1589 matches found
Balada Injector A Large-Scale Malware Campaign Targeting WordPress
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security...
Unraveling the Intricate Arsenal of Stayin’ Alive Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a Chromium fi...
Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...
HTTP/2 Zero-Day Exploited for the Most Explosive DDoS Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...
Grayling APT Emerges as a Silent Threat Targeting Taiwan
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...
GNOME Linux Systems Exposed to 1-Click RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new security vulnerability, known as CVE-2023-43641, has been identified in the libcue library. This library is utilized by Tracker Miners and is shipped along with the GNOME desktop environment...
Unveiling Lu0Bot Malware A Node.js-Based Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...
Deciphering Mirai’s Next Chapter: the Strategies of the Latest Players
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The realm of cybersecurity witnessed the rise of formidable botnet variants stemming from the notorious Mirai source code. Prominent among them are hailBot, kiraiBot, and catDDoS, showcasing heightened...
China’s Cyber Espionage Targets Semiconductor Giants in East Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In recent cyber espionage activities, threat actors affiliated with the Peoples Republic of China PRC have targeted semiconductor companies operating in Mandarin/Chinese-speaking regions of East Asia...
Attacks, Vulnerabilities and Actors 2 October to 8 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, zero instances of adversary activity, and eight zero-day...
Hive Pro Unveils Revolutionary Platform Uni5 Xposure, Elevating the Potential of Threat Exposure Management
HERNDON, VA., Oct. 10, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management today announced the highly-anticipated release of their new platform Uni5 Xposure, which debuts live at the GITEX GLOBAL trade show in Dubai, UAE and at Triangle InfoSec Conference in North Carolina, USA. Uni5...
Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...
HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...
Grayling APT Emerges as a Silent Threat Targeting Taiwan
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...
Unveiling Lu0Bot Malware A Node.js-Based Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lu0Bot Malware, a Node.js-based threat, surfaced in February 2021 as a secondary payload in GCleaner attacks. This malware acts as a bot, responding to C2 server commands and transmitting encrypted syste...
Deciphering Mirai’s Next Chapter: the Strategies of the Latest Players
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The realm of cybersecurity witnessed the rise of formidable botnet variants stemming from the notorious Mirai source code. Prominent among them are hailBot, kiraiBot, and catDDoS, showcasing heightened...
China’s Cyber Espionage Targets Semiconductor Giants in East Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In recent cyber espionage activities, threat actors affiliated with the Peoples Republic of China PRC have targeted semiconductor companies operating in Mandarin/Chinese-speaking regions of East Asia...
LostTrust Ransomware Unmasking the Gang Behind the Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LostTrust ransomware, emerged in September 2023, is a multi-extortion threat related to SFile and Mindware, employing techniques reminiscent of MetaEncryptor, encrypting files, and demanding ransoms. It...
MOVEit Vulnerabilities Expose Organizations to Cyberattacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Critical SQL Injection vulnerabilities in Progress Softwares MOVEit Transfer product, exploited by Clop ransomware gang since May 2023, led to unauthorized access and data breaches, affecting...
QakBot Resurges Latest Strikes with Ransom Knight and Remcos RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The QakBot malware has been associated with a persistent phishing campaign since the beginning of August 2023, leading to the deployment of both the Ransom Knight ransomware and the Remcos RAT. To receiv...
Unveiling Operation Jacana: Targeting the Guyana Government with DinodasRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber espionage campaign named Operation Jacana was identified in February 2023, targeting a government entity in Guyana. This campaign began with a spear-phishing attack and resulted in the deployment...
Cracking ShellTorch Vulnerabilities Exposing TorchServe to RCE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A trio of security vulnerabilities, dubbed ShellTorch, in the open-source machine-learning model TorchServe, a tool for serving and scaling PyTorch models, could be chained to achieve remote code...
BunnyLoader: The New Malware-as-a-Service Threat
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BunnyLoader is a Malware-as-a-Service threat, boasting advanced features like anti-sandbox techniques, keylogging, stealing data, cryptocurrency wallets, and remote command execution, posing risks to...
Atlassian Confluence Zero-Day Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day flaw, identified as CVE-2023-22515, affecting Confluence Data Center and Server instances is being actively exploited. This remotely exploitable vulnerability enables external...
‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2023-4911, also known as "Looney Tunables," is a critical buffer overflow vulnerability discovered in the GNU C Librarys dynamic loader, specifically in the processing of the GLIBCTUNABLES...
EvilProxy Phishing Attack Targets Indeed Job Platform
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new phishing campaign has emerged, specifically targeting high-profile US executives. This campaign takes advantage of open redirects from the jobs platform Indeed and employs EvilProxy to pilfer sessi...
Exim Vulnerable to Zero-Day Remote Code Execution Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Six zero-day vulnerabilities have been discovered in the Exim Internet Mailer, potentially putting thousands of email servers worldwide at risk. These vulnerabilities, if successfully exploited,...
Attacks, Vulnerabilities and Actors 25 September to 1 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, three instances of adversary activity, and four zero-day...
Summary of Vulnerabilities, Actors & Attacks: September 2023
...
CISA Known Exploited Vulnerability Catalog September 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
AtlasCross Exploits Organizations with DangerAds and AtlasAgent Trojans
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new threat actor by the name of AtlasCross has been identified employing phishing tactics that use Red Cross-themed lures as part of their attack strategy. These phishing campaigns are being used to...
BlackTech: China-Linked Cyber Actors Exploit Router Firmware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BlackTech, a Peoples Republic of China PRC-linked cyber actor group, poses a significant threat by modifying router firmware and targeting diverse sectors, highlighting the need for enhanced cybersecurity...
Google and Firefox fixes Zero-Day Flaw Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability, CVE-2023-5217, is actively exploited and has been patched in both Google Chrome and Firefox browsers. CVE-2023-5217 is a Heap buffer overflow vulnerability discovered in...
ZenRAT Targeting Windows Users Through Fake Bitwarden Installs
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ZenRAT is a new malware distributed through fake Bitwarden password manager installers, primarily targeting Windows users. It operates as a modular remote access trojan RAT with information-stealing...
TAG-74’s Multi-Year Campaign Targets South Korean Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary TAG-74 is a state-sponsored cyber-espionage group that has been attributed to Chinese military intelligence. This threat actor has been involved in a multi-year campaign primarily targeting organizations ...
Deadglyph Malware Emerges as a Game Changer for Stealth Falcon
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The cyber espionage group Stealth Falcon commenced covert operations and employed advanced backdoor malware called "Deadglyph" primarily to infiltrate Middle Eastern government entities. To receive...
Critical Security Vulnerabilities Discovered in Atlassian Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian have revealed the existence of several security vulnerabilities, namely CVE-2022-25647, CVE-2023-22512, CVE-2023-22513, and CVE-2023-28709, which affect their products. These...
New Variant of RedLine Stealer Uses Batch Script to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of RedLine Stealer that is being distributed as a batch script file. This new variant of RedLine Stealer is more sophisticated than previous versions and uses a number of techniques to evad...
Attacks, Vulnerabilities and Actors 18 September to 24 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, five instance of adversary activity, and eleven vulnerabilities...
Hive Pro Partners with Tech Titan to Fortify Cybersecurity Landscape in Southeast Asia
HERNDON, VA., Sept. 26, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce a strategic partnership with Tech Titan Group, a leading IT Solutions Provider renowned for its innovation-driven approach and dedication to addressing evolving customer needs across...
Apple Addresses Zero-Day Flaws Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addressed three zero-day vulnerabilities used in an iPhone exploit chain to deliver the Predator spyware. The vulnerabilities involved were CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993...
Sandman APT Strikes the Telecom Sector with the LuaDream Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Sandman APT, an espionage group of unknown origins that surfaced mysteriously in August, is orchestrating a sophisticated campaign aimed squarely at telecommunications providers spanning the Middle East,...
Critical Security Vulnerabilities Uncovered in Nagios XI
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several security vulnerabilities have been identified in Nagios XI, a network monitoring software, which could potentially lead to privilege escalation and information disclosure. These...
Snatch Ransomware: Evolving Threat and Defense Strategies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Snatch ransomware is a ransomware-as-a-service RaaS variant that was first discovered in 2018. It is known for its ability to reboot devices into Safe Mode, where many security protections are disabled,...
Deceptive WinRAR PoC Released on GitHub Drops VenomRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A hacker is disseminating a counterfeit proof-of-concept PoC exploit for a WinRAR vulnerability that was recently patched on GitHub, with the intention of infecting those who download it with the VenomRA...
GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition EE. This vulnerability is significant as it enables an attacker to execute pipelines as another...
Earth Lusca’s Sneaky Moves Unleashes New Linux Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Lusca, a highly sophisticated Chinese threat actor, is believed to have resumed its operations in the first half of 2023. This cyber espionage group utilizes the SprySOCKS backdoor, primarily...
HTTPSnoop and PipeSnoop Malware Target Telecoms in the Middle East
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HTTPSnoop and PipeSnoop malware targeting Middle East telecom providers, part of the ShroudedSnooper intrusion set, masquerading as legitimate components while executing shellcode via HTTP and IPC pipes,...
Trend Micro Addresses Zero-Day Flaws Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day vulnerability, tracked as CVE-2023-41179, has been identified in the third-party AV uninstaller module contained in Trend Micro Apex One, Worry-Free Business Security, and...
Redfly Targets Critical Infrastructure in Asia with ShadowPad Trojan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Redfly, an espionage group, targeted Asian critical infrastructure, compromising a national grid for six months using ShadowPad. This underscores a rising trend in such attacks, raising global concerns...