Lucene search
K
HiveproMost viewed

1589 matches found

hivepro
hivepro
added 2023/02/20 5:45 a.m.16 views

ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners...

2.8AI score
Exploits0
hivepro
hivepro
added 2023/02/17 9:51 a.m.16 views

New Ransomware Campaign “TZW” Linked to GlobeImposter Targets South Korean Organizations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware campaign called TZW is affecting organizations in South Korea. The campaign is linked to the known malware family GlobeImposter, suggesting that the actors behind GlobeImposter are...

1.8AI score
Exploits0
hivepro
hivepro
added 2023/02/08 6:7 a.m.16 views

Actors, Threats and Vulnerabilities 30 January to 5 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The...

1.9AI score
Exploits0
hivepro
hivepro
added 2023/01/12 6:27 a.m.16 views

Microsoft addresses one actively exploited zero-day and numerous critical vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft released a patch on January 2023s Patch Tuesday addressing 98 vulnerabilities, of which 11 are considered critical. The patch includes fixes for a range of vulnerabilities including 39...

1.8AI score
Exploits0
hivepro
hivepro
added 2022/12/22 10:35 a.m.16 views

Gamaredon APT cyber feud strikes Ukrainian entities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary One of the most ubiquitous, intrusive, consistently active, and laser-focused APTs targeting Ukraine in cyberspace is the Gamaredon group, also known as the Shuckworm. Gamaredon Group has employed fast...

1.7AI score
Exploits0
hivepro
hivepro
added 2022/11/08 8:0 a.m.16 views

Ransomware Black Basta uses tools related to FIN7

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Black Basta is deploying a ransomware payload by exploiting Microsoft flaws and using an Endpoint Detection and ResponseEDR defense evasion tool created by FIN7. Black Basta is a relatively new ransomwar...

1.5AI score
Exploits0
hivepro
hivepro
added 2022/09/19 10:57 a.m.16 views

Unknown Iranian attackers leverage vulnerabilities to conduct ransom operations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iranian government-sponsored actors carry out malicious cyber activities against a wide range of people and entities in the United States, Australia, Canada, and the United Kingdom by using known...

4.5AI score
Exploits0
hivepro
hivepro
added 2022/09/09 11:40 a.m.16 views

Worok cyber-espionage gang preys on high-profile Asian businesses and governments

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Worok, a newly uncovered cyber-espionage gang, has been targeting governments and high-profile companies in Asia since at least 2020 using a combination of unique and existing harmful tools. This group of...

1.9AI score
Exploits0
hivepro
hivepro
added 2022/09/07 2:44 p.m.16 views

Vice Society actors target K-12 institutions in US

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Vice Society is an extortion hacking group that emerged in the summer of 2021. The Vice Society does not use a specific ransomware variant. Instead, they used variants of Hello Kitty, Five Hands, and...

2.7AI score
Exploits0
hivepro
hivepro
added 2022/09/04 4:58 p.m.16 views

Multiple vulnerabilities addressed by Google with Chrome 105

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/07/27 5:9 a.m.16 views

APT29 utilizes cloud storage service to deliver malicious payloads

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic...

1.2AI score
Exploits0
hivepro
hivepro
added 2022/06/20 2:9 p.m.16 views

Iranian APT targets Middle East’s Energy & Telecommunications industry

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new campaign has been launched by a state-sponsored Iranian APT group, Lyceum to target organizations from the Middle East in the energy and telecommunication sectors. They have been observed deploying a new...

3.2AI score
Exploits0
hivepro
hivepro
added 2022/06/20 7:1 a.m.16 views

Deserialization of untrusted data by Fastjson library leads to RCE

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Applications using the Fastjson java library are impacted by remote code execution vulnerability...

4.4AI score
Exploits0
hivepro
hivepro
added 2022/05/20 2:1 p.m.16 views

RedLine InfoStealer exploits Google Chrome’s zero-day

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Summary The notorious information-gathering malware RedLine InfoStealer is stealing data from individuals and organizations such as Samsung, Zoom, Cisco, Vodafone, Jio, and Axis Bank by exploiting a two-month-old zero-day...

3.6AI score
Exploits0
hivepro
hivepro
added 2022/03/22 11:52 a.m.16 views

DarkHotel APT group targeting the Hospitality Industry in China

...

1.5AI score
Exploits0
hivepro
hivepro
added 2022/03/01 6:6 a.m.16 views

UNC2596 exploits Microsoft’s ProxyShell and ProxyLogon vulnerabilities to distribute Cuba Ransomware

...

