Google patches chrome zero-day vulnerabilities being exploited in the wild

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Google just released a major security update for Google Chrome that addresses eleven vulnerabilities, including two zero-day flaws that have been exploited in the wild. A remote attacker might take use of the flaws by trickin...

New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new attack group called Clasiopa has been observed targeting materials research organizations in Asia using a distinct toolset that includes a custom malware called Backdoor.Atharvan. It is unclear wher...

Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A flaw in the Linux kernel has been discovered. If exploited, this flaw could allow a local attacker to gain privileges on targeted systems, allowing them to escape containers, execute arbitrary code, or cause a kernel pani...

Weekly Threat Digest: 14 – 20 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 567 22 5 36 15 60 The third week of March 2022 witnessed the discovery of 567 vulnerabilities out of which 22 gain...

Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa ransomware is a new threat that exploits the CVE-2023-28252 vulnerability to infiltrate and encrypt victims files, demanding a ransom for their release. To receive real-time threat advisories,...

Zero-day vulnerability in WebKit affects Apple macOS

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A third zero-day vulnerability has been identified since the latest zero-day bugs discovery in macOS Monterey in the year 2022. This flaw impacts the WebKit component, which is a cross-platform web browser engine that is...

First zero-day vulnerability of Google Chrome this year actively exploited in wild

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Google released a stable channel update for their Chrome browser that contains a zero-day vulnerability and is actively being exploited-in-wild. This is the first zero-day bug reported in Chrome browser this year. A...

Sophos Firewall RCE vulnerability actively exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in...

Cinoshi A Novel Malware-as-a-Service Platform

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cinoshi is a new MaaS platform with a toolkit including a stealer, botnet, clipper, and crypto-miner. Offering free stealer and web panel is rare. To receive real-time threat advisories, please follow...

New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinets FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targe...

Apple addresses the macOS code execution flaws

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary MacOS Ventura contains two security flaws that can be exploited to cause an integer overflow and execute arbitrary code. The CVE-2022-40303 vulnerability exists as a result of an integer overflow ...

Exploitation of Follina leads to takeover of domain controller

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The recent incident is related to TA570, wherein the attackers exploited the Follina vulnerability CVE-2022-30190 to compromise the Domain Controller and eventually gain access to confidential files...

Unknown Attackers exploit several vulnerabilities in Zimbra Collaboration Suite

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Zimbra Collaboration Suite ZCS email servers experienced multiple breaches between July and early August 2022. The exploitation of CVE-2022-27925, a remote-code-execution RCE vulnerability in ZCS, was most...

Zero-day vulnerability leveraged to deploy Cuba Ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...

Microsoft Rolled Out SPNEGO NEGOEX Critical Vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft updated the severity level of the CVE-2022-37958 vulnerability from high to critical after discovering that threat actors can use the vulnerability to execute code remotely...

Actors, Threats and Vulnerabilities 08 to 14 May 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, identified a total of nine attacks that were executed. Additionally, HiveForce Labs identified four different...

Critical Magento zero-day vulnerability actively exploiting multiple e-commerce websites

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Adobe issued an emergency advisory informing Adobe Commerce and Magento Open-Source product users of a critical zero-day vulnerability that is being actively exploited in the wild. A zero-day vulnerability which has been...

Ransomware Threats Exploit CVE-2023-46604 in Apache ActiveMQ Servers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Ransomware groups and SparkRAT exploiting a critical vulnerability CVE-2023-46604 in Apache ActiveMQ, despite a security update on October 27, 2023, affecting systems with outdated ActiveMQ...

A New APT named APT-C-61 Targets South Asia

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary APT-C-61, also known as Tengyun Snake, is an advanced persistent threat APT group that has been active since at least January 2020 in South Asia. This group mainly...

Denial of service vulnerability in PAN OS exploited in the wild

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The URL filtering policy misconfiguration in PAN-OS leads to a vulnerability that could allow an unauthenticated remote attacker to conduct distributed denial-of-serviceDDoS attacks. This vulnerability h...

Turla APT used ANDROMEDA malware to infiltrate a variety of industries

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB...

Zabbix affected by two actively exploited vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered in Zabbix open-source network traffic monitoring software Web Frontend component while implementing client-side sessions storage and are being actively exploited as per...

Akira Ransomware Exploits Cisco Zero-Day Vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-20269, is a concerning security issue that impacts the remote access VPN feature of Cisco ASA Adaptive Security Appliance and FTD Firepower Threa...

Critical remote code execution vulnerabilities in WordPress PHP everywhere Plugin

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Three critical remote code execution RCE vulnerabilities in a WordPress plugin PHP everywhere have been discovered. It is a plugin that allows web developers to utilize PHP code in pages, posts, the sidebar, or anywhere on...

Atlassian Addresses Critical RCE Flaws

Summary: Four critical vulnerabilities, namely CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471, have been identified impacting the Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. If successfully exploited, these vulnerabilities could lead to remote...

