1589 matches found
The 8220 Cryptomining Gang massively expands Cloud Botnets
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The 8220 gang has significantly expanded their cloud bot armies around the world, targeting AWS, Azure, GCP, Alitun, and QCloud cloud service hosts. The group is being detected using a new version of the IRC...
Transparent Tribe’s latest campaign targets the education sector
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Transparent Tribe, an Advanced Persistent Threat group also known as APT36 or Mythic Leopard, was discovered actively launching phishing campaigns against educational institutions and students across India. A...
Unknown threat groups continues to exploit Log4j in VMware Products
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary An unknown APT group is exploiting the Log4j vulnerability that is affecting VMware Horizon and Unified Access Gateway UAG servers to compromise the system and take over the entire network by deploying malware...
Google addresses new vulnerabilities in Chrome
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Google Chrome addresses nine vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...
Major Content Management Systems affected by Multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Several flaws in well-known content management systems WordPress and Drupal have been uncovered. A content management system, or CMS, is software that allows users to create, manage, and edit website content without requiri...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
New rootkit iLOBleed targets HP servers
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The rootkit known as iLOBleed has been active since 2020 that is targeting Hewlett-Packard HP enterprises Integrated Lights-Out iLO server management technology to delete data from infected machines and corrupt firmware. The...
Zafran vs Hive Pro: A Fair CTEM Comparison
CTEM coverage claims sound similar until teams compare how exposure evidence becomes action. A fair platform decision hinges on discovery, validation, intelligence, and the remediation model already in place. Comparing CTEM platforms now? Book a Hive Pro demo to assess integrated discovery,...
Moonstone Sleet: A New North Korean Cyber Threat
...
Turla’s Tiny Backdoor Exploits MSBuild to Evade Detection
...
Stealing the Spotlight a Comprehensive Look at Stealers
...
SugarGh0st RAT Infiltrates US AI Sector
...
Ebury A Potent Linux Botnet Infects Over 400K Servers
...
Yet Another Google Chrome Zero-Day Exploited in the Wild
...
APT28’s Intricate Email Campaign Against Poland
...
Cybercriminals Forge Alliances via Compromised Routers
...
Attacks, Vulnerabilities and Actors 22 to 28 April 2024
...
CoralRaider’s Malware Campaign Distributing Stealers Via CDN Cache
...
ToddyCat’s Toolkit and Tactics Fueling Data Theft
...
Attacks, Vulnerabilities and Actors 15 to 21 April 2024
...
LeakyCLI Vulnerability in Cloud Tools Puts Credentials at Risk
...
FortiClient EMS Vulnerability Exploited in Connect:fun Campaign
...
Attacks, Vulnerabilities and Actors 8 to 14 April 2024
...
Over 170K Users Hit by Fake Python Infrastructure
...
LayerSlider WordPress Plugin Flaw Impacts Over 1 Million Sites
...
Unveiling Earth Freybug’s New TTPs Adoption with UNAPIMON
...
The NVD Disruption: Navigating Through Uncertainty in Cybersecurity
In recent weeks, a significant disruption has unfolded at the US National Institute of Standards and Technology NIST, impacting its National Vulnerability Database NVD and, by extension, the global cybersecurity landscape. The NVD, a cornerstone in the cybersecurity defense mechanisms of...
Misconfigured Servers Targeted with New Golang Malwares
Summary: In a newly observed malware campaign, threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish a reverse shell for persistent remote...
CHAVECLOAK Banking Trojan Sneaks into Brazil’s Financial Hub
Summary: The CHAVECLOAK banking trojan is purposefully crafted to target the banking credentials of individuals in Brazil, highlighting the ongoing focus of cyber criminals on the nations financial sector. Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file...
Nim Backdoor Masquerades as Nepal Government Security
Summary: Attackers employed malicious Microsoft Word documents disguised as official communications from the Nepali government. These documents aimed to trick victims into downloading and executing a backdoor program written in the Nim programming language. As Nim is an uncommon language, it pose...
