1589 matches found
CISA Known Exploited Vulnerability Catalog March 2024
Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...
CISA Known Exploited Vulnerability Catalog March 2024
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally
Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and...
Abyss Locker’s Substantial Threat Explored
Summary: Abyss Locker ransomware surfaced in July 2023, deriving from the HelloKitty ransomware source code, indicating a lineage predating its official release. Similar to other ransomware variants, Abyss Locker infiltrates corporate networks, exfiltrates data for extortion, and encrypts devices...
Migo Targets Redis Servers for Cryptojacking Attacks
Summary: A new campaign has been uncovered that mines cryptocurrencies on Redis servers running Linux hosts by means of a malicious programme known as "Migo." Migo is distributed as a Golang ELF binary that can persist on Linux hosts and is obfuscated at compile time. The malware uses a variety o...
Rhysida Ransomware’s Decryptor is Now in Action
Summary: The Rhysida ransomware-as-a-service RaaS group poses a significant global threat, targeting diverse sectors. Recently, an implementation vulnerability in the source code of the Rhysida ransomware has been discovered. By exploiting this vulnerability to reconstruct encryption keys, it...
Volt Typhoon: A Cyber Threat to U.S. Critical Infrastructure
Summary: State-sponsored cyber actors from the People’s Republic of China, known as Volt Typhoon, are actively targeting critical infrastructure in the United States, employing sophisticated tactics like pre-compromise reconnaissance and living off-the-land techniques. Threat Level - Red | Attack...
COLDRIVER Expands Beyond Phishing, Incorporating Custom SPICA Backdoor
Summary: The threat actor associated with Russia, known as COLDRIVER or Star Blizard, has expanded its tactics from mere credential harvesting. The group has initiated campaigns where PDFs are employed as lure documents to distribute malware. Notably, COLDRIVER has introduced its first custom...
Surging JavaScript Threats Steal Your Secrets
Summary: The threat actors utilize malicious JavaScript samples, taking advantage of popular survey sites, low-quality hosting, and web chat APIs to steal sensitive information. They create chatbots registered under notable figures, like an Australian footballer, in specific campaigns...
Operation RusticWeb: Coordinated Strikes on Indian Government
Summary: Since October 2023, an orchestrated phishing campaign named Operation RusticWeb has been systematically targeting the Indian government and defense sector, deploying Rust-based malware for sophisticated intelligence gathering. Threat Level - Amber | Attack Report For a detailed threat...
Unveiling GambleForce: A SQL Injection Gang
Summary: A recently identified threat actor, GambleForce, has been linked to a series of SQL injection attacks targeting companies primarily in the Asia-Pacific region. GambleForce employs a combination of basic yet highly effective techniques, including SQL injections and exploiting...
Dissemination of the Konni Campaign Through Malicious Documents
Summary: The Konni campaign has resurfaced in a new phishing attack employing a Russian-language Microsoft Word document to distribute malware. The malicious software aims to harvest sensitive information from compromised Windows hosts. Threat Level - Red | Attack Report For a detailed threat...
The Lethal Advancement of DarkGate Malware-as-a-Service
Summary: DarkGate, a formidable Remote Access Trojan RAT, functions as a Malware-as-a-Service MaaS and is masterminded by the elusive RastaFarEye within the underground cybercrime landscape. The latest iteration, DarkGate 5.0.19, advances upon its predecessors with sophisticated evasion technique...
Mustang Panda Targets Philippines Government Using Legitimate Software
Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect an antivirus solution based in Indonesi...
Summary of Vulnerabilities, Actors & Attacks: October 2023
...
Revealing DarkGate’s Incursion Across Continents
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A potential threat actor has been using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a problematic loader campaign primarily targeting the Americas region. To receive real-time...
Hive Pro Unveils Revolutionary Platform Uni5 Xposure, Elevating the Potential of Threat Exposure Management
HERNDON, VA., Oct. 10, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management today announced the highly-anticipated release of their new platform Uni5 Xposure, which debuts live at the GITEX GLOBAL trade show in Dubai, UAE and at Triangle InfoSec Conference in North Carolina, USA. Uni5...
Chinese ‘Smishing Triad’ Group Targeting US Citizens
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Smishing Triad is a Chinese-speaking cyber-criminal group that has been conducting a large-scale smishing campaign targeting US citizens and other countries. Smishing is a form of phishing that uses text...
Hive Pro Recognized in 2023 Gartner® Hype Cycle™ for Security Operations & Market Guide™ for Vulnerability Assessment
HERNDON, Va., Sept. 7, 2023 - Hive Pro®, a pioneer vendor of Threat Exposure Management is now featured in two prominent Gartner publications that spotlight industry leaders and innovators: The Market Guide™ for Vulnerability Assessment 2023 and The Hype Cycle for Security Operations 2023. As cyb...
2022 Most Consistently Exploited Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary This advisory presents comprehensive information regarding the CVEs consistently and frequently targeted by malicious cyber adversaries throughout the year 2022 across multiple vendors, encompassi...
A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time...
Actors, Threats and Vulnerabilities 15 to 21 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made significant discoveries in the field of cybersecurity threats. In the past week, they uncovered a total of eight attacks that were executed, taking advantage of five different vulnerabilities across...
New DownEx Malware Campaign Targets Foreign Government Institutions in Central Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DownEx malware was discovered in a cyberattack on government institutions in Kazakhstan and Afghanistan in 2022, likely with state sponsorship. The attackers used spear-phishing emails to infiltrate...
