1589 matches found
Attacks, Vulnerabilities and Actors 11 September to 17 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of eight attacks were executed, along with eleven vulnerabilities discovered, and two different adversaries...
APT 33 Uses Password Spray Campaigns to Infiltrate Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 33 aka Peach Sandstorm is an Iranian nation-state threat actor that was first identified in 2013. This group is notorious for conducting cyber espionage campaigns and has been associated with various...
‘ThemeBleed’ flaw in Windows 11 Enables Code Execution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The CVE-2023-38146 vulnerability in Windows 11 allows remote attackers to execute arbitrary code, potentially compromising the affected systems security and integrity, and posing a significant...
Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to...
Proof-of-Concept Released for Kubernetes Vulnerabilities Exposing Windows Nodes
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Three interconnected high-severity security vulnerabilities have been identified in Kubernetes. These vulnerabilities could potentially be exploited to achieve remote code execution with elevated...
Apple Addresses Two Zero-Day Flaws Exploited by Attackers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apples two zero-day vulnerabilities CVE-2023-41064 and CVE-2023-41061 enable arbitrary code execution and system crashes. As these vulnerabilities are actively exploited, they pose severe risks,...
3AM Ransomware: LockBit’s Failed Standoff Revealed
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware variant, self-dubbed 3AM has arisen as a result of a rogue attack conducted by a ransomware affiliate. Initially, this affiliate attempted to install the LockBit ransomware on a targets...
Microsoft’s September 2023 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the September Patch Tuesday release, Microsoft addressed a total of 59 CVEs, encompassing five critical vulnerabilities. Within this range of vulnerabilities, the security update covered the...
Adobe Acrobat Zero-Day Exploited in Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-26369, poses a critical security risk as it allows remote attackers to compromise vulnerable systems. This vulnerability affects Acrobat on both...
Hive Pro Celebrates Remarkable Milestones in Securicom MSSP Partnership
HERNDON, VA., Sept. 13, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce significant achievements in its collaboration with Securicom, a customer-centric Global Managed IT Security Services Provider MSSP. This partnership marks a crucial step forward in...
Charming Kitten’s ‘Sponsor’ Strikes 34 Organizations in Brazil, Israel, and U.A.E
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, also known as Ballistic Bobcat, orchestrated a sophisticated campaign aimed at 34 diverse targets across Brazil, Israel, and the United Arab Emirates. This operation employed a novel...
Cybercriminals Target Graphic Designers with Cryptojacking Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are taking advantage of a legitimate Windows tool known as Advanced Installer to compromise the computers of graphic designers with cryptocurrency mining malware. These scripts are designe...
Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-4863 in Google Chrome enables arbitrary code execution and system crashes. Actively exploited "in the wild," it poses severe risks, including data exposure and...
HijackLoader a Deceptive Modular Malware Loader
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware loader, HijackLoader, is swiftly gaining prominence within the cybercriminal sphere, being leveraged to disseminate an array of malicious malware strains, including DanaBot, SystemBC, and...
Attacks, Vulnerabilities and Actors 4 September to 10 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of ten executed attacks, one instance of adversary activity, and six vulnerabilities...
Akira Ransomware Exploits Cisco Zero-Day Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-20269, is a concerning security issue that impacts the remote access VPN feature of Cisco ASA Adaptive Security Appliance and FTD Firepower Threa...
Nation-State Actors Infiltrate U.S. by Exploiting Zoho and Fortinet Flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple nation-state entities infiltrated a prominent U.S. aeronautics organization by capitalizing on vulnerabilities within Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus,...
Critical Remote Code Execution Vulnerabilities Discovered in ASUS Routers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Three critical-severity remote code execution vulnerabilities have been identified in ASUS routers. These vulnerabilities have the potential to allow threat actors to take control of these devices...
PCI DSS Compliance with Hive Pro Threat Exposure Management
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Chinese ‘Smishing Triad’ Group Targeting US Citizens
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Smishing Triad is a Chinese-speaking cyber-criminal group that has been conducting a large-scale smishing campaign targeting US citizens and other countries. Smishing is a form of phishing that uses text...
Agent Tesla’s New Variant Spreads Through Crafted Excel Files
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing campaign has surfaced, disseminating a new iteration of the Agent Tesla malware through a meticulously crafted Microsoft Excel document. This document exploits a longstanding memory corruption...
DuckTail Targets the Digital Marketers with Malicious Operations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DuckTail refers to an operation organized by several threat actors based in Vietnam. These threat actors not only employ common techniques but also share a common objective: to gain unauthorized access t...
Hive Pro Recognized in 2023 Gartner® Hype Cycle™ for Security Operations & Market Guide™ for Vulnerability Assessment
HERNDON, Va., Sept. 7, 2023 - Hive Pro®, a pioneer vendor of Threat Exposure Management is now featured in two prominent Gartner publications that spotlight industry leaders and innovators: The Market Guide™ for Vulnerability Assessment 2023 and The Hype Cycle for Security Operations 2023. As cyb...
DreamBus Botnet Exploiting A Critical Vulnerability in Apache RocketMQ
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2023-33246 in Apache RocketMQ servers enables remote code execution, leading to a surge in attacks, including the deployment of the DreamBus malware. Timely system...
