Lucene search
K
HiveproMost viewed

1589 matches found

hivepro
hivepro
added 2024/02/27 7:44 a.m.35 views

Attacks, Vulnerabilities and Actors 19 to 25 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, five vulnerabilities were uncovered, and five active adversaries...

7.5CVSS8AI score0.99959EPSS
Exploits9
hivepro
hivepro
added 2024/02/23 6:45 a.m.35 views

Critical Vulnerabilities in ScreenConnect Under Active Exploitation

Summary: Critical vulnerabilities in ScreenConnect CVE-2024-1709 allow attackers unauthorized access without credentials, while CVE-2024-1708 enables remote code execution. Hackers can gain direct access to confidential information or critical systems. Immediate patching is essential to mitigate...

7.5CVSS8.1AI score0.99959EPSS
Exploits9
hivepro
hivepro
added 2024/02/15 1:48 p.m.35 views

Critical Flaw in Zoom Windows Apps Allows Privilege Elevation

Summary: Zoom has addressed an input validation flaw CVE-2024-24691 that renders the Zoom desktop and VDI clients, along with the Meeting SDK for Windows, vulnerable to privilege escalation on the target system via the network, even by an unauthenticated attacker. Threat Level - Red | Vulnerabili...

6.8CVSS7.5AI score0.01689EPSS
Exploits0
hivepro
hivepro
added 2023/11/09 5:33 a.m.35 views

Millenium RAT the $30 Access Ticket to Data Theft

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Millenium RAT, a Win32 executable built on .NET, specifically version 2.4, is available on GitHub for a one-time fee of $30, granting lifetime access. Notably, this RAT is actively developed and has...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/10/14 12:27 p.m.35 views

Balada Injector A Large-Scale Malware Campaign Targeting WordPress

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security...

5.8CVSS6.1AI score0.01595EPSS
Exploits2
hivepro
hivepro
added 2023/08/11 11:46 a.m.35 views

Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2017-18368 in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. Th...

10CVSS7.1AI score0.94508EPSS
Exploits2
hivepro
hivepro
added 2023/03/01 8:42 a.m.35 views

Blackfly Chinese APT targets Asian conglomerate in materials sector

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, has been targeting multiple subsidiaries of an Asian conglomerate operating in the...

1AI score
Exploits0
hivepro
hivepro
added 2023/02/02 11:14 a.m.35 views

The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others...

2.7AI score
Exploits0
hivepro
hivepro
added 2023/01/16 12:29 p.m.35 views

Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability CVE-2023-20025 allows an unauthenticated attacker...

4.7AI score0.01633EPSS
Exploits0
hivepro
hivepro
added 2023/01/06 2:16 p.m.35 views

Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged...

4.4AI score0.70578EPSS
Exploits0
hivepro
hivepro
added 2022/12/30 1:36 p.m.35 views

WordPress plugin has been exploited in the wild to mount backdoors

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw...

2.3AI score0.13514EPSS
Exploits2
hivepro
hivepro
added 2022/12/02 11:27 a.m.35 views

Google addressed an array of bugs with Chrome 108

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux fixes several vulnerabilities. There are eight high-severity security flaws and 14 medium-severity flaws. The most significa...

8.8AI score0.00881EPSS
Exploits1
hivepro
hivepro
added 2022/09/09 11:47 a.m.35 views

Is APT 42 a significant threat in the future?

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT42 is an Iranian state-sponsored cyber espionage group. The gang, which has been operating since at least 2015, is distinguished by its highly targeted spear phishing and surveillance operations...

1.4AI score
Exploits0
hivepro
hivepro
added 2024/06/21 3:14 a.m.34 views

Attacks, Vulnerabilities and Actors 10 to 16 June 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made significant advancements in identifying cybersecurity threats. Over the past week alone, HiveForce Labs has detected five executed attacks, reported seven vulnerabilities, and identified one active...

7.8CVSS7.1AI score0.04014EPSS
Exploits0
hivepro
hivepro
added 2024/02/20 11:19 a.m.34 views

Akira Ransomware Exploits Cisco Flaw for Maximum Impact

Summary: The Akira ransomware has been identified for utilizing the Cisco AnyConnect SSL VPN as its initial access vector, specifically exploiting the CVE-2020-3259 vulnerability. Despite Cisco addressing this vulnerability with patches released in May 2020, the threat remains prevalent. Threat...

5CVSS7.2AI score0.71789EPSS
Exploits0
hivepro
hivepro
added 2024/01/09 10:10 a.m.34 views

Attacks, Vulnerabilities and Actors 1 January to 7 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited...

5.8CVSS8AI score0.0997EPSS
Exploits0
hivepro
hivepro
added 2023/10/14 8:30 a.m.34 views

Grayling APT Emerges as a Silent Threat Targeting Taiwan

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/14 5:33 a.m.34 views

Adobe Acrobat Zero-Day Exploited in Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-26369, poses a critical security risk as it allows remote attackers to compromise vulnerable systems. This vulnerability affects Acrobat on both...