7AI score
Exploits0
hivepro
hivepro
added 2022/02/11 7:15 a.m.16 views

Google Chrome affected by high severity vulnerabilities

THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Google has released Chrome 98 as a stable channel for Windows, Mac, and Linux. This update addresses 19 security vulnerabilities. Eight of them are rated severity high, ten of them are medium and one of them is of severity...

0.8AI score
Exploits0
hivepro
hivepro
added 2022/02/02 10:32 a.m.16 views

APT27 group uses the HyperBro remote access trojan to inject backdoors into victim’s network

...

3.9AI score
Exploits0
hivepro
hivepro
added 2026/05/15 6:26 a.m.15 views

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

5.9AI score
Exploits0
hivepro
hivepro
added 2024/05/27 5:30 p.m.15 views

Patch Now Critical Auth Bypass Flaw in GitHub Enterprise Server Fixed

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/23 12:27 p.m.15 views

QNAP Flaws Enable Remote Code Execution Under Certain Conditions

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/16 7:0 a.m.15 views

Trinity Ransomware Strikes with the Dual Extortion Strategy

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/05/07 7:1 a.m.15 views

APT42’s Operations Employ “Nicecurl” and “Tamecat” Malwares

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/29 11:15 a.m.15 views

Active Targeting of WP-Automatic Plugin Flaw Raises Concerns for Site Takeover

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/19 2:22 p.m.15 views

FIN7 Takes Aim at the U.S. Auto Industry

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/04/12 12:34 p.m.15 views

TA547 Malware Campaign Hits German Businesses

...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/03/20 7:34 a.m.15 views

Attacks, Vulnerabilities and Actors 11 to 17 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, HiveForce Labs discovered eight executed attacks, uncovered ten vulnerabilities, and identified two active...

7.4AI score
Exploits0
hivepro
hivepro
added 2024/03/06 5:45 p.m.15 views

TA577 Targeting Windows NTLM Hashes in Global Campaigns

Summary: TA577, a significant cyber threat group, has shifted tactics to steal NTLM authentication data, utilizing thread hijacking and customized HTML attachments. Organizations should block outbound SMB to thwart exploitation and remain vigilant against evolving attack methods. Threat Level - R...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/03/04 6:21 a.m.15 views

Iranian hackers soar into the defense sectors of the Middle East

Summary: Since June 2022, the hacking group UNC1549, potentially connected to Tortoiseshell aka Imperial Kitten and linked with the Iranian IRGC, has implemented distinct backdoors known as MiniBike and MiniBus. Their primary focus lies in targeting defense-related entities in the Middle East...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/02/28 7:3 a.m.15 views

Unmasking Doppelgänger: Russia’s Disinformation Campaign Revealed

Summary: Doppelgänger, a suspected Russia-aligned influence operation network targeting German audiences with propaganda and disinformation, potentially aiming to sway opinions ahead of elections. Doppelgänger employs coordinated social media activities and a dynamic infrastructure to maximize it...

7.1AI score
Exploits0
hivepro
hivepro
added 2024/02/13 9:59 a.m.15 views

Coyote: A Sophisticated Banking Trojan Targeting Financial Information

Summary: A new banking trojan called Coyote is currently targeting more than 60 banking institutions, primarily in Brazil. The malware distributes itself using the Squirrel installer and executes its infection process using Node.js and Nim, a relatively new multi-platform programming language...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/02/07 11:18 a.m.15 views

Ukraine Hit by Cyber Attack 2,000+ Computers Infected by DIRTYMOE

Summary: The UAC-0027 group executed a sophisticated cyber attack against Ukrainian organizations. Their weapon of choice was the notorious DIRTYMOE PURPLEFOX malware. This modular malware has been active for over half a decade and poses a serious threat. Threat Level - Amber | Attack Report For ...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/01/25 12:46 p.m.15 views

Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses

Summary: The ransomware operation Kasseika has recently been identified using the Bring Your Own Vulnerable Driver BYOVD tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the...

7.4AI score
Exploits0
hivepro
hivepro
added 2024/01/12 5:26 p.m.15 views

Maliciously Crafted Cracked Software Propagates Lumma Stealer via YouTube

Summary: In an attempt to deceive users into downloading the information-stealing virus Lumma, threat actors are exploiting YouTube videos featuring content related to cracked software. These videos typically include content related to the use of cracked software, accompanied by identical...

7.4AI score
Exploits0
hivepro
hivepro
added 2024/01/10 2:49 p.m.15 views

Unveiling the Sea Turtle Cyber Espionage Campaign

Summary: Sea Turtle, a Turkey-based Advanced Persistent Threat APT actor, has been active since 2017. The group has primarily targeted European and Middle Eastern organizations, focusing on information theft and DNS hijacking to compromise repositories with valuable and sensitive data. In a recen...

