1589 matches found
Attackers can bypass authentication in Cisco SMA & ESA
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An attacker can login into a web management interface of an affected system to perform bypass authentication remotely...
APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...
Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities
...
Attacks, Vulnerabilities and Actors 20 to 26 May 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of twelve attacks were executed, four vulnerabilities were uncovered, and three active adversaries...
D3Fack Loader: New Malware Exploits Google Ads and EV Certificates
...
Grandoreiro Trojan: An Evolving Threat to Global Banking
...
CISA Known Exploited Vulnerability Catalog April 2024
Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...
The Enigmatic ‘Muddling Meerkat’ Poses a Nation-State DNS Puzzle
...
KageNoHitobito and DoNex Ransomware Plaguing Global Entities
...
LazyStealer the Unconventional Approach to Cyber Espionage
...
Malware Concealed Within PDFs for Data Theft
Summary: In a recently observed campaign an infostealer masquerading as the Adobe Reader installer was being distributed. The file is being distributed by the threat actor in PDF format, luring people to download and execute it, collecting sensitive information. Threat Level - Amber | Attack Repo...
Uni5 Xposure: The Top 5 Benefits of Integrating With Patch Management Tools
What Does Uni5 Xposure Do? Uni5 Xposure is a comprehensive security solution tailored to conquer the challenges of risk-based vulnerability management and its evolved form, threat exposure management. Through its robust suite of features, Uni5 Xposure offers a dynamic approach to security...
LockBit’s Resurgence After Operation Cronos
Summary: LockBit ransomware, previously known as "ABCD," remains a significant threat despite the recent takedown of its operations by global law enforcement. It reemerged within 4 days and its Affiliates were found exploiting vulnerabilities in ScreenConnect to install LockBit ransomware and...
VietCredCare Operates As Stealer-as-a-Service, Targeting Meta Sessions
Summary: Since August 2022, a previously unidentified information stealer known as VietCredCare has emerged. This stealer is notable for its capability to automatically sort through credentials specifically for the service it targets. The primary objective of threat actors employing VietCredCare ...
North-Korean Cyber-Espionage Operations Grapples Defense Sector
Summary: There is an ongoing cyber-espionage campaign purportedly led by the North Korean threat actors, specifically targeting the global defense industry. The primary objective of these attacks is to acquire data pertaining to advanced military technology, with the intention of assisting North...
FAUST: A Phobos Ransomware Variant Launches Fileless Attack
Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from...
CISA Known Exploited Vulnerability Catalog December 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
UAC-0099 Utilizes WinRAR Exploit to Deploy LONEPAGE Malware
Summary: UAC-0099, a threat actor, has been involved in persistent attacks targeting Ukraine. These attacks leverage a critical vulnerability in WinRAR to deploy a malware strain known as LONEPAGE. Notably, the threat actor focuses on Ukrainian employees working for organizations outside of...
Mallox Ransomware A Resurgent Threat Exploiting MS-SQL Flaws
Summary: Mallox is a resilient Ransomware-as-a-Service RaaS threat, utilizing tactics like exploiting MS-SQL vulnerabilities and employing brute force attacks. Operating with a prolonged presence, Malloxs recent variant, "Mallox.Resurrection," exhibits consistent functionalities, emphasizing the...
Hackers Infiltrate Russian Government and Industrial Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Numerous governmental and pivotal industrial entities in Russia fell victim to a sophisticated Go-based custom backdoor. This malicious software was specifically crafted for data theft, suggesting its...
Prolonged Pursuit of OilRig APT Targeting Middle East Government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iran-affiliated threat actor known as OilRig orchestrated a sophisticated eight-month campaign directed at the Middle East government, during which the attackers managed to steal sensitive files and...
Earth Lusca’s Sneaky Moves Unleashes New Linux Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Lusca, a highly sophisticated Chinese threat actor, is believed to have resumed its operations in the first half of 2023. This cyber espionage group utilizes the SprySOCKS backdoor, primarily...
3AM Ransomware: LockBit’s Failed Standoff Revealed
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware variant, self-dubbed 3AM has arisen as a result of a rogue attack conducted by a ransomware affiliate. Initially, this affiliate attempted to install the LockBit ransomware on a targets...
FreeWorld Ransomware Targets MSSQL Servers Facing Siege
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Adversaries are capitalizing on inadequately protected Microsoft SQL MS SQL servers in an operation known as DBJAMMER, deploying both Cobalt Strike and a ransomware strain named FreeWorld, which appears ...
CISA Known Exploited Vulnerability Catalog August 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Lazarus Group Uses ManageEngine Exploit to Unlock Path for QuiteRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group, a threat actor associated with North Korea, has been detected utilizing a recently patched critical security vulnerability in Zoho ManageEngine ServiceDesk Plus. This vulnerability was...
