1589 matches found
Microsoft’s June 2023 Patch Tuesday Addresses 78 Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts June 2023 Patch Tuesday addressed 78 flaws, including 38 remote code execution vulnerabilities. Notable fixes included SharePoint and Exchange Server vulnerabilities, while no zero-day...
A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time...
CACTUS Ransomware Emerges as New Threat Targeting Large Enterprises
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CACTUS is a new strain of ransomware that targets large commercial entities using a variety of tools and tactics to distribute the ransomware binary and maintain persistence within the environment while...
TP-Link Router Vulnerability Triggers Mirai Malware Infection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TP-Link router vulnerability allows attackers to execute commands and infect devices with the Mirai malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
HivePro Uni5 – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
HivePro Uni5 – Datasheet
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
APT36 targets Indian educational institutions with Crimson RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT36 is targeting educational institutions and students in the Indian subcontinent by distributing malicious documents to stage the Crimson RAT. To receive real-time threat advisories, please follow...
Actors, Threats and Vulnerabilities 10 April to 16 April 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of nine attacks that were executed...
UNC4466 Attack Campaign Targets Veritas Backup Exec and Deploys ALPHV Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4466 conducted an attack campaign in late 2022, gaining initial access to an internet-exposed Windows server running Veritas Backup Exec and deploying the ALPHV ransomware, with over 8,500 potentially...
Unveiling ChinaZ DDoS Threat Landscape
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ChinaZ, a Chinese threat group, is infamous for using DDoS botnets to attack Windows and Linux systems. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
New GoBruteforcer Malware Targeting Web Servers Running Popular Services
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The GoBruteforcer malware targets web servers and uses Golang programming language. It employs CIDR block scanning to access servers through brute force and deploy an...
Sharp Panda A Sophisticated Cyber-Espionage Campaign Targeting Governments
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Sharp Panda cyber-espionage campaign, which has been active for a considerable period, focuses on infiltrating government entities in Southeast Asia. This operatio...
Deceptive Discord Campaign Targets Government Entities with PureCrypter Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Government entities in the Asia-Pacific and North American regions have been targeted by a threat actor using the PureCrypter malware downloader. This particular malware has been used to distribute vario...
Newly Identified Threat Actor Hydrochasma Targets Shipping Companies and Medical Laboratories in Asia
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Hydrochasma is a newly identified threat actor that has been targeting shipping companies and medical laboratories in Asia since October 2022. This groups primary focus appears to be on intelligence...
HardBit Ransomware: A Threatening Cyber Attack Targeting Organizations with New Version 2.0
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HardBit is a ransomware strain that focuses on extorting cryptocurrency payments from organizations in exchange for data decryption. It first emerged in October 2022, and a newer version, HardBit 2.0,...
An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security vulnerability was found in Jira Service Management Server and Data Center versions 5.3.0 to 5.5.0 which allows an attacker to access a Jira Service Management instance by impersonating...
A new botnet called the Medusa Botnet is emerging via Mirai Botnet targeting Linux users
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Mirai is a botnet that has been active since 2016 and exploits vulnerabilities in Linux-based networking devices like routers and IoT devices to gain control and perform malicious activities like...
Similarities between hacktivist groups reveal Iranian connection
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary COBALT SAPLING is a threat actor group that is believed to be Iranian in origin. The group has been found to operate multiple hacktivist group personas, including Moses Staff and Abrahams Ax. Researchers...
Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where the...
A New Malware Called Album Stealer is Targeting Facebook Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Album Stealer is a malware that disguises itself as a photo album and drops decoy adult images while performing malicious activity in the background. It uses a side-loading technique to execute malicious...
GuLoader’s Advanced Anti-Analysis Techniques
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GuLoader is an advanced malware downloader that uses polymorphic shellcode to bypass traditional security solutions. In GuLoader, all embedded DJB2 hash values are mapped against every API used by the...
Vice Society gang switches to new custom ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vice Society is a well-established ransomware group that has successfully targeted a range of enterprises. They aim to maximize their financial gain by using the standard double extortion strategy. In...
