1589 matches found
A Deep Dive into Space Pirates’ Unconventional Cyber Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Space Pirates have been a persistent digital threat since 2017, relentlessly targeting over 16 organizations in Russia and one in Serbia. Despite retaining its core methods, this infamous group continuous...
TA445 Targeting Government and Military Sectors in Ukraine and Poland
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA455 conducts ongoing campaigns targeting government entities, military organizations, and civilians in Ukraine and Poland to steal information and establish remote access, using multi-stage infection...
CISA Known Exploited Vulnerability Catalog June 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Buhti Ransomware Operation Repurposes Leaked Encryptors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Buhti ransomware, linked to Blacktail threat actors, employs leaked code of LockBit and Babuk variants. By exploiting vulnerabilities like PaperCut NG, they exfiltrate data and distribute ransomware. The...
Camaro Dragon Targets European Foreign Affairs with Malicious Firmware Implant
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Camaro Dragon is a Chinese state-sponsored advanced persistent threat APT group that has been targeting European foreign affairs entities. To receive real-time threat advisories, please follow HiveForce...
Unveiling the Minas Miner’s Deceptive Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Minas is a multi-stage cryptocurrency miner with a concealed presence. It evades detection through encryption, randomization, and persistence techniques, showcasing determined network compromise. To...
ArtemisPro – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Hive Pro Appoints John Lyons as Chief Revenue Officer
Milpitas, CA – 27th March 2023 – Hive Pro, a leading Threat Exposure Management vendor in cybersecurity, today announced the appointment of John Lyons as its new Chief Revenue Officer CRO. With more than 25 years of sales management experience in the IT industry, Lyons will be responsible for...
Rising Trend of macOS Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ALC is a scareware, pretending to be ransomware, as it doesnt carry out any file encryption on the victims device. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
ALC: Is It a Scareware or a Ransomware?
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ALC is a scareware, pretending to be ransomware, as it doesnt carry out any file encryption on the victims device. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Injection vulnerability in VMware Carbon Black App Control
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary There is an injection vulnerability in VMware, specifically in the Carbon Black App Control product. If a malicious actor, who has privileged access to the App Control administration console,...
Mustang Panda APT targets Europe with customized PlugX malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Mustang Panda APT group has been targeting government and public sector organizations across Asia and Europe since at least 2019. Recently, the group has shifted from using archive files to using...
Hive Pro Recognized as a Leading Provider of Fraud and Breach Prevention Solutions in 2022
...
The Dangers of macOS Ransomware A Closer Look at KeRanger, FileCoder, MacRansom, and EvilQuest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MacOS ransomware typically spreads through user-assisted methods such as downloading and running fake or trojanized applications. It can also arrive as a second-stage payload dropped or downloaded by oth...
Gartner: “Organizations Must Expand From Threat to Exposure Management in 2023”
...
The Linux kernel has several security flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Linux kernel is vulnerable to a vulnerability that allows remote attackers to execute arbitrary code on affected installations. This vulnerability can be exploited without authentication, but...
Nokoyawa 2.0 A Reworked Rust-Based Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa is a 64-bit Windows-based ransomware family that first appeared in early February 2022. The threat group behind Nokoyawa conducts double-extortion ransomware attacks, first stealing data from...
Samba addressed a series of severe vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Samba is a free-source Windows interoperability package that provides file server, printer, and Active Directory services for Linux, Unix, and macOS operating systems. Samba has resolved a set of...
New Botnet named Zerobot Exploiting Multiple Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new botnet named ‘Zerobot’ has two variants, both are written in Go programming language, the first variant discovered on 18 Nov 2022, and within a short time on 24 Nov 2022 second variant was...
Actors, Threats and Vulnerabilities 21 – 27 November 2022
...
BlackByte uses a new attack technique to target vulnerable Windows drivers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BlackByte Ransomware is leveraging a security flaw in a legitimate Windows driver to conduct a new bring your own vulnerable driver BYOVD attack...
Vulnerabilities & Threats that Matter 22 – 28th Aug
...
North Korean state-sponsored actors employ Maui Ransomware to target the health care industry
...
Microsoft releases updates for exploited zero-day and other vulnerabilities resulting in RCE
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft patch Tuesday addressed security updates for a Zero-day vulnerability that affects the entire operating system. The update includes bug fixes for Azure Site Recovery, Microsoft Edge...
