1589 matches found
CISO Guide: Building a Business Case for CTEM
Every CISO knows the frustration: you understand the exposure risk facing your organization, you know that a Continuous Threat Exposure Management program would fundamentally change your security posture, and yet, when budget season arrives, CTEM is one of the first line items questioned. Ready t...
CTEM Business Case: CISO Guide to ROI
CTEM Business Case: CISO Guide to ROI A strong CTEM business case has to do more than explain why Continuous Threat Exposure Management matters. It has to show how a CTEM program reduces measurable business risk, improves remediation speed, consolidates security spend, and gives the board a clear...
Security Tool Consolidation
The average enterprise security team manages 10 to 15 separate security tools. Each one generates its own alerts, requires its own maintenance, and delivers findings in its own format. The result? Fragmented visibility, duplicated costs, and a team that spends more time switching between dashboar...
Patch Management: A Complete Guide to Securing Your Organization
Your vulnerability scanners just returned 15,000 findings. Microsoft's Patch Tuesday alone dropped 97 fixes. Linux vendors released another 40. Third-party applications added dozens more. Your security team has exactly the same number of hours in the day as they did last month. This is the realit...
Enabling Proactive Security with Continuous Threat Exposure Management (CTEM) for Managed Service Providers
...
Critical ‘Linguistic Lumberjack’ Flaw in Fluent Bit Hits Major Cloud Providers
...
Kimsuky Expands Its Arsenal with New Backdoor
...
zEus Stealer’s Undercover Operation on YouTube and Minecraft
...
Cuckoo Malware Operates as Both an Infostealer and Spyware
...
Cyber Horizon Annual Threat Report 2023
...
Over 300k WordPress Sites Affected by Forminator Plugin Flaws
...
Middle East Targeted with CR4T Malware in DuneQuixote Campaign
...
FatalRAT’s Calculated Cryptocurrency Carnage
...
JSOutProx’s Latest Incarnation Strikes Fear in Financial Circles
...
Tracing the Footprints of Agent Tesla’s Conspirators
...
Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine
Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraines critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID...
Operation PhantomBlu Deploys NetSupport RAT via OLE Template
Summary: Under the guise of Operation PhantomBlu, a new phishing campaign is aimed at American companies with the goal of deploying the remote access trojan NetSupport RAT. By utilising OLE template manipulation, the PhantomBlu operation presents a sophisticated exploitation technique. This...
Aiohttp Vulnerability Leveraged by ShadowSyndicate
Summary: The cybercriminal group ShadowSyndicate has been detected scanning for vulnerable servers, aiming to exploit a recently addressed vulnerability in the widely-used Aiohttp library. This exploit, if successful, could lead to unauthorized access to sensitive data on servers globally, posing...
Summary of Vulnerabilities, Actors & Attacks: February 2024
...
Turla Expands Their Arsenal with Next-Generation Malwares
Summary: In December 2023, a new backdoor dubbed TinyTurla-NG was deployed by the Russia-affiliated threat actor Turla as part of a three-month campaign targeting Polish non-governmental organizations NGOs. The threat actor utilized malicious PowerShell scripts hosted on various websites,...
Mint Sandstorm’s Campaign Targets Researchers with Novel Backdoor
Summary: Mint Sandstorm, a threat actor, focuses on high-profile individuals involved in Middle Eastern affairs at universities and research organizations. The group utilizes phishing lures in a campaign to socially engineer targets, enticing them to download malicious files that deploy new...
Hackers Employ Updated Ducktail to Target Indian Marketers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The threat actors linked to the Ducktail stealer malware have been implicated in a new campaign that focused on marketing professionals in India. The primary goal of this campaign was to compromise and...
Storm-0978 unleashes PEAPOD to target Women Political Leaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Storm-0978, a threat actor group, utilized a new variant of the RomCom backdoor, "ROMCOM 4.0" also referred to as PEAPOD, to target attendees of the Women Political Leaders WPL Summit in Brussels. This...
Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...
Attacks, Vulnerabilities and Actors 11 September to 17 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of eight attacks were executed, along with eleven vulnerabilities discovered, and two different adversaries...
Microsoft’s September 2023 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the September Patch Tuesday release, Microsoft addressed a total of 59 CVEs, encompassing five critical vulnerabilities. Within this range of vulnerabilities, the security update covered the...
Unveiling The SuperBear RAT campaigns Targeting the Journalists
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A recently discovered remote access trojan RAT named "SuperBear" has come to attention as it is actively utilized by hackers to target journalists that focus on covering geopolitical developments in Asia...
Hive Pro Recognized in 2023 Gartner® Hype Cycle™ for Security Operations & Market Guide™ for Vulnerability Assessment
...
