1589 matches found
Rancoz Ransomware Employs Advanced Techniques to Encrypt Victims’ Files
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rancoz ransomware demonstrates the growing danger of tailored ransomware strains, leveraging advanced encryption techniques. To receive real-time threat advisories, please follow HiveForce Labs on Linked...
Google Chrome Emergency Update Fixes Zero-Day Exploit in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A potential vulnerability in Google Chrome versions before 112.0.5615.121, identified as CVE-2023-2033, involves Type confusion in V8, which could allow a remote attacker to potentially exploit he...
Threat Actors launch a campaign to exploit vulnerability in Fortinet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tailgate campaign is currently being carried out by the threat actors Hafnium and OilRig. The goal of this campaign is to exploit vulnerabilities in Fortinet. Recently discovered vulnerability...
Zero-day vulnerability in Windows terminal management tool gets a hotfix
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft Endpoint Configuration Manager MECM has a spoofing vulnerability that allows remote attackers to access sensitive data. The zero-day vulnerability has been identified as CVE-2022-37972...
Chinese state-sponsored threat group APT41 targets U.S. critical organizations using two Zero-Days
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A China state-sponsored threat group known as APT41 is observed compromising at least six U.S. state governments networks in a threat campaign beginning from May 2021. APT41 is a well-known Chinese state-sponsored espionage...
JetBrains TeamCity Authentication Bypass Flaw, Paving the Way for Server Takeover
Summary: JetBrains addressed a critical security flaw in its TeamCity On-Premises product. The vulnerability identified as CVE-2024-23917, could potentially allow an unauthorized attacker with HTTPS access to a TeamCity server to circumvent authentication mechanisms and acquire administrative...
Attacks, Vulnerabilities and Actors 22 January to 28 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, three instances of adversary activity, and three exploited...
Apple Fixes First Actively Exploited Zero-day of 2024
Summary: The CVE-2024-23222 vulnerability in Apples WebKit is actively being exploited, as the processing of maliciously crafted web content may result in arbitrary code execution, posing a severe threat to the security and control of affected tvOS, iPhones, iPads, and macOS. Immediate updating i...
Two Zero-Day Flaws Found in Ivanti Connect Secure and Policy Secure
Summary: The active exploitation of zero-day vulnerabilities CVE-2023-46805 and CVE-2024-21887 in Ivanti Connect Secure and Ivanti Policy Secure gateways presents a serious threat, allowing unauthorized remote code execution. The actor, recognized as the Chinese nation-state-level entity UTA0178,...
Adobe ColdFusion Vulnerability Leads to Federal Agency Breach
Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability CVE-2023-26360 on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level - Red |...
Attacks, Vulnerabilities and Actors 23 October to 29 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited...
Apple Addresses Two Zero-Day Flaws Exploited by Attackers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apples two zero-day vulnerabilities CVE-2023-41064 and CVE-2023-41061 enable arbitrary code execution and system crashes. As these vulnerabilities are actively exploited, they pose severe risks,...
Cuba Ransomware Targets U.S. with Veeam Exploit
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Cuba ransomware has targeted attacks on critical infrastructure organizations in the United States and IT enterprises across Latin America. In order to acquire credentials, it employs a blend of old...
A Deserialization Vulnerability Found in Apache Dubbo
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apache has released a security notice for a deserialization vulnerability CVE-2023-23638 in Apache Dubbo that allows remote attackers to execute arbitrary code on the target system. To receive...
UNC3886 targets technologies with custom malware and exploits zero-day vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC3886 is a cyber espionage Chinese group that targets technologies without EDR solutions and exploits zero-day vulnerabilities to steal user credentials and maintain access. To receive real-time threat...
Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...
The SteelClover Group is Spreading Malware via Google Ads in Japan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SteelClover is a malicious attack group that has been active since 2019 and has been observed to conduct various attacks for financial gain. SteelClover recently saw a rise in malware downloading inciden...
Google Chrome Vulnerability Exposes Data of 2.5 Billion Users
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Google Chrome could affect over 2.5 billion users. An attacker can exploit this vulnerability for the theft of sensitive files, such as crypto wallets and cloud provider...
Zero-day Vulnerability in the WordPress BackupBuddy Plugin
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read...
Two Vulnerabilities discovered in AWS Client VPN
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...
Ukraine government entities targeted by a destructive malware “Whispergate”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. A malware attack was carried out on Ukraine government, non-profit, and IT entities with a wiper disguised as ransomware. The threat actor, DEV-0586 targeted government bodies that provide critical executive branch or emergen...
Have you updated your Zoom meeting?
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Two Critical vulnerabilities have been found in Zoom products. These vulnerabilities were discovered by Natalie Silvanovich, a researcher from Google Project Zero. The first vulnerability, CVE-2021-34423 is a high severity...
Juniper’s Critical RCE Vulnerability Shakes Network Security
Summary: Juniper Networks has a critical remote code execution RCE vulnerability, CVE-2024-21591, which affects SRX Series firewalls and EX Series switches. This flaw enables attackers to trigger a Denial-of-Service condition and potentially execute remote code with root privileges. Threat Level ...
Attacks, Vulnerabilities and Actors 25 December to 31 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, four instances of adversary activity, and five exploited...
