1589 matches found
Atlassian Addresses Critical RCE Flaws
Summary: Four critical vulnerabilities, namely CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471, have been identified impacting the Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. If successfully exploited, these vulnerabilities could lead to remote...
A New Face of AsyncRAT Utilizes WSF Scripts to Spread
Summary: AsyncRAT is a remote access trojan RAT malware known for stealing credentials and executing various malicious activities since 2019. Its recent variant, distributed through WSF script files, employs sophisticated fileless techniques, emphasizing the importance of user caution and robust...
DanaBot Stealer: Multistage MaaS Malware Resurfaces
Summary: DanaBot is a covert malware designed for the discreet theft of sensitive data for financial gain. Unlike ransomware, its focus is on prolonged persistence rather than immediate disruption. Functioning as a malware-as-a-service MaaS platform, DanaBot is versatile, targeting individuals,...
From Brute-Force to BlueSky Ransomware
Summary: A focused campaign directed at publicly accessible MSSQL servers unfolded, entailing malicious actors utilization of Cobalt Strike and Tor2Mine. After gaining successful network access, the adversaries deployed the BlueSky ransomware across the entire network. Threat Level - Amber | Atta...
Adobe ColdFusion Vulnerability Leads to Federal Agency Breach
Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability CVE-2023-26360 on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level - Red |...
AeroBlade Swoops Down on U.S. Aerospace Giants
Summary: A US-based aerospace entity has become a victim of an intricate year-long cyber espionage campaign orchestrated by AeroBlade. AeroBlades probable goal was to enhance visibility into the internal resources of its target, evaluating vulnerabilities for potential future ransom demands. Thre...
Novel Tool Set Targeting Entities in the Middle East, Africa, and U.S.
Summary: An undisclosed threat actor has targeted organizations in the Middle East, Africa, and the U.S., deploying a newly identified backdoor named Agent Racoon. The attacker utilizes tools like Ntospy and a customized version of Mimikatz called Mimilite to carry out malicious activities. Threa...
Iranian APT Group ‘CyberAv3ngers’ Target U.S. Critical Infrastructure
Summary: CyberAv3ngers, an Iranian APT group affiliated with the IRGC, is known for cyberattacks against critical infrastructure, recently targeting U.S. Water and Wastewater Systems facilities. The group employs defacement tactics, exploiting default credentials in Unitronics PLCs, and expressin...
Summary of Vulnerabilities, Actors & Attacks: November 2023
...
SugarGh0st RAT A Customized Gh0st Variant in Cyber Espionage
Summary: A malicious campaign deploying the customized SugarGh0st RAT, likely orchestrated by a Chinese-speaking threat actor targeting the Uzbekistan Ministry of Foreign Affairs and South Korean users. SugarGh0st, a variant of Gh0st RAT, exhibits advanced features for remote control, keylogging,...
Attacks, Vulnerabilities and Actors 27 November to 3 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, six vulnerabilities were uncovered, and two active adversaries were...
CISA Known Exploited Vulnerability Catalog November 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Cactus Ransomware Exploits Vulnerabilities in Qlik Sense
Summary: The Cactus ransomware is actively exploiting critical Qlik Sense vulnerabilities, with the ultimate goal of establishing persistence and enabling remote control, infiltrating corporate networks stealthily. This serves as a stark reminder that unpatched Qlik Sense instances are prime...
DJVU Ransomware’s Variant Emerges Disguised as Cracked Software
Summary: A variant of the DJVU ransomware, disguising itself as cracked software, has emerged and is demanding a ransom of $980 for decryption. These incidents involve the infiltration of systems by various commodity loaders and infostealers, with the adversarys primary objectives being data...
ownCloud Critical Vulnerability is under active exploitation
Summary: Hackers are actively exploiting a critical vulnerability CVE-2023-49103 in ownCloud, a popular open-source file-sharing solution, exposing sensitive data in containerized deployments. Administrators are urged to promptly apply recommended fixes, including disabling the phpinfo function a...
ParaSiteSnatcher A Silent Threat to Latin America
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability CVE-2023-6345 actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 Windows or 119.0.6045.199 Mac and Linux promptly to safeguard...
Google Addresses Sixth Zero-Day Flaw Exploited by Attackers Wildly
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability CVE-2023-6345 actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 Windows or 119.0.6045.199 Mac and Linux promptly to safeguard...
Hive Pro and ICS Arabia announce strategic partnership to enhance the reach of Threat Exposure Management to Smart Cities and Digital Infrastructure
HERNDON, VA., Nov. 28, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, announced a strategic partnership with ICS Arabia, a front-runner in the development of Smart Cities and Digital Infrastructure in the Kingdom of Saudi Arabia and the Middle East. This partnership heralds a...
North Korean Hackers Target Crypto Users with RustBucket and KandyKorn
Summary: North Korean-aligned threat actors are targeting macOS users with two malware frameworks, RustBucket and KandyKorn, in an attempt to steal cryptocurrency. Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisorie...
North Korean APT’s Covert Supply-Chain Ambush
Summary: There has been a significant increase in software supply chain attacks orchestrated by North Korean hackers. Notably, the MagicLine4NX and 3CX compromises gained attention, with the Lazarus hacking group employing a sophisticated approach. They leverage a zero-day vulnerability in the...
Attacks, Vulnerabilities and Actors 20 November to 26 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, six instances of adversary activity, and one exploited...
The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day
Summary: DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability...
Mirai Botnet’s Offspring InfectedSlurs Exploits Dual Zero-Days
Summary: A new Mirai-based malware botnet, InfectedSlurs, is actively conducting a sophisticated campaign by exploiting two zero-day remote code execution RCE vulnerabilities in routers and video recorder NVR devices. These vulnerabilities, currently being exploited in the wild, facilitate the...