4.4CVSS7.4AI score0.07036EPSS
Exploits0
hivepro
hivepro
added 2023/09/01 8:41 a.m.34 views

A Critical Vulnerability uncovered in VMware Aria Operations for Networks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities have been discovered in VMware Aria Operations for Networks formerly vRealize Network Insight. The first vulnerability, CVE-2023-34039, is an authentication bypass that allows...

7.5CVSS8.5AI score0.63947EPSS
Exploits9
hivepro
hivepro
added 2023/08/30 11:9 a.m.34 views

Unveiling New Windows Ransomware Named Trash Panda

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trash Panda is a ransomware that encrypts files on Windows machines, replaces the desktop wallpaper, and drops a ransom note with political messages. It adds a ‘.monochrome’ extension to the encrypted...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/03/28 6:40 a.m.34 views

New Dark Power Nim-based Ransomware Targeted Attacks Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Dark Power ransomware gang uses Nim programming language to create malware that encrypts specific services and processes, excludes crucial system files, clears logs, and generates a ransom note in...

6.7AI score
Exploits0
hivepro
hivepro
added 2023/01/12 6:23 a.m.34 views

Google releases Chrome 109 with a range of bug fixes

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome 109 is being promoted to the stable channel for Windows, Mac, and Linux. It contains a number of bug fixes and improvements, including use after free in Overview Mode, a heap buffer...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/11/02 12:9 p.m.34 views

APT10 distributes LODEINFO malware to deploy infection chains

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control C2...

2AI score
Exploits0
hivepro
hivepro
added 2024/03/06 5:21 p.m.33 views

Critical Vulnerabilities Discovered in TeamCity, Enable Server Takeover

Summary: Two vulnerabilities in the JetBrains TeamCity On-Premises software have been discovered CVE-2024-27198 and CVE-2024-27199. Threat actors may attempt to take advantage of these vulnerabilities in order to breach and gain control of the impacted systems leading to system compromise. Threat...

7.5CVSS10AI score0.99991EPSS
Exploits25
hivepro
hivepro
added 2024/02/29 3:5 p.m.33 views

Xeno RAT Open-Source Trojan Sparks Alarm

Summary: The Xeno RAT, a remote access trojan RAT available on GitHub, has gained attention in the threat landscape due to its open-source nature. This C-based malware is compatible with both Windows 10 and 11, specifically targeting consumers by presenting itself as disguised binaries that...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/10/06 7:1 a.m.33 views

Atlassian Confluence Zero-Day Actively Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day flaw, identified as CVE-2023-22515, affecting Confluence Data Center and Server instances is being actively exploited. This remotely exploitable vulnerability enables external...

7.5CVSS7AI score0.99156EPSS
Exploits39
hivepro
hivepro
added 2022/12/09 5:58 a.m.33 views

Linux flaws could be chained together to achieve root access

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities CVE-2022-41974 and CVE-2022-41973 can either be exploited individually or in combination to lead to local privilege escalation, the first potentially causing a symlink attack a...

4.6AI score0.00658EPSS
Exploits5
hivepro
hivepro
added 2022/08/09 7:51 a.m.33 views

Iranian threat actor targets the Albanian government using ROADSWEEP ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called...

1.9AI score
Exploits0
hivepro
hivepro
added 2021/07/13 12:50 p.m.33 views

Threat Actors are actively exploiting a SolarWinds Zero-Day Vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A zero-day vulnerability CVE-2021-35211 that impacts the Serv-U Managed File Transfer and Serv-U Secure FTP, is been exploited by multiple threat actors. The PoC of this exploited vulnerability was given to SolarWinds by...

10CVSS0.7AI score0.9116EPSS
Exploits2
hivepro
hivepro
added 2024/03/27 12:15 p.m.32 views

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

7.5AI score
Exploits0
hivepro
hivepro
added 2024/02/13 11:12 a.m.32 views

Attacks, Vulnerabilities and Actors 5 to 11 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of five attacks were executed, six vulnerabilities were uncovered, and two active adversaries were...

6.8CVSS7.6AI score0.88196EPSS
Exploits2
hivepro
hivepro
added 2023/12/27 7:23 a.m.32 views

Attacks, Vulnerabilities and Actors 18 December to 24 December 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of 15 executed attacks, 4 instances of adversary activity, and 7 exploited vulnerabilities,...

6.8CVSS7.4AI score0.07356EPSS
Exploits2
hivepro
hivepro
added 2023/10/23 5:35 a.m.32 views

BlackCat Incorporates ‘Munchkin’ into Its Arsenal

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware group has introduced a new tool called Munchkin in its operations. This tool employs virtual machines VMs to stealthily deploy encryptors on network devices. Munchkin allows the...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/09/25 5:14 a.m.32 views

Critical Security Vulnerabilities Uncovered in Nagios XI

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities have been identified in Nagios XI, a network monitoring software, which could potentially lead to privilege escalation and information disclosure. These...

