1589 matches found
Novel Tool Set Targeting Entities in the Middle East, Africa, and U.S.
Summary: An undisclosed threat actor has targeted organizations in the Middle East, Africa, and the U.S., deploying a newly identified backdoor named Agent Racoon. The attacker utilizes tools like Ntospy and a customized version of Mimikatz called Mimilite to carry out malicious activities. Threa...
SugarGh0st RAT A Customized Gh0st Variant in Cyber Espionage
Summary: A malicious campaign deploying the customized SugarGh0st RAT, likely orchestrated by a Chinese-speaking threat actor targeting the Uzbekistan Ministry of Foreign Affairs and South Korean users. SugarGh0st, a variant of Gh0st RAT, exhibits advanced features for remote control, keylogging,...
MATA Backdoor Targets Eastern European Industrial Companies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MATA malware, a sophisticated backdoor framework, updated to target Eastern European industrial companies via spear-phishing, compromising financial software servers, and infiltrating networks, even...
BbyStealer’s Tactic for Targeting VPN Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BbyStealer malware resurfaces and orchestrates a sophisticated information-theft campaign, utilizing numerous phishing domains to target users of VPN applications engaged in downloading activities,...
New APT 29 Campaign Targets Organizations through Microsoft Teams
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT 29, a Russia-based threat actor, employs targeted social engineering via Microsoft Teams to steal credentials, leveraging compromised domains and convincing users to enter authentication codes,...
Apple Tackles Zero-Day Flaws Impacting iPhones and Macs
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has addressed zero-day vulnerability exploited in targeted attacks on iPhones, Macs, and iPads. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Attacks, Vulnerabilities and Actors 17 July to 23 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, nine vulnerabilities, and three different adversaries...
Attacks, Vulnerabilities and Actors 10 July to 16 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of six attacks executed, total six zero-day vulnerabilities out of which Five...
Lockbit Ransomware strikes, demands $70-million Ransom
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lockbit sub-group, National Hazard Agency, claims of data exfiltration from TSMC systems, allegedly deployed Ransomware and demands 70-million-dollar ransom. TSMC has clarified that their system is...
MULTI#STORM Campaign Sets Sights on India and U.S. with RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The MULTISTORM phishing campaign employs JavaScript files to disseminate RATs throughout compromised systems. This intricate attack utilizes a multi-stage procedure that commences when the victim engages...
Fortinet Addressed Critical RCE FortiNAC Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has released patches for critical and medium vulnerabilities in its FortiNAC network access control solution, addressing issues related to remote code execution and command injection. To...
New Chromeloader Shampoo Campaign Infecting Chrome and Stealing Data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The current ChromeLoader Shampoo campaign, where users unknowingly download and execute VBScript files from malicious websites. These files trigger a series of PowerShell scripts, leading to the...
The Rising Diicot Threat Group with Diverse Attack Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Romanian threat group “Diicot” has been actively employing SSH bruteforcing and deploying malware loaders to compromise systems for the purpose of cryptocurrency mining. The campaign involves exploitin...
A New Horabot Botnet Threat Targeting Spanish-Speaking Users in the Americas
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new botnet program called "Horabot" is being used by a threat actor to deploy a banking trojan and spam tool, targeting Spanish-speaking users in the Americas. To receive real-time threat advisories,...
Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware operation is a highly sophisticated and customizable threat targeting corporate environments, featuring advanced encryption, spreading capabilities, and triple extortion tactics. ...
XSS Vulnerability in Popular WordPress Plugin Affects 2 Million Sites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Cross-Site scripting vulnerability has been discovered in an Advanced Custom Fields plugin for WordPress which has put 2 Million websites at risk. To receive real-time threat advisories, please...
Snake a Stealthy Cyber-Espionage Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Snake is a powerful cyber-espionage malware developed by FSB & linked to Turla hackers. Boasts high stealth, rigorous engineering & global reach. To receive real-time threat advisories, please follow...
Microsoft Addresses Zero-Day and Wormable Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts April 2023 Patch Tuesday and security updates address one actively exploited the zero-day vulnerability and a total of 97 flaws, consisting of 7 critical and 90 important vulnerabilitie...
Apple Addresses Zero-Day Vulnerabilities in macOS and Safari
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addressed vulnerabilities in macOS Ventura and Safari for macOS Big Sur/Monterey, which could potentially enable attackers to execute arbitrary code with kernel privileges or through...
Actors, Threats and Vulnerabilities 3 April to 9 April 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of five attacks that were executed...