DroxiDat Targets Southern African Power Utility
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a targeted operation, an unidentified actor strategically deployed the advanced DroxiDat proxy-capable backdoor alongside Cobalt Strike beacons. The operation was aimed at a critical power utility...
Reptile Rootkit Targets Linux Systems in South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting...
Attacks, Vulnerabilities and Actors 24 July to 30 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, We identified a total of six executed attacks, one adversary activities, and five zero-day vulnerabilities including...
Citrix Netscaler ADC and Gateway Vulnerabilities Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has released a zero-day critical patch for a remote code execution vulnerability in Netscaler ADC and Netscaler Gateway that has been exploited, along with two other vulnerabilities. Urgent...
Hive Pro Announces Relocation and Expansion of Headquarters to Support Growing Cybersecurity Demand
New Headquarters to Catalyze Innovation and Strengthen Commitment to Customer Success July 19, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market is thrilled to announce its upcoming corporate relocation to a new state-of-the-art headquarters in Herndon, Virginia. Th...
Condi Malware Strikes TP-Link Routers for DDoS Rampage
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Condi, a recently discovered malware, utilizes a security vulnerability within TP-Link Archer Wi-Fi routers to ensnare these devices into a botnet specifically designed for launching distributed...
ChamelGang Strikes Again With ChamelDoH Malware XDNS-over-HTTPS
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Chinese threat group ChamelGang has developed the Linux malware ChamelDoH, which uses DNS-over-HTTPS for encrypted communication with attackers. To receive real-time threat advisories, please follow...
Fortinet Releases Patch for Pre-announced Critical Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical vulnerability in FortiOS and FortiProxy SSL-VPN, resolving a heap-based buffer overflow pre-authentication flaw. This update is crucial because the vulnerability...
Stealth Soldier Strikes North Africa with Espionage Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Stealth Soldier is a backdoor malware that conducts surveillance and espionage attacks. It targeted North Africa by mimicking Libyan websites to distribute malware. To receive real-time threat advisories...
New AndoryuBot Malware Exploits Ruckus Wireless Flaw for DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AndoryuBot targets critical Ruckus Wireless Admin panel vulnerability to infect Wi-Fi access points for use in DDoS attacks, malware supports 12 DDoS attack modes and is marketed through YouTube videos. ...
Kimsuky APT Group Employs ReconShark
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a North Korean APT group, is using a new malware tool called ReconShark to conduct global cyberattacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Actors, Threats and Vulnerabilities 01 to 07 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eight attacks executed, taking advantage of different vulnerabilities in various...
Dragon Breath APT Evolves with Double DLL Sideloading
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Dragon Breath APT targets the gambling industry using the double-clean-app technique & DLL sideloading. Chinese-speaking Windows users are being targeted. To receive real-time threat advisories, please...
CISA Known Exploited Vulnerability Catalog April 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
North Korean-Backed Group’s Sparks X_Trader Supply Chain Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The XTrader software supply chain attack affected at least a number of critical infrastructure entities in the United States and Europe. To receive real-time threat advisories, please follow HiveForce La...
New Wave of QBot Attacks Detected via Malicious PDF Attachments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new wave of QBot banking Trojan attacks was identified in April 2023, utilizing malicious PDF attachments in emails written in various languages. To receive real-time threat advisories, please follow...
CISA Known Exploited Vulnerability Catalog March 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...
BlackLotus UEFI Bootkit Exploits Windows 11 vulnerability
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackLotus is a UEFI bootkit that can exploit a vulnerability in Windows 11 systems and is advertised and sold on underground forums for $5,000...
8220 Gang leverages ScrubCrypt in Cryptojacking Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The 8220 Gang leverages ScrubCrypt for crypto-jacking, which is available on HackForums for $40 per month or up to $200 for a lifetime...
Unveiling the Malicious Tactics of LokiBot Malware
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary LokiBot is a constantly evolving information-stealing malware that creates a backdoor on infected machines to collect sensitive data, and it uses ISO files and API...
Malicious DPRK Actors Target the Healthcare Industry in the US & South Korea
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary State-sponsored malicious actors from the Democratic Peoples Republic of Korea DPRK have carried out a ransomware attack against the healthcare systems of South Korea...
A New Info-Stealing Malware Named “Stealc” Targeting Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new information-stealing malware called Stealc was discovered in January 2023. This malware is designed to steal sensitive information from various sources including web browsers, desktop cryptocurrenc...
ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners...
New Ransomware Campaign “TZW” Linked to GlobeImposter Targets South Korean Organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware campaign called TZW is affecting organizations in South Korea. The campaign is linked to the known malware family GlobeImposter, suggesting that the actors behind GlobeImposter are...