1589 matches found
Manjusaka – Cybercriminal’s new attack framework weapon
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The command and...
APT37 employs Konni malware to target high-level organizations
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The Konni remote access trojan, which is widely used malware by the APT37, is used in the attack campaign to take advantage of high-value targets from countries like the Czech Republic, Poland, and many others...
Vulnerability in Zimbra that steals clear-text credentials from users
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A new vulnerability in Zimbra allows an attacker to steal cleartext credentials from instances via Memcache injection. Over 200,000 users logged in can be impacted by the security flaw...
Attackers can bypass authentication in Cisco SMA & ESA
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An attacker can login into a web management interface of an affected system to perform bypass authentication remotely...
APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...
Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities
...
Zafran vs Hive Pro: CTEM Platform Comparison
Persistent exposure backlogs do not shrink when teams chase every critical finding. Buyers need a CTEM platform that shows which risks demand action right now. Evaluate Uni5 Xposure for a threat-informed CTEM program. Zafran vs Hive Pro compares two CTEM platforms designed to focus security teams...
Top Cybersecurity Frameworks Compared
Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...
Attacks, Vulnerabilities and Actors 20 to 26 May 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of twelve attacks were executed, four vulnerabilities were uncovered, and three active adversaries...
D3Fack Loader: New Malware Exploits Google Ads and EV Certificates
...
Grandoreiro Trojan: An Evolving Threat to Global Banking
...
The Enigmatic ‘Muddling Meerkat’ Poses a Nation-State DNS Puzzle
...
KageNoHitobito and DoNex Ransomware Plaguing Global Entities
...
ToddyCat’s Toolkit and Tactics Fueling Data Theft
...
Malware Concealed Within PDFs for Data Theft
Summary: In a recently observed campaign an infostealer masquerading as the Adobe Reader installer was being distributed. The file is being distributed by the threat actor in PDF format, luring people to download and execute it, collecting sensitive information. Threat Level - Amber | Attack Repo...
TA577 Targeting Windows NTLM Hashes in Global Campaigns
Summary: TA577, a significant cyber threat group, has shifted tactics to steal NTLM authentication data, utilizing thread hijacking and customized HTML attachments. Organizations should block outbound SMB to thwart exploitation and remain vigilant against evolving attack methods. Threat Level - R...
Uni5 Xposure: The Top 5 Benefits of Integrating With Patch Management Tools
What Does Uni5 Xposure Do? Uni5 Xposure is a comprehensive security solution tailored to conquer the challenges of risk-based vulnerability management and its evolved form, threat exposure management. Through its robust suite of features, Uni5 Xposure offers a dynamic approach to security...
LockBit’s Resurgence After Operation Cronos
Summary: LockBit ransomware, previously known as "ABCD," remains a significant threat despite the recent takedown of its operations by global law enforcement. It reemerged within 4 days and its Affiliates were found exploiting vulnerabilities in ScreenConnect to install LockBit ransomware and...
VietCredCare Operates As Stealer-as-a-Service, Targeting Meta Sessions
Summary: Since August 2022, a previously unidentified information stealer known as VietCredCare has emerged. This stealer is notable for its capability to automatically sort through credentials specifically for the service it targets. The primary objective of threat actors employing VietCredCare ...
North-Korean Cyber-Espionage Operations Grapples Defense Sector
Summary: There is an ongoing cyber-espionage campaign purportedly led by the North Korean threat actors, specifically targeting the global defense industry. The primary objective of these attacks is to acquire data pertaining to advanced military technology, with the intention of assisting North...
FAUST: A Phobos Ransomware Variant Launches Fileless Attack
Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from...
CISA Known Exploited Vulnerability Catalog December 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
UAC-0099 Utilizes WinRAR Exploit to Deploy LONEPAGE Malware
Summary: UAC-0099, a threat actor, has been involved in persistent attacks targeting Ukraine. These attacks leverage a critical vulnerability in WinRAR to deploy a malware strain known as LONEPAGE. Notably, the threat actor focuses on Ukrainian employees working for organizations outside of...
Mallox Ransomware A Resurgent Threat Exploiting MS-SQL Flaws
Summary: Mallox is a resilient Ransomware-as-a-Service RaaS threat, utilizing tactics like exploiting MS-SQL vulnerabilities and employing brute force attacks. Operating with a prolonged presence, Malloxs recent variant, "Mallox.Resurrection," exhibits consistent functionalities, emphasizing the...
Hackers Infiltrate Russian Government and Industrial Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Numerous governmental and pivotal industrial entities in Russia fell victim to a sophisticated Go-based custom backdoor. This malicious software was specifically crafted for data theft, suggesting its...
Prolonged Pursuit of OilRig APT Targeting Middle East Government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iran-affiliated threat actor known as OilRig orchestrated a sophisticated eight-month campaign directed at the Middle East government, during which the attackers managed to steal sensitive files and...