New Variant of BlackGuard Stealer Malware Steals Sensitive Information and Crypto Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the BlackGuard stealer malware that propagates through removable media and hijacks crypto wallets. It can steal sensitive information from various applications and supports stealing...
Outlook Vulnerability Exploited by Russian Hackers Since April 2022
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Microsoft Outlook allowed an unknown Russian threat actor to gain access to a victims NTLM hash through a specially crafted email. To receive real-time threat advisories, please follow...
Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cybercriminals are using Microsoft OneNotes ability to embed files to deliver malware to users via social engineering techniques. OneNote allows users to organize...
ImBetter Stealer Malware Targets Cryptocurrency Wallets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ImBetter Stealer malware steals sensitive data and cryptocurrency wallets by tricking users into downloading it through phishing websites that mimic popular crypto...
Microsoft tackles three actively exploited zero-day vulnerabilities and several other bugs
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In February 2023s Patch Tuesday, Microsoft released a patch that addressed 75 vulnerabilities, including three zero days. The patch addressed 12 Elevation of Privilege vulnerabilities, 2 Security...
New China-based Group Expands Operations to Compromise Diplomatic Targets in South America
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The China-based cyber espionage group DEV-0147 has expanded its data exfiltration operations to include diplomatic targets in South America, in addition to targeting government agencies and think tanks in...
Chrome 110 Tackles a Collection of Security Weaknesses
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome version 110 is now being rolled out to the stable channels for Windows, Mac, and Linux users. This update includes bug fixes and improvements, specifically addressing security issues...
After four months of idleness, Emotet reappears and deploys loaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Emotet banking Trojan was initially found in 2014 as one of the most expensive and damaging malware. The phishing efforts that spread Emotet used the same email thread hijacking approach to deceive...
Bluebottle Group Continues Attacks on Banks in Francophone Africa
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Bluebottle is a cybercrime group that has been targeting banks in French-speaking countries in Africa. The group uses a variety of tactics, including living off the land, dual-use tools, and commodity...
Attackers target Telecommunications sector to gain network access
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary To gain initial access, the adversary used social engineering to impersonate IT, staff, using phone calls, SMS, and/or Telegram. When the adversary gains access to the target environment, it performs...
Summary of Vulnerabilities & Threats: November 2022
...
A new strain of Punisher ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Punisher ransomware is spreading via phishing website that delivers ransomware disguised as a COVID tracking application. Punisher Encryptor is a .NET binary that runs on Windows...
Rise in new Royal Ransomware attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Royal Ransomware is a new form of ransomware used as a service in early 2022, with the objective of gaining access to a victims environment, encrypting all their files, and extorting a ransom in orde...
Arab countries are being targeted by multiple malware families
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors have already begun World Cup-themed phishing attacks targeting specific organizations partnered with the tournament are more vulnerable victims in Arab countries. The goal of such assaul...
LDR4 is a new Ursnif variant
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In June 2022, a new aspect of the URSNIF malware was identified. Unlike prior URSNIF iterations, this new variation, code named LDR4, is a backdoor designed to facilitate operations such as ransomware an...
Threat exposure management: the answer to 21st century cyber-security challenges
...
WIP19 targets IT service providers and telcos with custom malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT service...
Summary of Vulnerabilities & Threats: August 2022
...
Vulnerabilities & Threats that Matter 12 – 18 September
...
How Continuous Threat Exposure Management helps the Telecom sector defend against cyber threats
...
Grandoreiro Banking Trojan Attacks Industries in Spanish-Speaking Countries
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Grandoreiro banking trojan is a campaign that has been active since at least 2016 and targets a variety of businesses in Mexico and Spain, including automotive, chemical production, and others. Threat actors...
Vulnerabilities & Threats that Matter 27 June – 03 July 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 436 2 2 55 15 30 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 436 vulnerabilities out of which 2...
Bronze Starlight uses loader malware to deploy ransomware
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...
Gitlab addresses critical security vulnerabilities with newer versions
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The new versions of Gitlab address one critical and two high-security flaws as per Gitlab. Some of these vulnerabilities could be exploited by an attacker to perform a Stored Cross-Site ScriptingXSS...
New Threat Actor using Serpent Backdoor attacking French Entities
...
Multiple security vulnerabilities in Adobe After Effects and Illustrator
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Adobe addressed 5 security flaws in Illustrator and After Effects. According to Adobe, none of the vulnerabilities have been exploited so far. Successful exploitation of any of the five vulnerabilities listed below could all...
Attackers exploit Windows vulnerability to gain admin privilege
...
Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities
...
Control Web Panel bugs cause remote code execution in Linux servers
...
Identity Exposure Management: Risks and Response
Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...