newly discovered InfoStealer malware that emerged in August 2023. Its distinctive feature lies in being an open-source tool, customizable for a fee. Primarily coded in Python,...
Attacks, Vulnerabilities and Actors 16 October to 22 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of twenty-three attacks were executed, ten vulnerabilities were discovered, and five active adversaries were...
China’s Cyber Espionage Targets Semiconductor Giants in East Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In recent cyber espionage activities, threat actors affiliated with the Peoples Republic of China PRC have targeted semiconductor companies operating in Mandarin/Chinese-speaking regions of East Asia...
Attacks, Vulnerabilities and Actors 7 August to 13 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, three vulnerabilities, and three different adversaries...
New Yashma Ransomware Variant Mimics WannaCry in New Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Vietnamese-origin threat actor employs a Yashma ransomware variant since June 2023, using unique GitHub-based ransom note delivery and mimicking WannaCry. This operation demonstrates the accelerated...
New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...
Hive Pro Secures Second Round of Seed Funding to Expand Headquarters and Enhance Hive Pro Threat Exposure Management Platform
July 12, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, announced today that they have closed $4 million in their seed funding round from private investors. The successful completion of Hive Pro’s second round of seed funding will support the continued delivery ...
Andariel Group unleashes New EarlyRAT malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Andariel is a sub-group of Lazarus and is remarkably stealthy in its operation. Recently they have developed new malware called EarlyRAT. To receive real-time threat advisories, please follow HiveForce La...
APT28 Leveraged Three Roundcube Exploits in Espionage Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 conducted a sophisticated campaign targeting prominent organizations in Ukraine. The campaign involved spear-phishing emails, and these attachments exploited vulnerabilities in the Roundcube webmai...
Volt Typhoon Chinese Espionage Group Targets U.S. Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Volt Typhoon, a state-sponsored threat group from China, employs stealthy techniques, exploits vulnerabilities, and focuses on espionage in cyber operations targeting critical infrastructure organizations...
New BlackBit Ransomware Targets South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BlackBit ransomware, a variant of LokiLocker, checks keyboard layout, disables defenses, and presents payment info through various methods. To receive real-time threat advisories, please follow HiveForce...
Charming Kitten Hackers Utilize New Tactics with BellaCiao Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT group, Charming Kitten, is using a new, sophisticated malware called BellaCiao to target specific victims in multiple regions, employing unique communication tactics with its...
New Tomiris APT Group Targets Governments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Tomiris is a Russian-speaking advanced persistent threat APT group that has been active since at least 2021 and is known for its use of sophisticated tactics and tools, including zero-day exploits and...
Reaper, North Korean hacking group, targets defectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korea-linked hacking group Reaper has recently been observed engaging in surveillance of North Korean defectors. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Two New Vulnerabilities Discovered in TPM 2.0 Library
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Trusted Platform Module TPM 2.0 specification, a hardware-based technology used to provide tamper-resistant secure cryptographic functions, is affected by...
ParallaxRAT targets cryptocurrency organizations through phishing emails
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ParallaxRAT is a remote access Trojan RAT that has been distributed through phishing emails since December 2019. Recently, ParallaxRAT has been targeting cryptocurren...
Israel’s Technion Targeted by DarkBit Ransomware’s Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DarkBit ransomware is a newly emerged threat in the cybersecurity scene that has targeted Technion - Israel Institute of Technology, a prestigious academic institution in Israel. The attackers behind...
Threat Exposure Management: An Overview
In recent years, the threat landscape has rapidly evolved, resulting in a growing number of cyber security incidents. This has led organizations to focus on the effective management of their threat exposure, as a means of mitigating the risk of cyber attacks. Threat exposure management is a...
Citrix Resolves Vulnerabilities in Virtual Apps and Workspace Apps
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix Systems has addressed vulnerabilities in its Virtual Apps and Desktops, as well as Workspace Apps products, that could potentially enable attackers with local access to the target to elevat...
Unveiling the Advanced Rust-based Nevada Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new type of ransomware named "Nevada Ransomware" has been identified. The creators of this ransomware have established an affiliate program that was initially introduced in the RAMP underground...
New Ransomware Mimic Emerges in the Wild, Abusing Legitimate Tool for Faster Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mimic is a new ransomware that uses the APIs of a legitimate tool called Everything to encrypt target files and has multiple capabilities such as deleting shadow copies, terminating multiple applications...
Chrome 109 addresses an array of security flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux addresses a number of security flaws. The flaws allow a remote attacker to get access to potentially sensitive information b...
Middle East targeted by Earth Bogle using NjRAT malware
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Bogles active campaign hosts malware on public cloud storage sites like files.fm and failiem.lv. Compromised web servers also distribute NjRAT, also known as Bladabindi, a remote access trojan RAT...
Malware Distribution via Google PPC by IcedID Botnet Distributors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The IcedID botnet has been using Google pay-per-click ads to distribute itself through malvertising attacks since December 2022. Malvertising involves the use of malicious ads that are displayed in searc...
China-based MirrorFace APT group targeting Japanese Political Entities
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A Chinese-speaking APT group named MirrorFace has started its attacks by spearphishing campaign with LODEINFO backdoor, targeting Japanese political entities since June 29, 2022 and this campaign operatio...
Typhon Stealer back with new variant named Typhon Reborn
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Typhon Stealer, a malware who became widely known for its capabilities to steal crypto wallets, monitor keystrokes, and evade antivirus programs, became widely known in early August 2022. Soon after, the...
BATLOADER- Evasive Malware leverages SEO poisoning
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary "BatLoader" dropper is used to dispense a range of malware tools on victim devices, including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit. BatLoader malware actor...
Dangerous Savanna campaign attacked African financial institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary For the past two years, a malicious campaign known as DangerousSavanna has been targeting various financial service firms in Africa. The attackers use spear-phishing to infiltrate financial institution...
You’re never going to be able to fix every security vulnerability, but knowing where to start helps
Milpitas, California, August 29, 2022 -- IT security operations, risk management and infrastructure teams face a daily challenge: do more with less. And in the face of increasing threats from cybercriminals and exponentially expanding attack vectors, teams are going to have to turn to intelligent...
Iranian APT’s new data extraction tool Hyperscrape
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts...
Two zero-day vulnerabilities in macOS when chained can take over the entire system
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Two zero-day vulnerabilities have been discovered in Apple macOS. Both could allow an attacker to execute arbitrary code. These new issues bring the total number of zero-day vulnerabilities discovered in...