New Variant of Chaes Malware ‘Chae$ 4’ Targeting Financial and Logistics Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new Chaes malware variant, "Chae$ 4," targeting logistics, finance, and prominent platforms has emerged with enhanced capabilities, including Python-based architecture and an expanded range of targeted...
FreeWorld Ransomware Targets MSSQL Servers Facing Siege
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Adversaries are capitalizing on inadequately protected Microsoft SQL MS SQL servers in an operation known as DBJAMMER, deploying both Cobalt Strike and a ransomware strain named FreeWorld, which appears ...
Unveiling The SuperBear RAT campaigns Targeting the Journalists
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A recently discovered remote access trojan RAT named "SuperBear" has come to attention as it is actively utilized by hackers to target journalists that focus on covering geopolitical developments in Asia...
MinIO Vulnerabilities Exposed as Hackers Breach Through Storage
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is...
New IDAT Loader Unleashes Infostealers in Fake Browser Update Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is packaged...
Attacks, Vulnerabilities and Actors 28 August to 3 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of six attacks executed, one vulnerability, and two different adversaries highlights...
Summary of Vulnerabilities, Actors & Attacks: August 2023
...
CISA Known Exploited Vulnerability Catalog August 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Hive Pro Recognized in 2023 Gartner® Hype Cycle™ for Security Operations & Market Guide™ for Vulnerability Assessment
...
A Critical Vulnerability uncovered in VMware Aria Operations for Networks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities have been discovered in VMware Aria Operations for Networks formerly vRealize Network Insight. The first vulnerability, CVE-2023-34039, is an authentication bypass that allows...
Chinese Hacking Group Exploits Barracuda Zero-Day
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-linked hacking group, tracked as UNC4841, has prominently directed its efforts towards infiltrating and compromising various entities in recent attacks. These offensives were particularly...
Unveiling New Windows Ransomware Named Trash Panda
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trash Panda is a ransomware that encrypts files on Windows machines, replaces the desktop wallpaper, and drops a ransom note with political messages. It adds a ‘.monochrome’ extension to the encrypted...
Agniane Stealer’s Cryptocurrency Quest
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Agniane Stealer, coded in C, operates as an information pilferer. It primarily focuses on extracting stored credentials from a wide array of sources, with a specific emphasis on targeting...
Attacks, Vulnerabilities and Actors 21 August to 27 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...
Chinese Hacking Group ‘Flax Typhoon’ Targeting Taiwan Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Flax Typhoon, a Chinese nation-state actor, employs sophisticated tactics to target organizations in Taiwan for espionage, utilizing living-off-the-land techniques and legitimate tools to maintain long-te...
A Critical Vulnerability in Openfire Admin Console Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-32315 in Ignite Realtime Openfire, enabling unauthorized access to privileged pages. Attackers exploit this by bypassing authentication, prompting immediate updates for...
Lazarus Group Uses ManageEngine Exploit to Unlock Path for QuiteRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group, a threat actor associated with North Korea, has been detected utilizing a recently patched critical security vulnerability in Zoho ManageEngine ServiceDesk Plus. This vulnerability was...
Spacecolon Toolset Fuels Surge in Scarab Ransomware Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CosmicBeetle, an active cyber threat group, has been utilizing a malicious toolset called Spacecolon in an ongoing campaign. This toolset is used to distribute variants of the Scarab ransomware by...
WinRAR Zero-Day Exploit Targeting Traders Since April
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-38831 in WinRAR, allowing hackers to install malware through manipulated archives, exposing users to hidden malicious scripts and potential cyberattacks. To...
Carderbee APT Strikes Hong Kong with Supply Chain Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Carderbee advanced persistent threat APT group executed a supply chain attack by exploiting the legitimate Cobra DocGuard software. Their objective was to deploy the PlugX backdoor onto targeted...
New Wave of Akira Ransomware Expands Arsenal with Cisco VPN Flaws
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Akira ransomware group targets Cisco VPN to breach corporate networks and leverages tools like RustDesk for stealthy access. Avasts decryptor is ineffective against the groups updated ransomware...
Data Center Vulnerabilities a Ticking Time Bomb for Cloud Services
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several flaws in critical data center infrastructure management systems and power distribution units pose a significant risk to cloud-based services. CyberPowers PowerPanel Enterprise has four...
Ivanti Addressed A New Zero-Day Flaw in Ivanti Sentry
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-38035 in Ivanti Sentry versions 9.18 and earlier allows unauthenticated access to sensitive APIs via port 8443, posing a risk of configuration manipulation and...
Attacks, Vulnerabilities and Actors 14 August to 20 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, one instance of adversary activity, and four zero-day...
Cuba Ransomware Targets U.S. with Veeam Exploit
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Cuba ransomware has targeted attacks on critical infrastructure organizations in the United States and IT enterprises across Latin America. In order to acquire credentials, it employs a blend of old...
Decoding Bronze Starlight’s Strategy in the Gambling Sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyberattack campaign stemming from China is currently focusing its efforts on the Southeast Asian gambling industry, with the objective of deploying Cobalt Strike beacons on compromised systems. To...