1589 matches found
Emerging MortalKombat Ransomware and Laplas Clipper Malware Targeting Cryptocurrency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An unidentified actor using the MortalKombat ransomware and a GO variant of the Laplas Clipper malware to steal cryptocurrency from victims. This campaign aims to steal or demand ransom payments in...
Unpatched Systems Vulnerable to Spoofed Linked Certificates in KDC
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Windows Server provides Public Key Infrastructure PKI technology to enable capabilities such as Encrypting File System EFS, domain authentication, digital signatures, and email security. Misconfiguration...
Tracking the Stealthy Movements of Vidar Info-Stealer Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vidar is an info-stealer malware that was first spotted in the wild in late 2018. It is considered a distinct fork of the Arkei malware family and has a simple business model where customers pay between...
A New Emerging CatB Ransomware Using DLL Hijacking to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CatB is a ransomware that uses a technique called DLL hijacking to evade detection. It does this by injecting itself into the Microsoft Distributed Transaction Coordinator MSDTC service, a legitimate...
Two Zero-day Supply Chain Attacks Found in the Python Package Index
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day supply chain attack called "aioconsol" was discovered on December 9, 2022 in a Python package published on the Python Package Index PyPI on December 6, 2022. All three versions of the package...
Multiple Old Vulnerabilities actively exploiting in Cisco Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security old vulnerabilities actively exploiting in Cisco IOS, NX-OS, and HyperFlex software, some of which can be exploited for authentication bypassing to gain full control of the impact...
Mallox Ransomware is Ramping up its Operation
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mallox ransomware strains have been spotted in the wild, indicating that the ransomware is operational, propagating rapidly, and infecting entities. An unknown .NET-based loader distributes these Mallox...
Actors, Threats and Vulnerabilities 28 November – 4 December 2022
...
Chinese APT Earth Preta runs spearphishing campaigns
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary Earth Preta, an APT gang, staged a large-scale cyber espionage campaign in which the malware was transmitted via spear-phishing emails. The actors use various strategies to avoid detection and analysis,...
The DTrack Backdoor campaigns aimed European organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DTrack, a malware developed by the Lazarus group is a flexible backdoor that unloads malware in stages. It is dispersed with filenames that are routinely used in legitimate executables. The backdoor is...
Google addressed several flaws with Chrome 107
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome addresses multiple vulnerabilities in its latest stable channel update for Windows, Mac, and Linux.The Use-After-Free UAF issue is responsible for four of the six Chrome...
How Continuous Threat Exposure Management (CTEM) can secure the Healthcare Sector
...
Summary of Vulnerabilities & Threats: September 2022
...
SparklingGoblin Revamps SideWalk Backdoor for Linux Variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, wit...
Vulnerabilities & Threats that Matter 05 – 11 September
...
Vulnerabilities & Threats that Matter 29 August – 04 September
...
Kimsuky targets South Korean entities with phishing campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary As of 2010, Kimsuky has targeted the governments, think tanks, media, and education entities of the United States and South Korea. Early in 2022, a new attack cluster GoldDragon was observed targeting med...
Vulnerabilities & Threats that Matter 01 – 07th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 461 12 1 60 30 26 For a detailed threat digest, download the pdf file here Summary The first week of August 2022 witnessed the discovery of 461 vulnerabilities out of whic...
Several bugs in Node.js lead to Remote Code Execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other b...
DriftingCloud exploits zero-day in Sophos firewall
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The Chinese APT actor DriftingCloud exploits the RCE vulnerability in Sophos firewall to take over the entire network...
Security updates for Adobe InDesign June 2022
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe InDesign that addresses critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution on target systems, i...
Security updates for Adobe Illustrator June 2022
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Illustrator that addresses critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution on target systems...
Microsoft addresses multiple RCE vulnerabilities in their June 2022 Patch Tuesday
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft June 2022 Patch Tuesday addressed 55 security flaws. One of them is the Follina which has been addressed in another detailed advisory. Three of them have been rated criticalas per Microsoft and...
Enemybot malware expands its arsenal by exploiting well-known vulnerabilities
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary EnemyBot, a Mirai-based botnet, is expanding its arsenal by exploiting well-known vulnerabilities in log4j, VMware workspace, Spring Framework, and others. Keksec, also known as Nero and Freakout, is the threat...
Multiple Google Chrome Vulnerabilities affects all Platforms
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here. Chrome versions prior to 99.0.4844.74 affects Windows, Mac, and Linux. Vendor has released fixes for ten vulnerabilities that allow an attacker to gain control of a vulnerable system. Nine of the ten Chrome vulnerabilities...
