1589 matches found
Hive Pro Named ‘Startup of the Year – Security Software’ in the Globee Awards 18th Annual Cyber Security Global Excellence Awards®
Milpitas, California, March 28 - Hive Pro announced today that The Globee® Awards, organizers of world’s premier business awards programs and business ranking lists, has named Hive Pro a winner in the 18th Annual 2022 Cyber Security Global Excellence Awards®. These prestigious global awards...
WordPress plugins affected by critical vulnerability impacting 84,000 websites
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress powers over 43.0% of all the websites on the Internet. A Cross-Site Request Forgery vulnerability CVE-2022-0215 was discovered in three plugins of WordPress. This flaw made it possible for an attacker to update...
The RokRAT Epidemic in South Korea
...
ArcaneDoor a Novel Espionage Campaign Exploits Cisco Zero-Days
...
APT28 Exploits Windows Print Spooler Flaw with GooseEgg
...
OpenMetadata Flaws Exploited for Cryptojacking on Kubernetes
...
LockBit 3.0 Builder Unleashed Custom Ransomware on the Rise
...
Vulnerability in PuTTY Client Allows Recovery of Private Key
...
LazyStealer the Unconventional Approach to Cyber Espionage
...
Critical RCE Flaw Found in Fortinet FortiClientLinux
...
XZ Utils Backdoored, A Supply Chain Nightmare
Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...
TimbreStealer Focuses On Mexico With Social Engineering
Summary: Since at least November 2023, there has been a persistent phishing spam campaign targeting potential victims in Mexico. The campaign entices users to download TimbreStealer, a new information stealer that has been disguised. This campaign use financial-themed phishing emails to lure...
WogRAT Backdoor Poses Risk to Windows and Linux Users
Summary: WogRAT, a backdoor malware targeting both Windows and Linux, spreads through aNotepad, an online notepad service. It disguises itself as system tools to trick users into downloading it, mainly targeting users in Asia. Users are cautioned to download software from official sources and...
BlackCat’s Resurgence Despite Law Enforcement Disruptions
Summary: Blackcat, a sophisticated Ransomware-as-a-Service operation, infiltrates networks using advanced social engineering and remote access tools, offering triple extortion tactics and cyber remediation advice for ransom payment, and resurged after a December 2023 disruption, causing widesprea...
CherryTree Impostor Dubbed CherryLoader Makes Its Move
Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...
Novel Go-Based Malware Unleashes Coordinated Strikes on macOS and Windows
Summary: A recently identified threat known as JaskaGO has surfaced as a new cross-platform information stealer malware. This malware is designed to target and compromise systems running both Windows and Apple macOS operating systems. Threat Level - Red | Attack Report For a detailed threat...
Gaza Cybergang’s Pierogi++ Upgrade Takes Center Stage
Summary: The Gaza Cybergang, a sophisticated threat actor, has recently intensified its attacks by deploying an advanced version of the Pierogi backdoor malware. This group focuses its cyber operations primarily on Palestinian entities and Israel, with a historical record of targeting entities...
Adversaries Leverage Social Media to Disseminate New Python-Based Stealer
Summary: A recently identified malicious campaign involves the use of WinRAR archive files with minimal detection to execute a multi-stage attack. The payload, known as Editbot, is a newly discovered Python-based stealer. Editbot is specifically designed to extract process information and data...
North Korean APT’s Covert Supply-Chain Ambush
Summary: There has been a significant increase in software supply chain attacks orchestrated by North Korean hackers. Notably, the MagicLine4NX and 3CX compromises gained attention, with the Lazarus hacking group employing a sophisticated approach. They leverage a zero-day vulnerability in the...
Jupyter Infostealer Returns with New Addition to Its Arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Jupyter Infostealer is a malware variant initially discovered in late 2020. Since then, it has undergone continued evolution, altering its delivery methods and techniques to avoid detection and establish...
Quasar RAT Utilizes DLL Side-Loading to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Quasar RAT is an open-source remote access trojan that has been used by cybercriminals and threat actors for various malicious purposes. The use of DLL side-loading is a sophisticated technique that allo...
Unveiling Lu0Bot Malware A Node.js-Based Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...
Unveiling Operation Jacana: Targeting the Guyana Government with DinodasRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber espionage campaign named Operation Jacana was identified in February 2023, targeting a government entity in Guyana. This campaign began with a spear-phishing attack and resulted in the deployment...
Summary of Vulnerabilities, Actors & Attacks: September 2023
...
New Variant of RedLine Stealer Uses Batch Script to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of RedLine Stealer that is being distributed as a batch script file. This new variant of RedLine Stealer is more sophisticated than previous versions and uses a number of techniques to evad...