OpenSSL Vulnerability leads to Remote Code Execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Heap Memory Corruption vulnerability in OpenSSL let attackers perform Remote Code Execution...
50+ firms attacked by Black Basta ransomware group
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Black Basta ransomware is a new ransomware family that has been discovered in April 2022. The group targets English-speaking countries, specifically, and has targeted approximately 50 victims in Australia, Canad...
How Threat Exposure Management Can Minimize Attack Surface
...
Vulnerabilities & Threats that Matter 13 June – 19 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 798 53 1 109 4 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 798 vulnerabilities out of which ...
Mozilla addresses security vulnerabilities in Firefox, Firefox ESR, and Thunderbird
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Mozilla has released updates that address up to eight high severity vulnerabilities as per Mozilla in Firefox, Firefox ESR, and Thunderbird. These vulnerabilities could allow an attacker to exploit the...
New Zoom vulnerabilities can compromise user devices with a single message
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Zoom has addressed four security flaws that, one of them if exploited, can compromise a user via chat by sending specially crafted Extensible Messaging and Presence Protocol XMPP messages and executing...
The US Cyber Incident Reporting Act – its impact and its requirements for Critical Infrastructure Entities
...
Monthly Threat Digest: March 2022
...
LAPSUS$ – New extortion group involved in the breach against Nvidia, Microsoft, Okta and Samsung
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Lapsus$ DEV-0537 is an extortion threat group that first appeared on December 10, 2021, and has since breached the Brazilian Ministry of Health, NVIDIA, Samsung, Vodafone, Ubisoft, Octa, and Microsoft. Unlike other extortionis...
OT Cybersecurity Challenges for ICS in 2026
OT Cybersecurity Challenges for ICS in 2026 OT cybersecurity has become a board-level risk because industrial control systems are no longer isolated, predictable, or invisible to attackers. In 2026, security teams protecting manufacturing plants, utilities, transportation systems, energy...
Why VM Programs Suck
& From the Trenches This is the conversation I have with VM leads every week. It usually starts at minute thirty of a discovery call, after the official agenda is over and the Zoom faces relax. Someone says "can I be honest with you for a second?" — and then I get the list. Same complaints...
A Proactive Guide to Continuous Monitoring & Threat Detection
You’ve invested in a full stack of security tools, but how can you be sure they’re configured correctly and will actually work during an attack? Waiting for a real incident to test your defenses is a risk no one wants to take. This is why validating your security posture is so critical. It’s abou...
Chrome Zero-Day Vulnerability: Are You Protected?
With billions of users, Google Chrome is more than just a browser; it’s a fundamental part of your organization's attack surface. It’s installed on nearly every endpoint, from the C-suite to the intern pool. This ubiquity is precisely what makes a Chrome zero-day vulnerability so uniquely...
What Is a Threat Exposure Management Platform? A Guide
For years, vulnerability management has been like a doctor treating symptoms without a diagnosis. You get a report full of issues—a high temperature here, a cough there—and you try to treat the most severe ones first. But you lack the context to understand the root cause. Are these symptoms...
SafePay Ransomware: TTPs and Defense Strategies
When a threat actor disables your security software and starts deleting your backups, you’re already in the middle of a crisis. The operators behind SafePay ransomware are known for these exact tactics, deliberately sabotaging your ability to respond and recover. Catching an attack like this earl...
The Psychology of Exposure: Why Security Teams Ignore What’s Right in Front of Them
Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Your security team sees everything and notices nothing. Drowning in alerts, CVEs, dashboards, risk...
EPSS Decoded: An Examination & Comparison to CVSS
Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...
Cracking Open the Dual Weaknesses of Rockwell Automation’s PanelView Plus
...
8220 Gang’s Heist: Exploiting Oracle WebLogic for Cryptomining
...
Juniper Routers Auth Bypass Flaw Leads to Complete Device Takeover
...
Free Trials of Sticky Notes Installer Trojanized
...
China-linked Hackers Exploit Cisco NX-OS as Zero-Day
...
CISA Known Exploited Vulnerability Catalog June 2024
Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...
ChamelGang’s Double Play: Strategy Beyond Encryption
...
DragonForce Unleashes Chaos with Leaked Lockbit Builder
...
Active Exploitation of SolarWinds Serv-U Flaw for Accessing Private Data
...