OilRig Group Unleashes Three New Malware Strains
Summary: The Iranian state-sponsored threat actor, commonly referred to as OilRig, implemented three distinct downloader malware variants throughout the year 2022. The primary objective was to sustain persistent access to targeted organizations located in Israel. OilRig demonstrated active...
AeroBlade Swoops Down on U.S. Aerospace Giants
Summary: A US-based aerospace entity has become a victim of an intricate year-long cyber espionage campaign orchestrated by AeroBlade. AeroBlades probable goal was to enhance visibility into the internal resources of its target, evaluating vulnerabilities for potential future ransom demands. Thre...
In-Depth Analysis of Phobos Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Phobos ransomware, active since 2018, primarily targets small to medium-sized businesses with lower ransom demands. It uses compromised RDP connections, is distributed via a Ransomware as a Service model...
Lazarus Group’s Targeted Attacks on Korean Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus a state-sponsored threat group, has been employing sophisticated tactics like spear phishing and supply chain attacks, and utilizing various types of malware for control. To receive real-time...
In-Depth Analysis of AvosLocker Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AvosLocker also known as Avos, is a ransomware-as-a-service that targets critical infrastructure organizations, primarily in the US, and has expanded to target both Windows and Linux systems. Its...
Microsoft’s August Patch Tuesday Addresses Active Zero-Day Exploits
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the August Patch Tuesday release, Microsoft addressed a total of 73 CVEs, encompassing six critical and 67 important vulnerabilities. Within this range of vulnerabilities, the security update...
Attacks, Vulnerabilities and Actors 26 June to 2 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of four attacks executed, taking advantage of three different vulnerabilities in...
CryptNet A Novel Ransomware-as-a-Service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CryptNet is a new ransomware-as-a-service group that employs data exfiltration and .NET code. Currently, it has two victims listed on its data leak site. To receive real-time threat advisories, please...
MEME#4CHAN The Unconventional Phishing Campaign Spreading XWorm
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A persistent cyber threat known as MEME4CHAN has emerged, characterized by an intricate phishing campaign. This cluster of malicious activity employs a distinctive attack chain methodology, successfully...
Microsoft’s May 2023 update addresses two Zero-Day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft released a security update in May 2023 to address 40 CVEs, including two zero-day vulnerabilities that have already been exploited in the wild. To receive real-time threat advisories,...
New macOS malware RustBucket attributed to North Korean group BlueNoroff
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RustBucket, attributed to BlueNoroff, is split into two stages, with the second stage application appearing as a legitimate PDF viewer but becoming malicious when a specific PDF is loaded. To receive...
LockBit Ransomware Targets MacOS
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LockBit ransomware has been discovered on VirusTotal compiled for Apples macOS arm64 architecture, raising concerns about the ransomware threat on Mac devices. To receive real-time threat advisories,...
80K QNAP Devices Vulnerable to Cyberattack
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple QNAP operating systems have been impacted by two vulnerabilities that could potentially allow remote authenticated users to access secret values. To receive real-time threat advisories,...
Botnets Actively Exploited Realtek and Cacti Flaws
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Attacks surged exploiting Cacti and Realtek vulnerabilities, resulting in the spread of ShellBot and Moobot malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Winter Vivern with Pro-Russian Objectives Targets Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern Advanced Persistent Threat APT is a relatively underreported group that operates with pro-Russian objectives and targets government agencies. To receive real-time threat advisories, plea...
Adobe Addressed a Zero-day Vulnerability in ColdFusion 2021 and 2018
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Adobe has recently released security updates for ColdFusion 2021 and 2018 versions, addressing critical and important vulnerabilities that could potentially result in arbitrary code execution and...
Tracking the Malicious Email Campaigns of Russia-Aligned TA499
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary TA499 is a group of threat actors aligned with the Russian state that engages in impersonation-based, patriotically motivated misinformation campaigns. They use email ...
RedLine Stealer Used in Spear-Phishing Campaign Targeting Hospitality Industry
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A spear-phishing campaign targeting the hospitality industry used subject lines and text to trick hotel staff into clicking on malicious links that led to the downloa...
CISA Known Exploited Vulnerability Catalog February 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...
ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners...