1589 matches found
Attacks, Vulnerabilities and Actors 2 October to 8 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, zero instances of adversary activity, and eight zero-day...
Storm-0978 actively exploited the unpatched Office zero-day
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0978 is a Russian cybercriminal group that specializes in executing sophisticated phishing campaigns. Storm-0978 was found to be engaged in a new wave of attacks, leveraging the exploitation of...
Iranian hackers leveraged Log4Shell to penetrate US federal agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell CVE-2021-44228 to install XMRig crypto mining software on an unpatched VMware...
Zero-Day Authentication Bypass Exploit in Apache OFBiz
Summary: CVE-2023-51467 is a critical authentication bypass vulnerability in Apache OFBiz. Exploitation of this vulnerability could result in bypass authentication to achieve a simple Server-Side Request Forgery SSRF or arbitrary code execution. Users are advised to update to Apache OFBiz version...
CrySIS Ransomware A Long-Standing Threat with a New Twist
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The ransomware family CrySIS, dubbed Dharma, has been advancing since 2016. Its source code was made available to the public, enabling others to customize it for their use. The criminals behind the malwa...
For the third month in a row, it’s time to update Google Chrome
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in the worlds most popular browser. Two of them have been used in the wild CVE-2021-38000, CVE-2021-38003. Google has recently patched these vulnerabilities in Google Chrome versi...
Google Chrome issues an emergency update to address the third zero-day of year 2022
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day vulnerability has been discovered in Google Chrome versions prior to 100.0.4896.127. A type of confusion vulnerability tracked as CVE-2022-1364, is said to be exploited in the wild. This vulnerability affects the V8...
Two Vulnerabilities affecting Apple macOS exploited-in-the-wild
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Two zero-day vulnerabilities were discovered in macOS Monterey versions prior to 12.3.1. These new issues bring the total number of zero-day vulnerabilities discovered in the Apple ecosystem to four. CVE-2022-22674 is an...
Weekly Threat Digest: 28 February – 6 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Targeted Countries Targeted Industries ATT&CK TTPs 381 19 3 5 22 The first week of March 2022 witnessed the discovery of 381 vulnerabilities out of which 19 garnered the attention of...
Critical Security Vulnerabilities Discovered in Atlassian Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian have revealed the existence of several security vulnerabilities, namely CVE-2022-25647, CVE-2023-22512, CVE-2023-22513, and CVE-2023-28709, which affect their products. These...
OpenSSL Releases Update to Address Several High-Severity Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The OpenSSL Project has released fixes for several security flaws, including a high-severity bug CVE-2023-0286 that could expose users to malicious attacks. The bug is related to a type of confusi...
Woody RAT leverages Follina to target Russia
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The unknown threat actor employs the Woody RAT to spear-phish Russian organizations. The malware was distributed via archive files and later switched to Microsoft Office documents leveraging the now-patched...
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. SolarWinds is affected by a vulnerability CVE-2021-35247 due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in...
The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day
Summary: DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability...
Old Zimbra vulnerability used to target Ukrainian Government Organizations
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team CERT-UA has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attacker...
Spyware Group Candiru exploits Chrome Zero-Day to Target Middle East
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary CandiruSaito Tech spyware used the recently fixed CVE-2022-2294 Chrome zero-day in assaults on journalists, with a substantial portion of the attacks taking place in Lebanon. This recently patched vulnerability...
Microsoft Patch Tuesday April 2022 addressed two zero-day vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 128 vulnerabilities in there April patch Tuesday update. Two of them have been categorized as zero-day vulnerabilities. One of the two zero-days is exploited-in-the-wild as well. The vulnerability,...
Vmware vCenter Flaws Leading to RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts...
Actors, Threats and Vulnerabilities 22 to 28 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of ten attacks executed, taking advantage of four different vulnerabilities in vario...
A Critical Vulnerability That Affects ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability in several ManageEngine products allows for remote code execution RCE without authentication. This vulnerability is tracked as CVE-2022-47966 and is caused by an outdated...
BackdoorDiplomacy targets the telecom industry in the Middle East
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BackdoorDiplomacy, an advanced persistent threat APT gang with roots in China, is most likely behind a hostile campaign targeting the Middle East. The espionage action, aimed at a Middle Eastern telecom...
Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The active exploitation of an unpatched CVE-2022-41352 remote code execution RCE vulnerability found in the Zimbra Collaboration Suite ZCS. It empowers attackers to upload arbitrary files and...
Authentication Bypass Vulnerability in Zyxel Firmware
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability CVE-2022-0342 has been discovered in the firmware of some of Zyxels business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This...
Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of them ar...
Atlassian’s Latest Critical Confluence Flaw Poses Risk of Data Loss
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability identified in Atlassian as CVE-2023-22518 which pertains to be an improper authorization issue in Confluence Data Center and Server. If successfully exploited by an...