New Exploit Method that Bypasses ProxyNotShell Mitigations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution RCE on compromised servers through Outlook W...
Agenda ransomware made its return with a Rust variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In addition to BlackCat, Hive, Luna, and RansomExx, Agenda is the latest ransomware strain to use the cross-platform programming language Rust. Ransomware-as-a-service RaaS group Agenda, attributed to an...
RapperBot Campaign Launches DDoS Attacks on Game Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The new RapperBot malware version creates a botnet capable of launching Distributed Denial of Service DDoS attacks. The latest version can launch Telnet brute-force strikes, DoS attacks using the Generic...
Billbug returns after two years to conduct an espionage campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary After being widely active in the year 2018-2019, Billbug, a Chinese state-sponsored group, is back after almost two years. They have been attacking multiple government agencies in an Asian country since...
WHAT YOU SHOULD KNOW: Patch OpenSSL 3.x
...
Summary of Vulnerabilities & Threats: July 2022
...
MuddyWater targets Israeli organizations by exploiting unpatched log4j vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, an Iranian threat actor, exploits Log4j two vulnerabilities in SysAid applications to target Israeli organizations. As soon as the attacker gains access to the targeted organization, it...
Vulnerabilities & Threats that Matter 15 – 21th Aug
...
Industrial Spy trades stolen data on dark web Marketplace
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft...
Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0...
Vulnerabilities & Threats that Matter 11-17 July 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 580 37 2 World-wide 11 61 For a detailed threat digest, download the pdf file here Summary The second week of July 2022 witnessed the discovery of 580 vulnerabilities out ...
ToddyCat exploits unknown vulnerability in Microsoft Exchange servers to targets entities in Europe and Asia
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary ToddyCat, an APT group is deploying web shells by exploiting an unknown vulnerability in the Microsoft Exchange Servers. They are initiating a multi-stage infection that aims at governmental bodies in Europe and...
GALLIUM targets Telecommunications sector using new PingPull tool
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary A new, difficult-to-detect remote access trojan known as PingPull has been discovered and is used by GALLIUM also known as Softcell, an APT group. They have expanded by targeting telecommunications, finance and...
Pandora Ransomware Targets Multiple Plants around the Globe
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Pandora ransomware is a new operation that targets business networks and obtains data for double-extortion assaults and active since March 2022. DENSO, a Japanese auto parts manufacturers plant in Germany, and Global Wafers...
Global IT Outage Causes Travel and Service Chaos: A Comprehensive Overview
A massive IT outage is sending shockwaves across the globe, leading to significant disruptions in travel, banking, and healthcare services. The chaos originated from two distinct issues: a misconfiguration that caused a Microsoft Azure service outage and a defective update in Crowdstrike's Falcon...
CarnavalHeist: New Banking Trojan Targets Brazilian Users
...
ShrinkLocker: Ransomware Exploits BitLocker for Drive Encryption
...
GitLab Flaw Allows Account Takeover via XSS Attacks
...
CLOUD#REVERSER: From Cloud Storage to Command and Control
...
Microsoft’s May 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities
...
LLMjacking: An Attack Method for Stealing Cloud Credentials
...
Summary of Vulnerabilities, Actors & Attacks: April 2024
...
Akira Ransomware Nets $42 Million from 250+ Victims
...
Unmasking ArcaneDoor: A Cyber Espionage Surge Against Critical Infrastructure
Discovery of a Digital Breach Even our most sensitive governmental and infrastructural data is not guaranteed safe. A new breach has been uncovered, ominously named "ArcaneDoor." According to HiveForce Labs, this campaign has been meticulously orchestrated with the primary aim of breaching the...
One Unified API: The Future of Security Data Management with Uni5 Xposure
Picture yourself as a security analyst in the midst of navigating the complex landscape of your organization's cybersecurity. Your daily routine is dominated by the task of managing an overwhelming amount of security data, spread across an array of tools and platforms. Each piece of data, whether...
MuddyWater Enhances Its Arsenal with DarkBeatC2 Framework
...
Microsoft’s April 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities
...
Critical RCE Flaw Found in EoL D-Link NAS Devices
...