CISA Known Exploited Vulnerability Catalog July 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Vulnerability in WordPress Plugin threatens Website takeover
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary WordPress Ultimate Member Plugin, with over 200K installations helps in streamlining user registration and login processes. It has been found vulnerable to unauthenticated privilege escalation,...
JokerSpy macOS Backdoor Attacks Japanese Cryptocurrency Exchange
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An unknown cryptocurrency exchange in Japan became the target of a precise attack employing an intricate Apple macOS backdoor called JokerSpy. References to JokerSpy can be traced back to as early as Apr...
Cybercriminals Exploit Old Telerik Bug for Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT actors and financially motivated cybercriminals were observed exploiting old Telerik vulnerabilities in an attack targeting a US government agency. To receive real-time threat advisories, please foll...
Actors, Threats and Vulnerabilities 29 May to 4 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, three attacks were executed, taking advantage of two different vulnerabilities in various systems, and involving one...
The Exploitation of Critical Zero-Day Vulnerability Found in MOVEit Transfer
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The MOVEit Transfer vulnerability is that it allows for unauthorized access to the database, potential manipulation or deletion of its contents, and exploitation of affected systems. To receive...
8220 Gang Exploiting Vulnerabilities in Cloud Environments for Cryptocurrency Mining
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 8220 Gang is a cyber threat group that targets cloud and container environments, exploiting vulnerabilities in applications like Oracle WebLogic, Apache Log4j, and Atlassian Confluence. To receive...
Greatness a Growing Threat to Microsoft 365 Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Phishing-as-a-Service PaaS platform named Greatness has experienced a surge in its operations, which target organizations utilizing Microsoft 365 in the United States, United Kingdom, Australia, Sout...
Fortinet addresses Vulnerabilities in FortiADC, FortiOS and FortiProxy
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has issued security patches for two high-severity vulnerabilities - an OS command vulnerability in FortiADC, and an out-of-bounds write flaw in sslvpnd of FortiOS and FortiProxy. To recei...
New Atomic Stealer MacOS malware Steals Browser Cookies and Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Atomic Stealer malware is a full-featured infostealer designed to steal sensitive data from macOS users. The malware can grab account passwords, browser data, session cookies, and crypto-wallets. To...
New PingPull Malware Variant Targets Linux Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The PingPull malware variant that targets Linux systems is linked to Alloy Taurus, and it communicates with a domain over HTTPS to receive encrypted commands for executing specific functions. To receive...
New Cylance Ransomware Targets Linux and Windows Operating Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cylance ransomware is a new malware that is capable of adjusting to customized encryption tactics and can accept different command-line parameters. To receive real-time threat advisories, please follow...
Money Message Ransomware Strikes with Million-Dollar Demands
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Money Message is a new ransomware group that targets victims all over the world, demanding million-dollar ransoms to avoid data leaks and deliver a decryptor. To receive real-time threat advisories, plea...
Actors, Threats and Vulnerabilities 6 March to 12 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...
Multiple Fortinet products are vulnerable to unauthorized code execution flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has released security updates to rectify security weaknesses in its range of products, such as FortiWeb, FortiOS, FortiNAC, FortiProxy, and others. The most significant vulnerability...
Russia-linked Nodaria group employs Graphiron information stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber espionage group linked to Russia, known as Nodaria, has been spotted deploying a newly created information-stealing malware named Graphiron in attacks aimed at Ukraine. The malware, coded in Go,...
Blind Eagle Hackers resurfaced with a formidable infection chain
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Blind Eagle is a financially motivated threat group that has been targeting individuals in numerous South American countries since at least 2018. A novel infection chain involving a more complex toolkit w...
Campaigns Spread InfoStealer Malware Targeting Italy, Germany, and Turkey
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A number of campaigns have been launched that spread InfoStealer malware written in the .NET programming language using phishing emails and Windows Shortcut LNK files and Batch Scripts BAT. Based on the...
The Cloud Atlas Perpetual Threat aims to persuade entities in Russia
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Cloud Atlas is a cyberespionage gang. They have launched repeated, highly focused attacks on critical infrastructure spanning geographical zones and political disputes since their discovery in 2014. As...
Buffer Overflow vulnerability in FreeBSD
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in FreeBSD ping has been discovered that could allow remote code execution. A remote host can trigger the memory safety bug, causing the ping program to crash. Ping runs inside a...
Chinese cyber espionage hackers target Southeast Asian firms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4191, a threat actor with a suspected China affiliation, has been linked to a series of espionage assaults primarily in Southeast Asia that use USB sticks as an initial infection vector. A variety of...
How ScarCruft APT group enhances its toolkit with a powerful Dolphin backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ScarCurft aka Reaper, APT 37, Ricochet Chollima is North Korean espionage group, active since 2012. ScarCruft has targeted South Korea Newspaper with a watering hole attack in the last year. In this...