1589 matches found
FIN7 & Wizard Spider team up to disseminate Domino malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary FIN7 threat actors and Wizard Spider collaborate to distribute Domino malware family in recent attacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Winter Vivern APT targets EU with Zimbra flaw
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Winter Vivern abuses CVE-2022-27926 to attack public Zimbra webmail portals of government entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Rhadamanthys: A New Evasive Information Stealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rhadamanthys Evasive Infostealer is spread through phishing emails and prevalent Google ads that lead to fake download pages for popular workforce software...
Synology addresses the RCE vulnerability that affects VPN Plus servers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Synology has addressed a flaw in VPN Plus Server that has the potential to take control affected systems. The vulnerability, identified as CVE-2022-43931, is an out-of-bounds write fault in Synolo...
LV Ransomware Exploited ProxyShell to target Jordan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LV ransomware as a service has been active since late 2020 The most recent infiltration entailed the compromise of the corporate environment of a Jordan based entity, leveraging the double extortion...
Multiple industries targeted by uptick of BianLian ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Attackers are gravitating to deliver BianLian, a new ransomware strain written in Go that was spotted mid-way through July 2022. Numerous well-known enterprises have been targeted, including those in...
Major Hospitals affected by PwnedPiper Vulnerabilities
THREAT LEVEL: White. For a detailed advisory, download the pdf file here. Multiple Zero-day vulnerabilities PwnedPiper have been found affecting the HMI-3 Control Panel of Swisslog Healthcare’s TransLogic Pneumatic Tube Systems PTS. PTS is a specialized system that uses compressor to transport...
Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover
Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...
Apple Shortcuts’ Secret Threat to Your Data
Summary: A security vulnerability, identified as CVE-2024-23204, has been found in Apples Shortcuts application, allowing unauthorized access to sensitive information on devices bypassing TCC. The capability for users to export and share these shortcuts heightens the susceptibility to potential...
NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data
Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level - Amb...
Apple’s Timely Response to Actively Exploited Zero-Days
Summary: Apple has released crucial software updates to address two actively exploited security vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities affect the WebKit browser engine on Apple devices such as iPhone, iPad, and Mac, potentially exposing sensitive...
Unpatched Zero-Day Vulnerability Actively Exploited in Cisco IOS XE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical, unpatched security vulnerability identified as CVE-2023-20198 affects Cisco IOS XE software. Cisco IOS XE is a network operating system used in Cisco network devices. The identified...
Sandman APT Strikes the Telecom Sector with the LuaDream Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Sandman APT, an espionage group of unknown origins that surfaced mysteriously in August, is orchestrating a sophisticated campaign aimed squarely at telecommunications providers spanning the Middle East,...
APT 33 Uses Password Spray Campaigns to Infiltrate Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 33 aka Peach Sandstorm is an Iranian nation-state threat actor that was first identified in 2013. This group is notorious for conducting cyber espionage campaigns and has been associated with various...
Agent Tesla’s New Variant Spreads Through Crafted Excel Files
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...
AdLoad Malware Persists on Mac Systems with New Proxy Payload
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AdLoad malware persists on Mac systems with a new proxy application payload, converting infected devices into a proxy botnet. This scheme, involving thousands of IP addresses, points to a monetization...
A New RAT Named GobRAT Targeting Linux Routers in Japan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GobRAT, a new RAT, is infecting Linux routers in Japan through vulnerable web interfaces, granting attackers remote control and the ability to execute commands. To receive real-time threat advisories,...
Donot APT Group Targets Government and Military Orgs in South Asia
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Donot group, also known as APT-Q-38, is a state-sponsored threat actor believed to operate out of a South Asian country. They primarily engage in network espionage activities targeting government...
Bad Magic APT employs new CommonMagic Framework and PowerMagic Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Bad magic APT was discovered using a new backdoor called PowerMagic and a malicious framework called CommonMagic to target organizations in the administrative, agriculture, and transportation sectors...
Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on...
Berkeley Internet Name Domain (BIND) affected by multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Internet Systems Consortium ISC has published security upgrades to address several vulnerabilities in the widely used Berkeley Internet Name Domain BIND server software. An attacker could take advantage of some of these...
Multiple government entities targeted by China-linked Daxin malware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A technologically advanced and previously undocumented malware Daxin was used as the advanced persistent threat APT weapon by China-linked actor against government critical infrastructures across the globe. This malware can re...
Old Gatekeeper bypass vulnerability in macOS exploited
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...
ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...
Google Chrome Fixes Zero-Day CVE-2024-4671 Exploited in the Wild
...
Cisco Secure Client Flaw Enables Attackers To Steal VPN Sessions
Summary: A high severity vulnerability tracked as CVE-2024-20337 have been addressed by Cisco affecting its Secure Client software that could allow a threat actor to start a VPN session with the targeted user. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the...
