1589 matches found
Attacks, Vulnerabilities and Actors 6 to 12 May 2024
...
Attacks, Vulnerabilities and Actors 29 April to 5 May 2024
...
Art of Impersonation Poses a Threat to Korean IT Powerhouses
Summary: Malicious entities have adeptly employed advanced strategies, masquerading as reputable Korean IT companies. The overarching objective is to establish persistence, achieved through the deployment of RATs such as AsyncRAT and VenomRAT. Threat Level - Amber | Attack Report For a detailed...
TA866 Makes a Comeback with Extensive Email Campaign
Summary: The threat actor identified as TA866 has returned after a hiatus of nine months, launching a new extensive phishing campaign aimed at distributing well-known malware families like WasabiSeed and Screenshotter. Threat Level - Red | Attack Report For a detailed threat advisory, download th...
Medusa Ransomware Unleashed A Growing Cybersecurity Menace
Summary: Medusa ransomware, a potent threat since late 2022, employs a multi-extortion approach via its Medusa Blog, disclosing victim data and pressuring non-compliant organizations. Operating as a ransomware-as-a-service, Medusas global impact underscores the need for proactive cybersecurity...
Summary of Vulnerabilities, Actors & Attacks: December 2023
...
Attacks, Vulnerabilities and Actors 4 December to 10 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eleven attacks were executed, eleven vulnerabilities were uncovered, and four active adversaries...
APT28’s Tactical Exploitation of Critical Vulnerabilities
Summary: The APT28 adversary, originating from Russia, has garnered notoriety through sophisticated phishing activities. By exploiting patched vulnerabilities as an initial access point, APT28 conducts extensive campaigns targeting diverse sectors, including government, aerospace, education,...
Star Blizzard Continues to Refine Their Tradecraft for Evasion and Stealth
Summary: The Russia-based threat actor, Star Blizzard, continues to utilize spear-phishing attacks successfully, targeting organizations and individuals across various geographical regions for information-gathering activities. Star Blizzard has improved its detection evasion capabilities since 20...
Charming Kitten’s ‘Sponsor’ Strikes 34 Organizations in Brazil, Israel, and U.A.E
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, also known as Ballistic Bobcat, orchestrated a sophisticated campaign aimed at 34 diverse targets across Brazil, Israel, and the United Arab Emirates. This operation employed a novel...
Decoding Bronze Starlight’s Strategy in the Gambling Sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyberattack campaign stemming from China is currently focusing its efforts on the Southeast Asian gambling industry, with the objective of deploying Cobalt Strike beacons on compromised systems. To...
Hive Pro Announces Release of Version 3.0.1 of Threat Exposure Management Platform
Introducing Self-Service SaaS for HivePro Uni5 Flagship Product and Enhanced Visualizations for Improved Cybersecurity Insights Milpitas, CA – 6th July 2023—Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce the release of version 3.0.1 of the Hive Pro: Threat...
Summary of Vulnerabilities & Threats: June 2023
...
Tsunami Botnet Preying on Insufficiently Shielded Linux SSH Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An ongoing hacking campaign has been targeting inadequately secured Linux SSH servers. The objective of this campaign is to deploy the Tsunami DDoS botnet. To receive real-time threat advisories, please...
Summary of Vulnerabilities & Threats: April 2023
...
Summary of Vulnerabilities & Threats: March 2023
...
Multiple Vulnerabilities in Various Fortinet Products in March 2023
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Fortinet has identified a number of vulnerabilities in several of its products, including FortiOS, FortiProxy, FortiAnalyzer, and others, which range from...
SideCopy APT Launches Phishing Campaign Against Indian Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The new malicious activity of the SideCopy threat actors is the attack campaign STEPPYKAVACH, which was notably active in 2021 and was originally related to Pakistan. The most recent malicious attack...
MuddyWater is back with new techniques
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary MuddyWater used Dropbox links and document attachments with URLs redirected to ZIP archives as lures in its campaign, which also utilized compromised corporate email accounts. In addition to using Remote...
Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop...
Vulnerabilities & Threats that Matter 14 – 20 November 2022
...
Vulnerabilities & Threats that Matter 07 – 13 November 2022
...
Summary of Vulnerabilities & Threats: October 2022
...
Vulnerabilities & Threats that Matter 24-30 October 2022
...
US healthcare organizations targeted by Daixin Team ransomware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks VPN servers since June 2022, either by exploiting an unpatched vulnerability in...
Eternity Threat group is actively evolving its malware arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Eternity threat group also known as Eternity Team or Eternity Project, a Russian "Jester Group"-affiliated threat group, has been active since at least January 2022. Eternity uses a...