Lazarus Group Orchestrates Supply Chain Attack on CyberLink Corp
Summary: The Lazarus Group Labyrinth Chollima orchestrated a supply chain attack on CyberLink Corp., manipulating a legitimate application installer to impact over 100 devices globally. The attack involves a second-stage payload, labeled LambLoad, communicating with compromised infrastructure and...
Dissemination of the Konni Campaign Through Malicious Documents
Summary: The Konni campaign has resurfaced in a new phishing attack employing a Russian-language Microsoft Word document to distribute malware. The malicious software aims to harvest sensitive information from compromised Windows hosts. Threat Level - Red | Attack Report For a detailed threat...
Seeing the Full Threat Exposure Picture With Uni5 Xposure
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
A Comprehensive CTEM Guide for CISOs
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Atomic Stealer Sneaks In via Fake Browser Updates
Summary: The macOS information-stealing malware known as Atomic, or AMOS, is currently being delivered to targets through a deceptive web browser update chain known as ClearFake. ClearFake is a recent malware campaign that exploits compromised websites to distribute fake browser updates. Threat...
The Lethal Advancement of DarkGate Malware-as-a-Service
Summary: DarkGate, a formidable Remote Access Trojan RAT, functions as a Malware-as-a-Service MaaS and is masterminded by the elusive RastaFarEye within the underground cybercrime landscape. The latest iteration, DarkGate 5.0.19, advances upon its predecessors with sophisticated evasion technique...
Mustang Panda Targets Philippines Government Using Legitimate Software
Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect an antivirus solution based in Indonesi...
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...
The Rise of NetSupport RAT Recent Infections and Sector Impact
Summary: Threat actors exploit NetSupport Manager into a Remote Access Trojan RAT, leading to a recent surge in infections across multiple sectors. The evolving attack chain involves deceptive website downloads, JavaScript payloads, and PowerShell commands, emphasizing the need for vigilant...
Kinsing Malware Utilizes Apache ActiveMQ RCE to Deploy Rootkits
Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware aka h2miner, which functions as a...
Attacks, Vulnerabilities and Actors 13 November to 19 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of nine attacks were executed, twelve vulnerabilities were uncovered, and four active adversaries we...
Gamaredon Deploys LitterDrifter USB Worm in Cyber Espionage Operations
Summary: Russian cyber espionage group Gamaredon aka Primitive Bear has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB...
Scattered Spider Cyber Threat Key Findings and Security Measures
Summary: A cybercriminal group, Scattered Spider, known for targeting commercial facilities, highlighting their evolving tactics, social engineering expertise, phishing, and SIM swap attacks, evolving techniques like file encryption post-exfiltration to maintain persistence and adapt to security...
GhostSec Pioneering the Hacktivist Front with GhostLocker
Summary: GhostSec, a hacktivist coalition stemming from the Anonymous group and part of The Five Families, has introduced GhostLocker, an advanced Ransomware-as-a-Service RaaS framework. Threat Level - RED | Attack Report For a detailed threat advisory, download the pdf file here To receive...
Four Threat Actors Capitalized on Zimbra Zero Day to Infiltrate Government Organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability identified as CVE-2023-37580 in Zimbra Collaboration email software has been exploited by four different groups in attacks. These attacks aimed to illicitly obtain email data, us...
In-Depth Analysis of NoEscape Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The NoEscape ransomware, suspected to be a rebrand of Avaddon, targets enterprises globally through multi-extortion attacks. Operating as Ransomware-as-a-Service, it encrypts files, changes wallpapers, a...
VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by...
Microsoft’s November 2023 Patch Tuesday Addresses Five Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the November Patch Tuesday release, Microsoft addressed a total of 63 CVEs, including three zero-day vulnerabilities. Within this range of vulnerabilities, the security update covered the typic...
TA402’s Covert Operation Takes Aim at the Middle East
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA402 aka Extreme Jackal launched sophisticated phishing campaigns targeting government entities in the Middle East. The objective was to deploy a newly developed initial access downloader called IronWin...
Hackers Employ Updated Ducktail to Target Indian Marketers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The threat actors linked to the Ducktail stealer malware have been implicated in a new campaign that focused on marketing professionals in India. The primary goal of this campaign was to compromise and...
Attacks, Vulnerabilities and Actors 6 November to 12 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty-five executed attacks, six instances of adversary activity, and four exploited...
Multiple Critical Vulnerabilities in Juniper Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities have been discovered in Juniper Networks Junos OS, with the potential for pre-auth Remote Code Execution when chained in Juniper devices. Juniper Networks has confirmed th...
Lace Tempest Exploits Zero-Day in a Strategic Strike on SysAid
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Lace Tempest has been implicated in exploiting a zero-day vulnerability, identified as CVE-2023-47246. This exploitation allows for the execution of code within SysAid on-premise software, leading...
Malicious CPU-Z App Distributed Through Ads on Fake Windows News Site
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor has been using Google Ads as a platform to distribute a tampered version of the CPU-Z tool. CPU-Z is a widely-used utility that provides information about various hardware components in a...
Farnetwork the Mastermind of Five Ransomware Strains
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Farnetwork, a highly skilled threat actor fluent in Russian, has played a key role in five distinct ransomware-as-a-service RaaS programs, assuming diverse roles such as orchestrator and contributor to...
CVSS 4.0 Decoded: Understanding & Implementing Changes
What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...
BlazeStealer Malware Uncovered in Python Packages on PyPI
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Python Package Index PyPI repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a...