Lazarus’s Operation Blacksmith Deploys Novel Dlang RATs
Summary: The Lazarus Group, a North Korea-linked threat actor, has been identified in a new global campaign called "Operation Blacksmith." In this campaign, the group opportunistically exploits the security vulnerability CVE-2021-44228 in Log4j to deploy previously undocumented RATs on compromise...
GNOME Linux Systems Exposed to 1-Click RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new security vulnerability, known as CVE-2023-43641, has been identified in the libcue library. This library is utilized by Tracker Miners and is shipped along with the GNOME desktop environment...
Actors, Threats and Vulnerabilities 16 January 2023 – 22 January 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors during the past week. The first, Earth Bogle, is a notable threat actor known for information theft and espionage. The second,...
Stranger Strings: A 22-year-old vulnerability in SQLite
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in the SQLite library API has been assigned CVE-2022-35737, which could allow an attacker to crash or control programs...
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition CE and Enterprise Edition EE has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it...
Environment Variables Leak affect Multiple browsers
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A system environment variables leak security bug was found in Chromium 92 version. Multiple web browsers are based on the chromium engine, such as Google Chrome, Microsoft Edge, Opera, and Brave. Most of them are reported t...
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Two critical zero-day vulnerabilities have been identified in Mozilla Firefox that are being exploited in-the-wild and tracked as CVE-2022-26485 and CVE-2022-26485. Both are use-after-free bugs that exist in XSLT parameter...
VMware addresses security flaws discovered during Tianfu Cup Pwn Contest
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here VMware addressed vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation, few months after the discovery of these bugs by participants at Tianfu Cup Pwn Contest. VMware has rated some of these vulnerabilities as...
Critical SQL Injection Vulnerability Discovered in Atlassian Bamboo
Summary: Atlassian has released patches addressing several security vulnerabilities, including a significant critical issue impacting Bamboo Data Center and Server, identified as CVE-2024-1597. This flaw, leading to a SQL injection, poses a risk of unnecessary data exposure and potential data...
Microsoft’s March 2024 Patch Tuesday Addresses 60 Vulnerabilities
Summary: Microsofts March 2024 Patch Tuesday addresses 60 vulnerabilities, including two critical vulnerabilities, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows Hyper-V CVE-2024-21407 and CVE-2024-21408 require immediate attention to mitigat...
Apple Rolls Out Critical Updates to Address Zero-Day Flaws
Summary: Apple has addressed two zero-day vulnerabilities in iOS, namely CVE-2024-23225 and CVE-2024-23296. These vulnerabilities were exploited in attacks targeting Mobile devices, providing attackers with arbitrary kernel read and write privileges, enabling them to bypass kernel memory...
BlazeStealer Malware Uncovered in Python Packages on PyPI
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...
North Korean Actors Behind Active Exploitation of TeamCity Vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The North Korean threat actors Lazarus and its subgroup Andariel are actively exploiting the CVE-2023-42793 vulnerability, which is an authentication bypass vulnerability, after successful exploitation, ...
China’s Cyber Espionage Targets Semiconductor Giants in East Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In recent cyber espionage activities, threat actors affiliated with the Peoples Republic of China PRC have targeted semiconductor companies operating in Mandarin/Chinese-speaking regions of East Asia...
VMware Cloud Foundation has a significant RCE flaw
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution RCE vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise...
Google Chrome browser suffers from another zero-day vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary There is a vulnerability in the Chrome browser, identified as CVE-2022-3075, that is actively exploited in the wild...
Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Microsoft addressed 51 vulnerabilities in the February 2022 patch Tuesday release, one of which was classified as a zero-day vulnerability. A remote attacker could exploit some of these vulnerabilities to gain control of a...
Attacks, Vulnerabilities and Actors 18 to 24 March 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, eight vulnerabilities were uncovered, and five active adversaries...
Critical Remote Code Execution Flaw Uncovered in Apache Struts 2
Summary: A significant vulnerability has been identified in the Apache Struts 2 open-source web application framework, labeled CVE-2023-50164. This flaw poses a severe risk of remote code execution and unauthorized path traversal. Threat Level - Red | Vulnerability Report For a detailed threat...
Exploit found in the wild for Critical VMware Aria Operations Bug
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary An exploit has surfaced for CVE-2023-20864, a highly significant security vulnerability within the VMware Aria Operations for Logs analysis tool utilized in cloud management. This exploit empowers...
Hive Pro: Threat Exposure Management – Datasheet
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Actively Exploited Zero-Day Bug in Chrome
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-4135 is a high-severity heap buffer overflow issue that affects the GPU component. The fault is caused by a boundary error in the GPU while processing untrusted HTML input. An attacker wh...
Did Patch Tuesday address the zero-day flaw in Microsoft Exchange
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addresses two new zero-day vulnerabilities tracked under CVE-2022-41033, an Elevation of Privilege vulnerability exploited in the wild. CVE-2022-41043 is an Information Disclosure...
Zoho ManageEngine Desktop Central affected by critical vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Zoho has patched a critical vulnerability CVE-2021-44757 in Desktop Central and Desktop Central MSP which are unified endpoint management UEM solutions. A security vulnerability exists in the Desktop Central and Desktop...
A similar vulnerability like Log4shell discovered in H2 database console
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...
Attacks, Vulnerabilities and Actors 01 to 07 July 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made substantial advancements in identifying cybersecurity threats. In just the past week, HiveForce Labs detected eleven executed attacks, reported five vulnerabilities, and identified three active...