Admins Urged to Uninstall VMware EAP Amid Critical Flaws
Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attack...
Attacks, Vulnerabilities and Actors 15 January to 21 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, two instances of adversary activity, and eight exploited...
ParaSiteSnatcher A Silent Threat to Latin America
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability CVE-2023-6345 actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 Windows or 119.0.6045.199 Mac and Linux promptly to safeguard...
The Rise of NetSupport RAT Recent Infections and Sector Impact
Summary: Threat actors exploit NetSupport Manager into a Remote Access Trojan RAT, leading to a recent surge in infections across multiple sectors. The evolving attack chain involves deceptive website downloads, JavaScript payloads, and PowerShell commands, emphasizing the need for vigilant...
Attacks, Vulnerabilities and Actors 13 November to 19 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries we...
Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...
Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...
Unveiling Lu0Bot Malware A Node.js-Based Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...
Deciphering Mirai’s Next Chapter: the Strategies of the Latest Players
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The realm of cybersecurity witnessed the rise of formidable botnet variants stemming from the notorious Mirai source code. Prominent among them are hailBot, kiraiBot, and catDDoS, showcasing heightened...
Trend Micro Addresses Zero-Day Flaws Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day vulnerability, tracked as CVE-2023-41179, has been identified in the third-party AV uninstaller module contained in Trend Micro Apex One, Worry-Free Business Security, and...
Chinese Hacking Group ‘Flax Typhoon’ Targeting Taiwan Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Flax Typhoon, a Chinese nation-state actor, employs sophisticated tactics to target organizations in Taiwan for espionage, utilizing living-off-the-land techniques and legitimate tools to maintain long-te...
Pikabot A Stealthy Backdoor with Ingenious Evasion Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the "sleep" function, uses NtContinue API, employs language-based execution cessation, and shows connections to Qakbot...
IceFire Ransomware Strikes Linux-Powered Enterprise Networks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A New Linux variant of IceFire ransomware is disseminated by exploiting the deserialization flaw in IBM Aspera Faspex, targeting networks of media/entertainment firms...
CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and...
APT15 enhanced its arsenal with an updated variant of the Turian backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within the...
APT40 deployed ScanBox malware to target the Australian government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 40 is a Chinese cyber espionage group, using phishing campaigns to target Australian government institutions and wind turbine operators in the South China Sea by directing selected individuals to a...
BlackCat Ransomware group attacks on the rise
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Blackcat Ransomware gang also known as ALPHV has targeted around 25 organizations belonging to multiple sectors globally since November 2021. The group has claimed responsibility for the recent cyber attack on Swissport...
High severity vulnerability in VMware Workstation, Fusion, and ESXi
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A heap buffer overflow vulnerability has been discovered in multiple products of VMware. This bug has been tracked as CVE-2021-22045, if exploited would result in the execution of arbitrary code by the attacker. Heap...
UNC5174 Functions as an Initial Access Broker, Exploiting Vulnerabilities
Summary: UNC5174, a threat actor believed to be associated with China, has been identified exploiting various vulnerabilities and deploying custom tools such as SNOWLIGHT, GOHEAVY, and GOREVERSE for post-exploitation activities. These tools enable UNC5174 to carry out sophisticated cyber...
Sysrv Harnessing Google Subdomains to Circulate XMRig
Summary: Sysrv, an advanced botnet, employs a Golang worm to infiltrate devices and distribute XMRig cryptocurrency miners, leveraging network vulnerabilities and undergoing constant evolution through operator refinement. Threat Level - Red | Attack Report For a detailed threat advisory, download...
FritzFrog Expanding Its Lethal Reach with Frog4Shell
Summary: The recent activities surrounding the FritzFrog Golang-based botnet reveal in its iterations, the employment of an exploit called Frog4Shell, capitalizing on the Log4Shell vulnerability. Threat Level - Red | Attack Report For a detailed threat advisory, download the pdf file here To...
Hackers Utilize MSIX App Packages to Disseminate GHOSTPULSE Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new cyber attack campaign has emerged, involving the use of fake MSIX Windows app packages masquerading as legitimate applications. These deceptive MSIX packages are employed to distribute a new malwar...
TAG-74’s Multi-Year Campaign Targets South Korean Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary TAG-74 is a state-sponsored cyber-espionage group that has been attributed to Chinese military intelligence. This threat actor has been involved in a multi-year campaign primarily targeting organizations ...
Deceptive WinRAR PoC Released on GitHub Drops VenomRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A hacker is disseminating a counterfeit proof-of-concept PoC exploit for a WinRAR vulnerability that was recently patched on GitHub, with the intention of infecting those who download it with the VenomRA...