The current cybersecurity challenge: All the threat data in the world, but no idea how to leverage it
Milpitas, California, August 05, 2022 -- Organizations today are facing a deluge of automated cybersecurity threats that are increasing exponentially every day, not only in velocity but in variety and complexity. This makes it virtually impossible for organizations to address every vulnerability...
BlackCat Ransomware group implements quadruple extortion
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The BlackCat ransomware group performs quadruple extortion techniques to pressurize victims in order to pay ransom. Recently, the ransomware group has raised its stakes up to $2.5M in demands...
Unauthenticated remote user can reset administrator password in Citrix ADM
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An unauthorized remote user can corrupt the system which can lead to an administrator password reset to default on the next reboot...
Security updates for Adobe Bridge June 2022
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Bridge that address critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution, arbitrary file system, ...
Stable Channel Update in Chrome for Windows, Mac and Linux
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A list of security fixes has been addressed in the latest version for Windows, Mac and Linux. There are seven security fixes of which four are high severity vulnerabilities as per Chrome. These...
A zero-day vulnerability in Atlassian Confluence
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has warned organizations about a new vulnerability in Atlassians Confluence Server and Data Center. This vulnerability is actively exploited in t...
The US Cyber Incident Reporting Act – its impact and its requirements for Critical Infrastructure Entities
...
Prolific threat actor TA551 using new malware IcedID
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here TA551 is a financially motivated threat group that has been active at least since 2018. The gang primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution activities. IcedID, a...
Mustang Panda targets European diplomats using enhanced PlugX backdoor
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...
Modernizing Vulnerability Management with Risk-Based Prioritization
...
Why VM Programs Suck
& From the Trenches This is the conversation I have with VM leads every week. It usually starts at minute thirty of a discovery call, after the official agenda is over and the Zoom faces relax. Someone says "can I be honest with you for a second?" — and then I get the list. Same complaints...
CTEM for Telecom Companies | Cybersecurity for Telecommunications
Protect Critical Infrastructure. Prevent Service Disruption. Secure Subscriber Data at Scale. Telecom companies operate some of the most complex, high-value attack surfaces in any industry. With billions of connected devices, legacy protocols like SS7 still in production, and 5G rollouts expandin...
Threat Intelligence for Exposure Management: How TI Powers Smarter CTEM Programs
Your security team has access to more vulnerability data than ever before. Scanners produce thousands of findings each week. Threat feeds deliver a steady stream of indicators. Yet most organizations still struggle with the same fundamental problem: deciding what to fix first. The disconnect...
How to Reduce Mean Time to Remediate (MTTR) in Cybersecurity
How to Reduce Mean Time to Remediate MTTR in Cybersecurity Every hour a vulnerability remains unpatched is an hour an attacker can use it against you. That window of exposure is exactly what Mean Time to Remediate MTTR measures, and for security leaders, it's one of the most consequential metrics...
A CISO’s Guide to Threat Management Platforms
Attackers don’t see your organization as a list of CVEs. They see a web of interconnected assets, looking for a single weak link that will give them a path to your most valuable data. A traditional vulnerability scanner might miss these dangerous connections, but a threat management platform is...
Don’t Just Replace Kenna- Evolve to Vulnerability Exposure Management
Cisco has announced the end-of-sale for Cisco Vulnerability Management formerly Kenna Security, leaving security teams with a critical decision: remain on a legacy path or transform. Yes, it is true that the Kenna Security platform will be supported until June 30th, 2028 but the platform won’t be...
Chrome Zero-Day Vulnerability: Risks & Protection
Your team knows the drill: a security alert goes out, and everyone scrambles to patch. But what happens in the critical window before a fix is available for a new Chrome zero-day vulnerability? Relying on a reactive cycle of patching leaves your organization dangerously exposed. Attackers thrive ...
7 Steps for Securing Generative AI in Enterprises
Think of your AI strategy like building a skyscraper. You wouldn't construct twenty floors and then try to figure out where the foundation should go. Security must be part of the blueprint from the very beginning. Bolting on security measures after an AI model is already in use is a recipe for...
The Security-IT Deadlock: Breaking Free from Remediation Paralysis
Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. So, if you're on the go, or just prefer listening over reading, click right here to hear it all! Security teams live in a peculiar reality. They...
Test Like an Attacker, Not an Auditor
Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. So, if you're on the go, or just prefer listening over reading, click right here to hear it all! " Through 2028, validation of threat exposures ...
Cracking Open the Dual Weaknesses of Rockwell Automation’s PanelView Plus
...
Critical OpenStack Vulnerability Exposes Cloud Data
...
MSI Installer Flaw Enables Privilege Escalation on Windows Systems
...
APT29: A Deep Dive into Russia’s Cyber Espionage
...