Uncovering the Latest Tactics of the SideWinder APT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SideWinder APT group uses advanced tactics like spear-phishing, DLL side-loading & more. A new server-side polymorphism technique, highlighting the need for multi-layered security measures. To receive...
New Version of ViperSoftX Malware Targets Password Managers and Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ViperSoftX is an information-stealing malware primarily targeting cryptocurrencies, using sophisticated encryption techniques and monthly changes in command-and-control servers to evade detection. To...
Malware Attack Targets Windows Users with Spoofed Energoatom Document
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malware comes in the form of a spoofed document from Energoatom and is believed to be part of a larger campaign against Ukraines energy sector, which has been under constant cyberattacks since the...
A Modular AlienFox Toolkit Used in Cloud-Based Email and Web Hosting Service Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AlienFox is a toolkit used by attackers to target email and web hosting services, particularly cloud-based and software-as-a-service SaaS email hosting services. To receive real-time threat advisories,...
ShellBot Malware Targets Mismanaged Linux Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware infects mismanaged Linux SSH servers and uses IRC protocol for C&C. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Microsoft fixed 83 vulnerabilities including two zero-day vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft has released its March 2023 Patch Tuesday update, addressing a total of 83 vulnerabilities, including 9 critical, 70 important, 1 moderate, and 3 other vulnerabilities...
Tick Launches Attack on East Asian Data-Loss Prevention Software Company
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tick, an APT group, attacked an East Asian data-loss prevention software company, compromising update servers and distributing malware, using trojanized installers, to access computers of government and...
New BlackSnake Ransomware Performs Clipper Operations on Cryptocurrency Users
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackSnake ransomware has been discovered with clipper functionality that intercepts and replaces the cryptocurrency wallet addresses of victims with those of attacke...
Royal Ransomware Targets Organizations with Custom Encryption and Double Extortion Tactics
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Since September 2022, threat actors have been attacking both US and international organizations using a version of ransomware called Royal. This ransomware is unique...
Russian Hacker Group Disrupts Relief Efforts for Turkey-Syria Earthquake with DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Killnet, a Russian hacker group, disrupted relief efforts for the Turkey-Syria earthquake by carrying out DDoS attacks, taking down the websites of NATO Special Operations Headquarters and Strategic...
Trigona Ransomware’s Rampant Threat to Businesses
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trigona has gained momentum lately due to its utilization of the double-extortion technique of encrypting crucial assets within an organization, including endpoints and infrastructure, and demanding...
MalVirt: .NET Malware Loaders Spread through Malvertising Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MalVirt is a cluster of virtualized .NET malware loaders are distributed through malvertising attacks that use obfuscated virtualization and the Windows Process Explorer driver to evade anti-analysis and...
Actors, Threats and Vulnerabilities 2 January 2023 – 8 January 2023
...
Summary of Vulnerabilities & Threats: December 2022
...
Linux malware leverages plugin exploits to backdoor WordPress sites
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary WordPress sites are being exploited by an unidentified strain of Linux malware that exploits flaws in plugins and compromises the sites by injecting malicious JavaScripts that are run sequentially until...
Bluenoroff Bypasses MoTW to Target Japanese Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Bluenoroff is known for targeting financial institutions and government organizations and has been active since at least 2014. From September onwards Bluenoroff threat actors added a new feature, that...
Outlining a new SiestaGraph backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Foreign Affairs Office of an Association of Southeast Asian Nations ASEAN member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server...
Hive Pro includes Breach & Attack Simulation as a feature in its Threat Exposure Management Platform
...
Multiple Ransomware groups targets open RDP Ports
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Many ransomware attacks are being launched against exposed Remote Desktop services by Threat Actors. At present, five ransomware families are attacking open RDP ports...
Heimdal addresses multiple vulnerabilities in v7.7.1
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Heimdal has addressed bugs in Heimdal KDC. A remote intruder can use unwrap des3 to induce a buffer overflow in Heimdal GSSAPI, leading to a denial of service or remote code execution on the host...
BumbleBee leverages Zerologon to get Domain Controller Access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Since May 2022, threat actors are leveraging BumbleBee as an initial vector from a Contact Forms campaign. The intrusion started with the delivery of an ISO file that contained an LNK and a DLL. Using...
KmsdBot Cryptominer Targets the Gaming Industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary KmsdBot is Golang-based malware that leverages the Secure Shell SSH cryptographic protocol to obtain access to targeted systems to mine cryptocurrencies and carry out distributed denial-of-service DDoS...
Citrix Addresses Auth bypass Flaws Affecting ADC and Gateway Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has addressed bugs in Citrix ADC and Citrix Gateway. A remote intruder could exploit either of these flaws to obtain control of a susceptible system. To successfully exploit the vulnerabili...
Security flaws in multiple Adobe products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Adobe has issued security upgrades to address a number of vulnerabilities in its products. An attacker can use some of these flaws to gain control of a vulnerable system...
Google releases Chrome 106 to address Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities with its latest stable channel update for Windows, Mac, and Linux...
VMware could not fix a vulnerability that has been disclosed for eleven months
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware disclosed a vulnerability in November 2021 that has not been fixed as of October 2022. VMware initially patched this vulnerability, but later discovered that it did not fix it. The...
POLONIUM employs backdoors to target Israel
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary POLONIUM is a cyber espionage gang that leverages OneDrive and Dropbox cloud services for command and control C&C by employing a custom toolkit that includes seven backdoors and various spying modules to...