1589 matches found
Pro-Russian Hacktivist Group NoName057(16) Launches Cyber Attacks on Ukraine and NATO Organizations
Threat Level Actors Report For a detailed threat advisory, download the pdf file here Summary NoName05716 is a pro-Russian hacktivist group that has been conducting a campaign of DDoS attacks on Ukraine and NATO organizations since the early days of the war in Ukraine. The group has targeted...
Adversaries strike critical Windows IKE flaw in the “Bleed You” campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An active "Bleed You" campaign is leveraging a critical RCE CVE-2022-34721 vulnerability in Windows Internet Key Exchange IKE Protocol Extensions to assist subsequent malware and ransomware assaults and...
Microsoft addressed ProxyNotShell with November Patch Tuesday
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addressed six zero-day vulnerabilities in this patch Tuesday, along with other significant vulnerabilities that could lead to Remote Code Execution, Information Disclosure, and Denial of...
Sandworm Team using a new modular malware Cyclops Blink
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The National Cyber Security Centre NCSC in the United Kingdom, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have discovered that the...
Drop everything and patch VMware’s vCenter Server Vulnerabilities
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here. VMware has issued patches for 19 new vulnerabilities. CVE-2021-22005 is the worst of the lot, defined as "an arbitrary file upload vulnerability in the Analytics service" of the vCenter Server. An attacker with network acce...
Attacks, Vulnerabilities and Actors 20 November to 26 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, six instances of adversary activity, and one exploited...
Lace Tempest Exploits Zero-Day in a Strategic Strike on SysAid
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Lace Tempest has been implicated in exploiting a zero-day vulnerability, identified as CVE-2023-47246. This exploitation allows for the execution of code within SysAid on-premise software, leading...
‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2023-4911, also known as "Looney Tunables," is a critical buffer overflow vulnerability discovered in the GNU C Librarys dynamic loader, specifically in the processing of the GLIBCTUNABLES...
DarkCloud Stealer A Multi-Stage Malware That Pilfers Sensitive data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkCloud Stealer is a type of malware distributed worldwide through spam operations and designed to pilfer sensitive information from a victims device. The sale of DarkCloud Stealer was reported in...
Dalbit Threat Actor Launches Attack Campaign Against Multiple Korean Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Dalbit is a threat actor group that has been active since at least 2022. They have been targeting South Korean companies, with more than 50 confirmed attack attempts so far. The group relies on open-sourc...
Apple Addressed A Zero-day Vulnerability With An Emergency Security Update
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has released an emergency security update to fix a zero-day vulnerability, CVE-2023-23529, that could be used to hack iPhones, iPads, and Macs. The vulnerability was found in WebKit and coul...
Bypass Authentication vulnerability in Atlassian Jira Seraph
THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Atlassian has addressed a vulnerability in its Jira Seraph software, tracked as CVE-2022-0540. An unauthenticated attacker can use to bypass authentication. By submitting a specially crafted HTTP request to the affected...
Critical Vulnerabilities revealed in Microsoft’s Patch Tuesday
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been patched by Microsoft in August 2021 Patch Tuesday. Three of them have been labeled as zero-day vulnerabilities CVE-2021-36936, CVE-2021-36942, and CVE-2021-36948. One of them CVE-2021-36948...
Water Hydra Exploits CVE-2024-21412 to Target Financial Traders
Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...
Critical RCE Flaw in Atlassian Confluence Sparks Active Exploitation
Summary: CVE-2023-22527 is a critical Remote Code Execution vulnerability in outdated Atlassian Confluence versions, actively exploited by malicious actors. Immediate patching to recommended versions is crucial, as nearly 40,000 exploitation attempts have been recorded within three days of...
Barracuda Fixes ACE Zero-day Vulnerability Exploited by Attackers
Summary: The Barracuda Email Security Gateway vulnerability CVE-2023-7102 allows remote attackers to execute arbitrary commands, posing a substantial threat to the security and functionality of affected systems. Exploitation by threat actors has led to the deployment of new malware variants,...
Google’s Battle Against Zero-Day Vulnerability Continues
Summary: Google has recently implemented a security enhancement to address a high-severity zero-day vulnerability, identified as CVE-2023-7024, that can lead to program crashes or enable arbitrary code execution. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download t...
GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition EE. This vulnerability is significant as it enables an attacker to execute pipelines as another...
DreamBus Botnet Exploiting A Critical Vulnerability in Apache RocketMQ
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2023-33246 in Apache RocketMQ servers enables remote code execution, leading to a surge in attacks, including the deployment of the DreamBus malware. Timely system...
A Financially Motivated Threat Group UNC961 Targeting North American Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary UNC961 is a financially motivated cyber threat group that targets organizations in North America, with a focus on exploiting vulnerable Internet-facing servers during periods of vulnerability and exploit...
GitLab releases new CE and EE versions to address integer overflow vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The GitLab CE and EE have two security issues in Git. One of them is CVE-2022-41903, which is an integer overflow in the ‘git-log’ and ‘git-archive’ commands that can result in arbitrary heap writ...
Vulnerable Atlassian Confluence Servers utilized to drop Crypto Miners
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Atlassian Confluence Servers CVE-2022-26134, an unauthenticated remote code execution RCE vulnerability that was recently patched, is being used by adversaries to deploy cryptocurrency mining malware...
Apple Addresses A Zero-Day Vulnerability Which Is Actively Exploited in Wild
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-37450 discovered in multiple Apple products is being actively exploited in the wild, specifically when processing web content. This vulnerability can potentially resul...
Lazarus Strikes with WinorDLL64 Backdoor Discovered in Wslink Malware loader
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A newly discovered backdoor named WinorDLL64 seems to be associated with the malware downloader Wslink. This revelation suggests that Lazarus, the notorious North Korea-aligned group, may have employed...