Chrome’s zero-day flaw allows arbitrary code execution
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A vulnerabilityCVE-2022-2856 in Google Chrome, has been exploited in the wild. Additionally, Chrome has addressed several other use-after-free vulnerabilities in multiple components, including FedCM,...
Chrome’s eleventh zero-day vulnerability for the year 2021 has been patched
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A vulnerability in Chrome and Microsoft edgeChromium based exists as a result of a use-after-free issue when processing HTML data in Google Chromes Portals component. A remote attacker can create a specially designed site,...
Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Two actively exploited vulnerabilities CVE-2021-30858 and CVE-2021-30860 have been fixed in Apples iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by...
LockBit 3.0 makes a comeback by exploiting Log4j
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary LockBit 3.0 LockBit Black, a new variant of LockBit Ransomware, is deploying Cobalt Strike beacons on compromised systems by exploiting the Windows Defender command line tool and Log4j in VMware Horizon...
Rook: New Ransomware in the market scavenges code from Babuk
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Security researchers found new ransomware dubbed as Rook that reuses the code from Babuk which was released earlier. It was initially seen on VirusTotal on November 26th and pwned its first victim, a Kazkh financial...
Microsoft’s February 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Summary: Microsofts February 2024 Patch Tuesday addresses 73 vulnerabilities, including actively exploited zero-days, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows SmartScreenCVE-2024-21351, Internet Shortcut FilesCVE-2024-21412, and Microso...
Kinsing Malware Utilizes Apache ActiveMQ RCE to Deploy Rootkits
Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware aka h2miner, which functions as a...
Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as "Looney Tunables CVE-2023-4911" as part of a new campaign aimed at breaching cloud...
What will be the consequence of this disputed vulnerability in 7-ZIP?
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The zero-day vulnerability in 7- Zip software, tracked as CVE-2022-29072 is marked as disputed by the National Vulnerability DatabaseNVD, and sparked discussions over its consequences. This started when a researcher published ...
Patch available for pre-announced Critical Vulnerability in OpenSSL
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after...
Google Chrome’s seventh zero-day of 2022
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability has been discovered in Google Chrome versions prior to 107.0.5304.87. A type of confusion vulnerability tracked as CVE-2022-3723 is the seventh zero day of 2022 and is sai...
Microsoft’s privilege escalation vulnerability that refuses to go away
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While...
BillQuick Web Suite’s severe vulnerability may affect 400K users
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple versions of BillQuick Web Suite have been found to have a critical vulnerability. A hacker was able to get initial access to a US engineering company by exploiting this serious vulnerability CVE 2021 42258. It also...
Critical Remote Code Execution Flaws Uncovered in Jenkins
Summary: Multiple vulnerabilities have been discovered in Jenkins and number of associated plugins, allowing attackers unauthorized data access and execute arbitrary commands. The critical vulnerability CVE-2024-23897, allows attackers to read system files and opens number of attack vectors...
GitLab Fixes Critical Account Takeover Vulnerability
Summary: Critical GitLab vulnerability CVE-2023-7028 enables unauthorized users to take over the administrator account without user interaction. Exploiting password reset flaws, attackers can submit two emails, both target as well as attacker account leading to complete account takeover. Users wi...
New IDAT Loader Unleashes Infostealers in Fake Browser Update Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is packaged...
BlueSky ransomware incorporates Multithreading to expedite encryption
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary BlueSky ransomware is actively targeting businesses and demanding a ransom. It appears that they have ties with the Conti ransomware group. The malware is now primarily targeting Windows hosts and uses...
Have you patched this actively exploited BIG-IP vulnerability?
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Last week, F5 patched a vulnerability tracked as CVE-2022-1388, soon after a successful Proof-of-conceptPoC was developed by security researchers making it susceptible to further exploitation. This authentication bypass...
Privilege Escalation Vulnerability in Snap Package Manager puts Linux users at risk
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here A privilege escalation vulnerability has been identified in Canonical Snap software package manager that affects the Linux-based operating systems. Successful exploitation of this issue might allow an attacker to escalate...
A zero-day vulnerability has been discovered in PAN’s GlobalProtect firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Palo Alto Networks PAN released an update on November 10, 2021, that patched CVE-2021-3064, which was discovered and disclosed by Randori. This vulnerability affects PAN firewalls that use the GlobalProtect Portal VPN, and ...
Attacks, Vulnerabilities and Actors 19 June to 25 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, taking advantage of seventeen different vulnerabilities ...
VectorStealer Malware steals Sensitive Information via RDP Hijacking and Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary VectorStealer is a malware that steals .rdp files through phishing emails, can be generated for USD 63 in Bitcoin, exfiltrates stolen information through SMTP, Discord, or Telegram, and uses the KGB...
Kasablanka Group Launches Phishing Campaigns Targeting Russian Government Entities
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writes and...
Active exploitation of the Fortinet pre-auth RCE vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as...
Attacks, Vulnerabilities and Actors 29 January to 4 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and six exploited...