Critical Remote Code Execution Vulnerabilities Discovered in ASUS Routers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Three critical-severity remote code execution vulnerabilities have been identified in ASUS routers. These vulnerabilities have the potential to allow threat actors to take control of these devices...
PCI DSS Compliance with Hive Pro Threat Exposure Management
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
New Variant of Chaes Malware ‘Chae$ 4’ Targeting Financial and Logistics Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new Chaes malware variant, "Chae$ 4," targeting logistics, finance, and prominent platforms has emerged with enhanced capabilities, including Python-based architecture and an expanded range of targeted...
MinIO Vulnerabilities Exposed as Hackers Breach Through Storage
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is...
Knocking the Surface of Rhysida Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Rhysida ransomware campaign is rapidly gaining notoriety, driven by a series of successful infiltrations into healthcare institutions. This surge in attacks requires government entities and the targe...
Realst Infostealer Hides Behind Phony Blockchain Games
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Multiple counterfeit blockchain games are being exploited to infiltrate both Windows and macOS systems with a sophisticated infostealer developed in Rust, known as realst. This malicious software...
Hackers Target WooCommerce Payments Plugin to Hijack Websites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are orchestrating a widespread campaign to exploit a pivotal WooCommerce Payments plugin, thereby acquiring the privileges of various users, including those with administrator statu...
Charming Kitten’s Latest Malware Arsenal and Targeting Strategies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an adaptable threat actor, has shifted to new malware tactics and targets by employing LNK infection chains and utilizing cloud hosting providers. This evolution in their approach poses ...
European Ministries Fall Victim to Chinese Hacker’s SmugX Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Chinese nation-state group has been persistently conducting a campaign targeting Foreign Affairs ministries and embassies in Europe. They employ HTML smuggling techniques to distribute a new variant of...
Unveiling Cadet Blizzard APT’s Wiper Attacks Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cadet Blizzard, a Russian GRU-sponsored threat group, conducted major cyber operations using WhisperGate, a customized wiper malware, to demonstrate their destructive capabilities through targeted attack...
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...
New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...
Actors, Threats and Vulnerabilities 24 to 30 April 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of eight attacks that were executed. These attacks were taking advantage of three different...
Fortinet Addresses Security Flaws Across Multiple Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet releases security updates for multiple products, including a significant FortiPresence vulnerability patch. To receive real-time threat advisories, please follow HiveForce Labs on LinkedI...
Mispadu Targets Latin America with MalSpamming
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mispadu has been linked to various spam campaigns, and it is capable of stealing both monetary and credential information while acting as a backdoor through keystroke and screenshot capture. To receive...
Actors, Threats and Vulnerabilities 13 March to 19 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in informati...
Actors, Threats and Vulnerabilities 27 February to 5 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs discovered six actors that have been active in the past week. TA866, APT-C-61, and DEV-0569 are cybercrime groups that focus on Financial gain. The other three...
Apple Discovers Three New Vulnerabilities in macOS Ventura 13.2
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has updated its macOS Ventura 13.2 advisories to include three new vulnerabilities. One of them is a race condition affecting the crash reporter component, which can allow an attacker to rea...
Exploiting ChatGPT’s Popularity for Malware Distribution
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The attack on ChatGPT involved the exploitation of its widespread usage to distribute malware and carry out various cyber-attacks, including phishing and typosquatting...
Mylobot: A Sophisticated Botnet Malware Targeting Computers Worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mylobot is a Windows-targeting malware and was first discovered in 2017. It has not received much attention since then, but it is noteworthy for its ability to transform the infected system into a proxy...
Revealing the Tonto Team’s Latest Hacks and Menaces
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Tonto Team, a Chinese hacking group, has been linked to attacks on various Asian and Eastern European organizations. In June 2022, an advanced persistent threat APT attempted to hack a cybersecurity...
Uncovering the Threat of BlueBravo with GraphicalNeutrino and BEATDROP
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GraphicalNeutrino and BEATDROP are malicious software used by the Russian-linked threat group BlueBravo in targeted cyber attacks, using legitimate Western services for command-and-control communications...
Control Web Panel OS Command Injection Exploitation Increases After POC Release
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary On January 3, 2023, a security researcher published a proof-of-concept exploit for a vulnerability in Control Web Panel CWP that allows unauthenticated remote code execution. By January 6, the...
NeedleDropper malware leverages a memory corruption flaw in Microsoft to disseminate
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new dropper strain dubbed NeedleDropper is used to distribute multiple malware families. The dropper attempts to obfuscate by dumping numerous useless, invalid files and storing critical data within...
Trading platforms are in jeopardy due to ArkeiStealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors are currently disseminating ArkeiStealer via Windows Installer binaries disguised as trading applications. The trading application has been backdoored with the SmokeLoader downloader, which...