Atlassian Addresses Issues in Crowd and Bitbucket Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...
Google Patches Critical Zero-Day Exploits Found at Pwn2Own
Summary: Google patched two zero-day vulnerabilities in Chrome CVE-2024-2886, CVE-2024-2887 from Pwn2Own Vancouver 2024, allowing arbitrary code execution. Updating Chrome is essential to ensure youre protected. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download th...
Fortinet Releases Patches for Critical Vulnerabilities in Various Products
Summary: A critical SQL Injection vulnerability CVE-2023-48788 in FortiClientEMS software enables attackers to execute unauthorized code or commands via specially crafted HTTP requests. Additionally, two other critical bugs in FortiOS and FortiProxy have been addressed. Update promptly to patched...
Ivanti Gateways Under Attack by Cybercriminals Patch Now
Summary: Cyber threat actors have been exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways, including CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, which allow them to bypass authentication and execute arbitrary commands with elevated privileges. Despite...
Attacks, Vulnerabilities and Actors 12 to 18 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, five vulnerabilities were uncovered, and three active adversaries we...
Ivanti Addresses Yet Another VPN Flaw Within a Month
Summary: Ivanti has addressed a newly discovered vulnerability impacting ZTA, Policy, and Connect Secure gateways. Tracked as CVE-2024-22024, this vulnerability stems from a weakness in the SAML component of the gateways related to XXE XML eXternal Entities, enabling remote attackers to access...
Attacks, Vulnerabilities and Actors 6 November to 12 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty-five executed attacks, six instances of adversary activity, and four exploited...
Socks5Systemz Proxy Botnet Infects 10,000 Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A sophisticated proxy botnet known as Socks5Systemz has insidiously infiltrated over 10,000 computers by employing the PrivateLoader and Amadey malware loaders. The masterminds behind this botnet offer...
Fortinet addresses Authentication Bypass in addition to numerous flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security flaws across its products, including a high-severity authentication bypass affecting FortiOS and FortiProxy tracking CVE-2022-35843 in FortiOSs SSH login component. Onl...
Security Updates in Multiple Products of Adobe
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Adobe Products: 16 critical vulnerabilities have been fixed in Adobe Acrobat and Reader which are listed below: Code execution: CVE-2021-44701, CVE-2021-44704, CVE-2021-44705...
Google fixes multiple vulnerabilities in Chrome
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Google Chrome has been updated to version 97, which addresses 37 security flaws. Google has classed ten of them as High and one as Critical, while the remaining thirteen have been classified as Medium or Low. These flaws po...
Weren’t you warned about reactivating the Print Spooler?
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. After almost 10 days of releasing an advisory by the Hive Pro Threat Research team, a new vulnerability has been found in Windows Print Spooler. This is a privilege escalation flaw that allows attackers to run arbitrary code...
Citrix Warns of Critical Netscaler Flaws Actively Exploited in Attacks – Urges Immediate Patching
Summary: Two zero-day security vulnerabilities, identified as CVE-2023-6548 and CVE-2023-6549, have been discovered in NetScaler ADC and NetScaler Gateway. These vulnerabilities are actively exploited in the wild. CVE-2023-6548 affects the NetScaler management interface, potentially leading to...
Active Exploitation of Two Critical Flaws in Microsoft SharePoint
Summary: Active attacks targeting a critical Microsoft SharePoint Server vulnerability CVE-2023-29357 pose a severe risk, enabling privilege escalation for potential full administrator access. This flaw, coupled with CVE-2023-24955, allows arbitrary code execution. Immediate patching is crucial, ...
Microsoft’s January 2024 Patch Tuesday Addresses 49 Vulnerabilities
Summary: Microsofts January 2024 Patch Tuesday addressed 49 vulnerabilities, including two critical ones, covering various products. Notably, a high-risk Kerberos security flaw CVE-2024-20674 and a network-adjacent Hyper-V vulnerability CVE-2024-20700 were patched, urging prompt updates to mitiga...
Google Addresses Sixth Zero-Day Flaw Exploited by Attackers Wildly
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability CVE-2023-6345 actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 Windows or 119.0.6045.199 Mac and Linux promptly to safeguard...
Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-4863 in Google Chrome enables arbitrary code execution and system crashes. Actively exploited "in the wild," it poses severe risks, including data exposure and...
A Critical Vulnerability in Openfire Admin Console Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-32315 in Ignite Realtime Openfire, enabling unauthorized access to privileged pages. Attackers exploit this by bypassing authentication, prompting immediate updates for...
STORM-1359 DDoS triggered outage of Microsoft Services
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The STORM-1359 group a.k.a Anonymous Sudan recently targeted Microsoft services with a DDoS attack, resulting in the disruption of multiple services. To receive real-time threat advisories, please follow...
A critical flaw in Cisco IOx Root Access Threat has been discovered
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cisco has issued security patches to address a high-severity vulnerabilityCVE-2023-20076 in the Cisco IOx application hosting environment that can be exploited to execute arbitrary commands as roo...
Proof-of-concept released for Windows CryptoAPI vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by...
Shell Command Injection Vulnerability found in Apache Spark
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Apache Spark recently disclosed a weakness, CVE-2022-33891, which would allow threat actors to execute arbitrary shell commands as a Spark...
Critical VMware Vulnerabilities Leading To Sandbox Escape
Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMwa...
Attacks, Vulnerabilities and Actors 11 December to 17 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eleven executed attacks, six instances of adversary activity, and five exploited...
Attacks, Vulnerabilities and Actors 4 September to 10 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of ten executed attacks, one instance of adversary activity, and six vulnerabilities...
Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-37580 in Zimbra Collaboration Suite ZCS version 8.8.15 is a Cross-Site Scripting XSS flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can...