7AI score0.13484EPSS
Exploits3
hivepro
hivepro
added 2023/08/17 6:23 a.m.32 views

LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/07/21 8:38 a.m.32 views

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

10CVSS6.8AI score0.9967EPSS
Exploits8
hivepro
hivepro
added 2023/01/06 2:9 p.m.32 views

Several vulnerabilities are addressed by Fortinet across its product range

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security vulnerabilities across its products, most notably FortiADC, which has a high-severity command injection bug listed as CVE-2022-39947 due to incorrect input validation i...

2AI score0.02891EPSS
Exploits0
hivepro
hivepro
added 2022/10/27 1:54 p.m.32 views

Lazarus neutralizes antivirus software using BYOVD technique

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lazarus group exploits known vulnerabilities within Dream Securitys MagicLine4NX and INITECH INISAFE CrossWEB EX V3 by utilizing Bring Your Own Vulnerable Driver BYOVD technique to neutralize an...

2.2AI score
Exploits0
hivepro
hivepro
added 2024/03/18 8:11 a.m.31 views

Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites

Summary: A critical Cross-Site Scripting XSS vulnerability CVE-2024-2194 in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or sit...

6.4CVSS6AI score0.67723EPSS
Exploits1
hivepro
hivepro
added 2024/01/25 12:55 p.m.31 views

Critical GoAnywhere MFT Flaw Allows Attackers to Become Admins

Summary: A critical authentication bypass vulnerability CVE-2024-0204 in Fortra GoAnywhere MFT enables attackers to create new admin users with full privileges, potentially leading to data exfiltration, malware deployment, and further attacks within the network. Threat Level - Red | Vulnerability...

7.5CVSS7.4AI score0.95086EPSS
Exploits8
hivepro
hivepro
added 2023/10/30 1:31 p.m.31 views

Lazarus Unleash SIGNBT Malware in Latest Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group has been identified as the mastermind behind a recent cyber campaign. They persistently targeted a software vendor, successfully compromising the vendors systems by exploiting software...

7.6AI score
Exploits0
hivepro
hivepro
added 2023/09/28 8:42 a.m.31 views

ZenRAT Targeting Windows Users Through Fake Bitwarden Installs

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ZenRAT is a new malware distributed through fake Bitwarden password manager installers, primarily targeting Windows users. It operates as a modular remote access trojan RAT with information-stealing...

7.1AI score
Exploits0
hivepro
hivepro
added 2023/09/21 7:21 a.m.31 views

HTTPSnoop and PipeSnoop Malware Target Telecoms in the Middle East

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HTTPSnoop and PipeSnoop malware targeting Middle East telecom providers, part of the ShroudedSnooper intrusion set, masquerading as legitimate components while executing shellcode via HTTP and IPC pipes,...

7AI score
Exploits0
hivepro
hivepro
added 2023/06/21 8:12 a.m.31 views

State-Sponsored Hackers Target Middle Eastern and African Governments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Persistent cyber-espionage attacks, targeting governmental entities in the Middle East and Africa, have been unleashed by a group known as CL-STA-0043. This group has employed unprecedented methods to...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/03/20 6:45 a.m.31 views

DotRunpeX Novel Injector Delivers Multiple Malware Strains

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DotRunpeX malware attack vectors have been linked to dozens of campaigns. The DotRunpeX is a second-stage infection used to deploy a variety of malware families, most notably stealers, RATs, loaders, and...

3.8AI score
Exploits0
hivepro
hivepro
added 2022/11/04 12:53 p.m.31 views

Indian Government targeted by APT-36

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 36, also known as Transparent Tribe, is an information theft and espionage gang that was last active in mid-July 2022. Recently, invasive advertising and the data exfiltration tool LimePad were used t...

2.9AI score
Exploits0
hivepro
hivepro
added 2022/08/15 2:16 a.m.31 views

Zeppelin ransomware target organization in Europe and USA

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Zeppelin, the newest member of the Delphi-based Vega ransomware family, has been quite clever in meticulously tailoring these ransomware operations. Zeppelin, first identified in 2019 as ransomware-as-a-service...

2.5AI score
Exploits0
hivepro
hivepro
added 2023/11/22 11:56 a.m.30 views

SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations

Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/11/16 5:39 a.m.30 views

TA402’s Covert Operation Takes Aim at the Middle East

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA402 aka Extreme Jackal launched sophisticated phishing campaigns targeting government entities in the Middle East. The objective was to deploy a newly developed initial access downloader called IronWin...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/10/30 4:43 a.m.30 views

Redefining the StripedFly Malware Framework

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An intricate cross-platform malware framework, known as StripedFly, operated discreetly for five years, surreptitiously compromising over a million Windows and Linux systems. It skillfully evaded in-dept...

7.3AI score
Exploits0
Total number of security vulnerabilities1589