Earth Lusca’s Sneaky Moves Unleashes New Linux Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Lusca, a highly sophisticated Chinese threat actor, is believed to have resumed its operations in the first half of 2023. This cyber espionage group utilizes the SprySOCKS backdoor, primarily...
3AM Ransomware: LockBit’s Failed Standoff Revealed
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware variant, self-dubbed 3AM has arisen as a result of a rogue attack conducted by a ransomware affiliate. Initially, this affiliate attempted to install the LockBit ransomware on a targets...
FreeWorld Ransomware Targets MSSQL Servers Facing Siege
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Adversaries are capitalizing on inadequately protected Microsoft SQL MS SQL servers in an operation known as DBJAMMER, deploying both Cobalt Strike and a ransomware strain named FreeWorld, which appears ...
CISA Known Exploited Vulnerability Catalog August 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Lazarus Group Uses ManageEngine Exploit to Unlock Path for QuiteRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group, a threat actor associated with North Korea, has been detected utilizing a recently patched critical security vulnerability in Zoho ManageEngine ServiceDesk Plus. This vulnerability was...
DroxiDat Targets Southern African Power Utility
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a targeted operation, an unidentified actor strategically deployed the advanced DroxiDat proxy-capable backdoor alongside Cobalt Strike beacons. The operation was aimed at a critical power utility...
Reptile Rootkit Targets Linux Systems in South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting...
Attacks, Vulnerabilities and Actors 24 July to 30 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, We identified a total of six executed attacks, one adversary activities, and five zero-day vulnerabilities including...
Citrix Netscaler ADC and Gateway Vulnerabilities Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has released a zero-day critical patch for a remote code execution vulnerability in Netscaler ADC and Netscaler Gateway that has been exploited, along with two other vulnerabilities. Urgent...
Hive Pro Announces Relocation and Expansion of Headquarters to Support Growing Cybersecurity Demand
New Headquarters to Catalyze Innovation and Strengthen Commitment to Customer Success July 19, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market is thrilled to announce its upcoming corporate relocation to a new state-of-the-art headquarters in Herndon, Virginia. Th...
Condi Malware Strikes TP-Link Routers for DDoS Rampage
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Condi, a recently discovered malware, utilizes a security vulnerability within TP-Link Archer Wi-Fi routers to ensnare these devices into a botnet specifically designed for launching distributed...
ChamelGang Strikes Again With ChamelDoH Malware XDNS-over-HTTPS
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Chinese threat group ChamelGang has developed the Linux malware ChamelDoH, which uses DNS-over-HTTPS for encrypted communication with attackers. To receive real-time threat advisories, please follow...
Fortinet Releases Patch for Pre-announced Critical Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical vulnerability in FortiOS and FortiProxy SSL-VPN, resolving a heap-based buffer overflow pre-authentication flaw. This update is crucial because the vulnerability...
Stealth Soldier Strikes North Africa with Espionage Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Stealth Soldier is a backdoor malware that conducts surveillance and espionage attacks. It targeted North Africa by mimicking Libyan websites to distribute malware. To receive real-time threat advisories...
New AndoryuBot Malware Exploits Ruckus Wireless Flaw for DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AndoryuBot targets critical Ruckus Wireless Admin panel vulnerability to infect Wi-Fi access points for use in DDoS attacks, malware supports 12 DDoS attack modes and is marketed through YouTube videos. ...
Kimsuky APT Group Employs ReconShark
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a North Korean APT group, is using a new malware tool called ReconShark to conduct global cyberattacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Actors, Threats and Vulnerabilities 01 to 07 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eight attacks executed, taking advantage of different vulnerabilities in various...
Dragon Breath APT Evolves with Double DLL Sideloading
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Dragon Breath APT targets the gambling industry using the double-clean-app technique & DLL sideloading. Chinese-speaking Windows users are being targeted. To receive real-time threat advisories, please...
CISA Known Exploited Vulnerability Catalog April 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
North Korean-Backed Group’s Sparks X_Trader Supply Chain Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The XTrader software supply chain attack affected at least a number of critical infrastructure entities in the United States and Europe. To receive real-time threat advisories, please follow HiveForce La...
New Wave of QBot Attacks Detected via Malicious PDF Attachments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new wave of QBot banking Trojan attacks was identified in April 2023, utilizing malicious PDF attachments in emails written in various languages. To receive real-time threat advisories, please follow...
CISA Known Exploited Vulnerability Catalog March 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...
BlackLotus UEFI Bootkit Exploits Windows 11 vulnerability
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackLotus is a UEFI bootkit that can exploit a vulnerability in Windows 11 systems and is advertised and sold on underground forums for $5,000...
8220 Gang leverages ScrubCrypt in Cryptojacking Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The 8220 Gang leverages ScrubCrypt for crypto-jacking, which is available on HackForums for $40 per month or up to $200 for a lifetime...