6.9AI score
Exploits0
hivepro
hivepro
added 2024/01/09 4:27 p.m.15 views

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/12/27 6:31 a.m.15 views

MetaStealer a $125 Ticket to Digital Chaos

Summary: MetaStealer, a nefarious information-stealing malware, initially surfaced in discreet online marketplaces with a pricing structure of USD 125 per month or USD 1000 for an unlimited subscription, subsequently becoming entangled in malvertising campaigns. Threat Level - Red | Attack Report...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/12/26 11:14 a.m.15 views

Muddywater Utilizes Custom Tools to Target Telecom Companies

Summary: Iranian espionage group Muddywater,targeted telecommunications companies in Egypt, Sudan, and Tanzania in November 2023. The attackers employed a diverse set of tools for this activity, including leveraging the MuddyC2Go infrastructure. Additionally, they utilized the SimpleHelp remote...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/12/20 7:48 a.m.15 views

The Kuiper Ransomware Surge and Its Dark Origins

Summary: In a predominantly Russian Dark Web forum, a sophisticated ransomware-as-a-service RaaS project named "KUIPER" was introduced. The Kuiper ransomware, developed in Golang, is compatible with Windows, Linux, and OSX systems, and is associated with a suspected intrusion at a government...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/12/12 6:16 a.m.15 views

Decoding MrAnon Stealer’s Plot through Deceptive Emails

Summary: A phishing email campaign employs misleading booking details to lure victims, aiming to deploy a Python-based information stealer known as MrAnon Stealer. This malicious software is designed to pilfer victims credentials, system details, browser sessions, and cryptocurrency extensions...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/12/07 12:27 p.m.15 views

A New Face of AsyncRAT Utilizes WSF Scripts to Spread

Summary: AsyncRAT is a remote access trojan RAT malware known for stealing credentials and executing various malicious activities since 2019. Its recent variant, distributed through WSF script files, employs sophisticated fileless techniques, emphasizing the importance of user caution and robust...

7.5AI score
Exploits0
hivepro
hivepro
added 2023/12/07 10:22 a.m.15 views

DanaBot Stealer: Multistage MaaS Malware Resurfaces

Summary: DanaBot is a covert malware designed for the discreet theft of sensitive data for financial gain. Unlike ransomware, its focus is on prolonged persistence rather than immediate disruption. Functioning as a malware-as-a-service MaaS platform, DanaBot is versatile, targeting individuals,...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/12/05 5:17 a.m.15 views

Cactus Ransomware Exploits Vulnerabilities in Qlik Sense

Summary: The Cactus ransomware is actively exploiting critical Qlik Sense vulnerabilities, with the ultimate goal of establishing persistence and enabling remote control, infiltrating corporate networks stealthily. This serves as a stark reminder that unpatched Qlik Sense instances are prime...

7.4AI score
Exploits0
hivepro
hivepro
added 2023/11/20 11:43 a.m.15 views

Gamaredon Deploys LitterDrifter USB Worm in Cyber Espionage Operations

Summary: Russian cyber espionage group Gamaredon aka Primitive Bear has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/10/24 5:20 a.m.15 views

Mastering Threat Exposure with Uni5 Xposure

...

7AI score
Exploits0
hivepro
hivepro
added 2023/10/14 12:53 p.m.15 views

ShellBot Malware Evades Detection Using Hexadecimal IP Addresses

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware, targeting poorly managed Linux SSH servers, now employs hexadecimal IP addresses in its download URLs to evade detection. This change highlights the need for strong security measures an...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/10/12 6:46 a.m.15 views

Grayling APT Emerges as a Silent Threat Targeting Taiwan

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/13 5:50 a.m.15 views

Cybercriminals Target Graphic Designers with Cryptojacking Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are taking advantage of a legitimate Windows tool known as Advanced Installer to compromise the computers of graphic designers with cryptocurrency mining malware. These scripts are designe...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/08/24 2:22 p.m.15 views

Carderbee APT Strikes Hong Kong with Supply Chain Attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Carderbee advanced persistent threat APT group executed a supply chain attack by exploiting the legitimate Cobra DocGuard software. Their objective was to deploy the PlugX backdoor onto targeted...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/07/13 11:52 a.m.15 views

Microsoft’s July 2023 Patch Tuesday Addresses 5 Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts July 2023 Patch Tuesday includes security updates for 130 flaws, including five actively exploited zero-day vulnerabilities, nine are rated as Critical’, and 37 remote code execution...

8AI score
Exploits0
Total number of security vulnerabilities1589