1589 matches found
Attacks, Vulnerabilities and Actors 19 to 25 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, five vulnerabilities were uncovered, and five active adversaries...
Critical Vulnerabilities in ScreenConnect Under Active Exploitation
Summary: Critical vulnerabilities in ScreenConnect CVE-2024-1709 allow attackers unauthorized access without credentials, while CVE-2024-1708 enables remote code execution. Hackers can gain direct access to confidential information or critical systems. Immediate patching is essential to mitigate...
Critical Flaw in Zoom Windows Apps Allows Privilege Elevation
Summary: Zoom has addressed an input validation flaw CVE-2024-24691 that renders the Zoom desktop and VDI clients, along with the Meeting SDK for Windows, vulnerable to privilege escalation on the target system via the network, even by an unauthenticated attacker. Threat Level - Red | Vulnerabili...
Millenium RAT the $30 Access Ticket to Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Millenium RAT, a Win32 executable built on .NET, specifically version 2.4, is available on GitHub for a one-time fee of $30, granting lifetime access. Notably, this RAT is actively developed and has...
Balada Injector A Large-Scale Malware Campaign Targeting WordPress
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security...
Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2017-18368 in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. Th...
Blackfly Chinese APT targets Asian conglomerate in materials sector
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, has been targeting multiple subsidiaries of an Asian conglomerate operating in the...
The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others...
Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability CVE-2023-20025 allows an unauthenticated attacker...
Zoho Addresses SQL Injection Vulnerability in ManageEngine Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged...
WordPress plugin has been exploited in the wild to mount backdoors
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin in order to plant backdoors on e-Commerce sites. The security flaw...
Google addressed an array of bugs with Chrome 108
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux fixes several vulnerabilities. There are eight high-severity security flaws and 14 medium-severity flaws. The most significa...
Is APT 42 a significant threat in the future?
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT42 is an Iranian state-sponsored cyber espionage group. The gang, which has been operating since at least 2015, is distinguished by its highly targeted spear phishing and surveillance operations...
Attacks, Vulnerabilities and Actors 10 to 16 June 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made significant advancements in identifying cybersecurity threats. Over the past week alone, HiveForce Labs has detected five executed attacks, reported seven vulnerabilities, and identified one active...
Akira Ransomware Exploits Cisco Flaw for Maximum Impact
Summary: The Akira ransomware has been identified for utilizing the Cisco AnyConnect SSL VPN as its initial access vector, specifically exploiting the CVE-2020-3259 vulnerability. Despite Cisco addressing this vulnerability with patches released in May 2020, the threat remains prevalent. Threat...
Attacks, Vulnerabilities and Actors 1 January to 7 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited...
Grayling APT Emerges as a Silent Threat Targeting Taiwan
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...
Adobe Acrobat Zero-Day Exploited in Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-26369, poses a critical security risk as it allows remote attackers to compromise vulnerable systems. This vulnerability affects Acrobat on both...
A Critical Vulnerability uncovered in VMware Aria Operations for Networks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities have been discovered in VMware Aria Operations for Networks formerly vRealize Network Insight. The first vulnerability, CVE-2023-34039, is an authentication bypass that allows...
Unveiling New Windows Ransomware Named Trash Panda
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trash Panda is a ransomware that encrypts files on Windows machines, replaces the desktop wallpaper, and drops a ransom note with political messages. It adds a ‘.monochrome’ extension to the encrypted...
New Dark Power Nim-based Ransomware Targeted Attacks Globally
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Dark Power ransomware gang uses Nim programming language to create malware that encrypts specific services and processes, excludes crucial system files, clears logs, and generates a ransom note in...
Google releases Chrome 109 with a range of bug fixes
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome 109 is being promoted to the stable channel for Windows, Mac, and Linux. It contains a number of bug fixes and improvements, including use after free in Overview Mode, a heap buffer...
APT10 distributes LODEINFO malware to deploy infection chains
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The APT 10 cyber espionage gang has been spotted adopting a new stealthy infection chain to deploy the LODEINFO backdoor shellcode to exfiltrate sensitive information to Command and Control C2...
Critical Vulnerabilities Discovered in TeamCity, Enable Server Takeover
Summary: Two vulnerabilities in the JetBrains TeamCity On-Premises software have been discovered CVE-2024-27198 and CVE-2024-27199. Threat actors may attempt to take advantage of these vulnerabilities in order to breach and gain control of the impacted systems leading to system compromise. Threat...
Xeno RAT Open-Source Trojan Sparks Alarm
Summary: The Xeno RAT, a remote access trojan RAT available on GitHub, has gained attention in the threat landscape due to its open-source nature. This C-based malware is compatible with both Windows 10 and 11, specifically targeting consumers by presenting itself as disguised binaries that...