HTTP/2 Zero-Day Exploited for the Most Explosive DDoS Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...

Critical Vulnerability in FortiOS SSL VPN Exploited in the Wild

Summary: A critical Out-of-Bounds Write vulnerability CVE-2024-21762 in Fortinet FortiOS SSL-VPN is actively exploited, enabling remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Threat Level - Red | Vulnerability Report For a detailed threa...

Ekipa RAT A High-Priced and Evolving Threat for Targeted Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Ekipa is a remote access trojan RAT that is used for targeted attacks and can be purchased on underground forums for a high price of$3,900. It primarily spreads and operates through the use of Microsoft...

Attacks, Vulnerabilities and Actors 30 October to 5 November 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, three instances of adversary activity, and one exploited...

Attacks, Vulnerabilities and Actors 9 October to 15 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty executed attacks, two instance of adversary activity, and fourteen vulnerabilitie...

Chinese Espionage Hackers Exploit ESXi Zero-Day

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-sponsored hacking group, UNC3886, has been actively exploiting the CVE-2023-20867 vulnerability and using advanced backdoors such as VirtualPita and VirtualPie to carry out malicious activiti...

REvil Ransomware gang behind the Kaseya VSA Supply-Chain attack

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The REvil ransomware group was successful in carrying out a supply chain attack by exploiting the zero-day vulnerability CVE-2021-30116 in the Kaseya VSA server and delivering a malicious script to all the computer devices...

ownCloud Critical Vulnerability is under active exploitation

Summary: Hackers are actively exploiting a critical vulnerability CVE-2023-49103 in ownCloud, a popular open-source file-sharing solution, exposing sensitive data in containerized deployments. Administrators are urged to promptly apply recommended fixes, including disabling the phpinfo function a...

Randori discovered Zero-day in Palo Alto’s GlobalProtect Firewall, affecting ~10,000 assets.

Outline Palo Alto Networks PAN released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and it allows for unauthenticated remote code execution on susceptible...

Microsoft patches a vulnerability that was used in MysterySnail RAT Campaign

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT espionage campaign leveraged a zero-day exploit for Microsoft Windows to escalate privileges and obtain access to Windows servers. The exploit chain culminated in the installation of a newly discovered remote access...

Emergency patches have been released by Microsoft for PrintNightmare

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Attackers have been targeting Windows Print Spooler services for almost 2 months now. It started with the vulnerabilityCVE-2021-1675 being exploited in the wild. Soon a patch was released for the same. It was after 2 days tha...

Zero-day vulnerability in Windows terminal management tool gets a hotfix Date

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager MECM has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972...

Mozilla Firefox patches multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Mozilla Firefox has released a major security update which patches 9 high, 6 moderate and 3 low impact vulnerabilities. Vulnerabilities classified as high are: CVE-2022-22746: Callnnto reportValdty could ave lead to...

HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...

Multiple vulnerabilities have been discovered in the Apache HTTP Server

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. There is a zero-day vulnerability CVE-2021-41773 and a DoS vulnerability CVE-2021-41524 in Apache HTTP servers. After a publicly disclosed exploit, the zero-day vulnerability has been actively exploited in the wild. The Hiv...

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft has fixed 97 vulnerabilities, with nine classified as Critical and 88 as Important and among them 6 zero-days. Following are the type of security vulnerabilities reported in multiple Microsoft products: 41 Elevation...

Active Exploitation of Adobe ColdFusion Critical Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Hackers are actively exploiting vulnerabilities in Adobe ColdFusion, specifically CVE-2023-29298 and CVE-2023-38203. These vulnerabilities allow attackers to bypass authentication, execute remote...

Sophos Zero-day vulnerability becomes target for attackers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the User Portal and WebAdmin of Sophos Firewall has been tracked as CVE-2022-3236. This vulnerability is been used by some unknown attackers to target organizations in...

Zero-Click Outlook RCE Exploitation Chain in Windows

Summary: Two vulnerabilities CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows can be chained to achieve remote code execution RCE on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a...

Google and Firefox fixes Zero-Day Flaw Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, CVE-2023-5217, is actively exploited and has been patched in both Google Chrome and Firefox browsers. CVE-2023-5217 is a Heap buffer overflow vulnerability discovered in...

WordPress fixes multiple security vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress development team has released the security update to patch the following four vulnerabilities out of which three of them have high severity. CVE-2022-21661: A vulnerability exists in WPQuery class which is caused...

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the...

VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by...

Storm-0978 actively exploited the unpatched Office zero-day

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0978 is a Russian cybercriminal group that specializes in executing sophisticated phishing campaigns. Storm-0978 was found to be engaged in a new wave of attacks, leveraging the exploitation of...

Attacks, Vulnerabilities and Actors 2 October to 8 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, zero instances of adversary activity, and eight zero-day...