Multiple security vulnerabilities identified in Adobe
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Adobe addressed 17 security flaws in Premiere Rush, Photoshop, Illustrator, After Effects, and Creative Cloud Desktop. According to Adobe, none of the vulnerabilities have been exploited so far. Successful exploitation of...
FIN8 Hacker group using new ‘White Rabbit’ Ransomware against U.S. Banks
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. White Rabbit is a ransomware family that has only recently been discovered. It could be a subsidiary project of the FIN8 hacking gang. A ransomware expert seeking for a sample of the malware made the first public disclosure...
CrowdStrike vs Hive Pro: VM Compared
CrowdStrike vs Hive Pro for Vulnerability Management CrowdStrike vs Hive Pro is not a simple feature checklist. It is a decision about how your security team wants to manage exposure: through an endpoint-centered platform that extends into vulnerability assessment, or through a vendor-neutral...
DORA Compliance Cybersecurity Guide for Finance
DORA Compliance Cybersecurity: A Practical Guide for Financial Services Teams DORA compliance cybersecurity is now a board-level priority for banks, insurers, investment firms, payment providers, and the ICT providers that support them. The Digital Operational Resilience Act shifts the conversati...
Polyfill.io Supply Chain Attack: Widespread Compromise Affects Over 100,000 Websites
...
Summary of Vulnerabilities, Actors & Attacks: May 2024
Vulnerabilities Exploited| Adversaries in Action| Attacks Executed| Targeted Countries| Targeted Industries| MITRE ATT&CK TTPs ---|---|---|---|---|--- 24| 11| 38| 287| 23| 233 Summary In May, the cybersecurity arena garnered significant attention following the identification of eleven zero-day...
JAVS Courtroom Recording Software Hit by Supply Chain Attack
...
Attacks, Vulnerabilities and Actors 13 to 19 May 2024
...
FIN7 Group Leverages Sponsored Ads to Disseminate Malicious Payloads
...
The RokRAT Epidemic in South Korea
...
HijackLoader Enhances Its Arsenal with New Evasion Techniques
...
Cuttlefish Malware Silent Stalkers of Router Traffic
...
Raspberry Robin Expands Reach via WSF
...
Hackers Pocket Payment Data via Magento Exploitation
...
Attacks, Vulnerabilities and Actors 1 to 7 April 2024
...
Key Terms of Exposure Management: What You Need to Know
Keeping pace with the latest terminology and acronyms in cybersecurity can feel like trying to drink from a firehose. Individuals and organizations often find themselves reaching for a dictionary to decode the alphabet soup of acronyms and terminology that Gartner and similar experts continually...
APT29 Targets German Political Parties with New WINELOADER
Summary: APT29, linked to Russias SVR, targeted German political parties in late February 2024 using a new backdoor variant named WINELOADER, signaling a shift in operational focus beyond diplomatic missions. This marks a broader threat to European and Western political entities, driven by the SV...
Attacks, Vulnerabilities and Actors 26 February to 3 March 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, twelve vulnerabilities were uncovered, and six active adversaries we...
CISA Known Exploited Vulnerability Catalog February 2024
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Novel Smishing Kit Leverages Cloud Platform
Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...
CISA Known Exploited Vulnerability Catalog January 2024
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Malicious Google Ads Target Chinese Users, Covertly Delivering RATs
Summary: Chinese-speaking users are being targeted in an ongoing malvertising campaign that leverages Google ads. The threat actor employs Google advertiser accounts to create deceptive ads that lure users into downloading Remote Administration Trojans RATs. The malicious ads are designed to mimi...
ZLoader’s Resurgence after Two Years in the Shadows
Summary: Zloader is a highly sophisticated Trojan originating from the leaked Zeus source code. Notable for its adaptive nature, the malware continuously evolved through each campaign since its debut in August 2015. After nearly two years of dormancy, Zloader reemerged with new iterations. Threat...
New Attacks Target Misconfigured Apache Applications with Monero Miner
Summary: A recently identified attack exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. This attack stands out due to the attackers utilization of packers and rootkits to conceal the malware, adding an extra layer of complexity and...
From Brute-Force to BlueSky Ransomware
Summary: A focused campaign directed at publicly accessible MSSQL servers unfolded, entailing malicious actors utilization of Cobalt Strike and Tor2Mine. After gaining successful network access, the adversaries deployed the BlueSky ransomware across the entire network. Threat Level - Amber | Atta...