Atlassian Confluence Zero-Day Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day flaw, identified as CVE-2023-22515, affecting Confluence Data Center and Server instances is being actively exploited. This remotely exploitable vulnerability enables external...
Linux flaws could be chained together to achieve root access
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities CVE-2022-41974 and CVE-2022-41973 can either be exploited individually or in combination to lead to local privilege escalation, the first potentially causing a symlink attack a...
Iranian threat actor targets the Albanian government using ROADSWEEP ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A cyberattack that took place in mid-July momentarily disrupted various Albanian government services and websites and was most likely the work of Iranian hackers. The attack used a new ransomware family called...
Threat Actors are actively exploiting a SolarWinds Zero-Day Vulnerability
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A zero-day vulnerability CVE-2021-35211 that impacts the Serv-U Managed File Transfer and Serv-U Secure FTP, is been exploited by multiple threat actors. The PoC of this exploited vulnerability was given to SolarWinds by...
Evil Ant The Python-Powered Ransomware
Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...
Attacks, Vulnerabilities and Actors 5 to 11 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of five attacks were executed, six vulnerabilities were uncovered, and two active adversaries were...
Attacks, Vulnerabilities and Actors 18 December to 24 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of 15 executed attacks, 4 instances of adversary activity, and 7 exploited vulnerabilities,...
BlackCat Incorporates ‘Munchkin’ into Its Arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware group has introduced a new tool called Munchkin in its operations. This tool employs virtual machines VMs to stealthily deploy encryptors on network devices. Munchkin allows the...
Critical Security Vulnerabilities Uncovered in Nagios XI
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities have been identified in Nagios XI, a network monitoring software, which could potentially lead to privilege escalation and information disclosure. These...
LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time...
A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...
Several vulnerabilities are addressed by Fortinet across its product range
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet addressed security vulnerabilities across its products, most notably FortiADC, which has a high-severity command injection bug listed as CVE-2022-39947 due to incorrect input validation i...
Lazarus neutralizes antivirus software using BYOVD technique
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lazarus group exploits known vulnerabilities within Dream Securitys MagicLine4NX and INITECH INISAFE CrossWEB EX V3 by utilizing Bring Your Own Vulnerable Driver BYOVD technique to neutralize an...
Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites
Summary: A critical Cross-Site Scripting XSS vulnerability CVE-2024-2194 in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or sit...
Critical GoAnywhere MFT Flaw Allows Attackers to Become Admins
Summary: A critical authentication bypass vulnerability CVE-2024-0204 in Fortra GoAnywhere MFT enables attackers to create new admin users with full privileges, potentially leading to data exfiltration, malware deployment, and further attacks within the network. Threat Level - Red | Vulnerability...
Lazarus Unleash SIGNBT Malware in Latest Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group has been identified as the mastermind behind a recent cyber campaign. They persistently targeted a software vendor, successfully compromising the vendors systems by exploiting software...
ZenRAT Targeting Windows Users Through Fake Bitwarden Installs
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ZenRAT is a new malware distributed through fake Bitwarden password manager installers, primarily targeting Windows users. It operates as a modular remote access trojan RAT with information-stealing...
HTTPSnoop and PipeSnoop Malware Target Telecoms in the Middle East
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HTTPSnoop and PipeSnoop malware targeting Middle East telecom providers, part of the ShroudedSnooper intrusion set, masquerading as legitimate components while executing shellcode via HTTP and IPC pipes,...
State-Sponsored Hackers Target Middle Eastern and African Governments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Persistent cyber-espionage attacks, targeting governmental entities in the Middle East and Africa, have been unleashed by a group known as CL-STA-0043. This group has employed unprecedented methods to...
DotRunpeX Novel Injector Delivers Multiple Malware Strains
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DotRunpeX malware attack vectors have been linked to dozens of campaigns. The DotRunpeX is a second-stage infection used to deploy a variety of malware families, most notably stealers, RATs, loaders, and...
Indian Government targeted by APT-36
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 36, also known as Transparent Tribe, is an information theft and espionage gang that was last active in mid-July 2022. Recently, invasive advertising and the data exfiltration tool LimePad were used t...
Zeppelin ransomware target organization in Europe and USA
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Zeppelin, the newest member of the Delphi-based Vega ransomware family, has been quite clever in meticulously tailoring these ransomware operations. Zeppelin, first identified in 2019 as ransomware-as-a-service...
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...
TA402’s Covert Operation Takes Aim at the Middle East
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA402 aka Extreme Jackal launched sophisticated phishing campaigns targeting government entities in the Middle East. The objective was to deploy a newly developed initial access downloader called IronWin...
Redefining the StripedFly Malware Framework
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An intricate cross-platform malware framework, known as StripedFly, operated discreetly for five years, surreptitiously compromising over a million Windows and Linux systems. It skillfully evaded in-dept...