AdLoad Malware Persists on Mac Systems with New Proxy Payload

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AdLoad malware persists on Mac systems with a new proxy application payload, converting infected devices into a proxy botnet. This scheme, involving thousands of IP addresses, points to a monetization...

JanelaRAT Strikes at Latin American Financial Sector

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary JanelaRAT, a financial malware, is directed toward users in Latin America LATAM with the ability to seize sensitive data. This malicious software primarily focuses on gathering financial and cryptocurren...

Monti Ransomware’s New Linux Variant Enhanced Encryption

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Monti ransomware, resembling Conti, resurfaces after a break, targeting legal and government sectors. A new Linux variant diverges significantly, using distinct tactics for encryption and virtual machine...

Unveiling The TunnelCrack VPN Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to...

LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time...

Attacks, Vulnerabilities and Actors 7 August to 13 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, three vulnerabilities, and three different adversaries...

DroxiDat Targets Southern African Power Utility

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a targeted operation, an unidentified actor strategically deployed the advanced DroxiDat proxy-capable backdoor alongside Cobalt Strike beacons. The operation was aimed at a critical power utility...

Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2017-18368 in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. Th...

Knocking the Surface of Rhysida Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Rhysida ransomware campaign is rapidly gaining notoriety, driven by a series of successful infiltrations into healthcare institutions. This surge in attacks requires government entities and the targe...

LOLKEK Ransomware Evolving New Tactics to Evade Detection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOLKEK ransomware is still being actively developed and uses new tactics to evade detection, including obfuscation, legitimate tools, and network shares. It encrypts all drives, including network shares,...

Microsoft’s August Patch Tuesday Addresses Active Zero-Day Exploits

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the August Patch Tuesday release, Microsoft addressed a total of 73 CVEs, encompassing six critical and 67 important vulnerabilities. Within this range of vulnerabilities, the security update...

Reptile Rootkit Targets Linux Systems in South Korea

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting...

New Yashma Ransomware Variant Mimics WannaCry in New Attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Vietnamese-origin threat actor employs a Yashma ransomware variant since June 2023, using unique GitHub-based ransom note delivery and mimicking WannaCry. This operation demonstrates the accelerated...

TargetCompany Ransomware’s FUD Obfuscation Maneuvers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TargetCompany ransomware employs a combination of its proprietary variant and the BatCloak obfuscator engine, acclaimed for its full undetectability FUD capabilities. Accompanying this fusion is the...

Hive Pro Achieves ISO/IEC 27001: 2022 Certification

Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...

STRRAT a Java-Powered Versatile Remote Access Trojan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary STRRAT, a Java-based RAT, excels in utilizing a wide array of capabilities. Its latest version, STRRAT 1.6, is notable for employing diverse infection paths and conducting startup host queries to...

Attacks, Vulnerabilities and Actors 31 July to 6 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of one executed attack, one instance of adversary activity, and thirteen vulnerabilities,...

2022 Most Consistently Exploited Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary This advisory presents comprehensive information regarding the CVEs consistently and frequently targeted by malicious cyber adversaries throughout the year 2022 across multiple vendors, encompassi...

New Rilide Stealer Version Evades Chrome Manifest V3 Protections

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new version of the Rilide Stealer malware, evading Chromes security measures to target Chromium-based browsers in campaigns that exploit user trust through fake plugins and games, posing a significant...

New APT 29 Campaign Targets Organizations through Microsoft Teams

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT 29, a Russia-based threat actor, employs targeted social engineering via Microsoft Teams to steal credentials, leveraging compromised domains and convincing users to enter authentication codes,...

STARK#MULE Targets South Korea with US Military-themed Baits

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The STARKMULE cyber attack campaign is ongoing, with a focus on targeting Korean-speaking individuals. It employs U.S. Military-themed document baits to deceive its targets, leading them into unwittingly...

Ivanti Addressed Second Zero-Day Flaw Exploited by Attackers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-35081 in Ivanti EPMM enables admin-authenticated attackers to write arbitrary files, risking unauthorized access, OS command execution, and malicious web shell...

CISA Known Exploited Vulnerability Catalog July 2023

For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...

Summary of Vulnerabilities & Threats: July 2023

...

Attacks, Vulnerabilities and Actors 24 July to 30 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, We identified a total of six executed attacks, one adversary activities, and five zero-day vulnerabilities including...

Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-37580 in Zimbra Collaboration Suite ZCS version 8.8.15 is a Cross-Site Scripting XSS flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can...

Unmasking Decoy Dog Malware Toolkit Hiding in DNS Traffic

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Decoy Dog, a sophisticated malware toolkit uses DNS for C2 communication, evading detection with its wildcard-type behavior and encryption methods. Its origin remains mysterious, and the malwares...

Fenix Botnet Preys on Mexico and Chile

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Fenix Botnet targets tax-paying individuals in Mexico and Chile, aiming to infiltrate specific networks and pilfer valuable data. To receive real-time threat advisories, please follow HiveForce Labs ...

Ivanti Addressed A Critical Zero-Day Flaw in EPMM Software

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability in Ivanti Endpoint Manager Mobile allows unauthorized remote access to personal information and enables limited server changes, posing significant security risks to affected...

Realst Infostealer Hides Behind Phony Blockchain Games

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Multiple counterfeit blockchain games are being exploited to infiltrate both Windows and macOS systems with a sophisticated infostealer developed in Rust, known as realst. This malicious software...

Atera Addressed Two Zero-Day Vulnerabilities Exploiting MSI Files

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Windows Installers for the Atera remote monitoring and management software contain two zero-day vulnerabilities that could serve as a starting point for launching privilege escalation attacks. To...

Apple Tackles Zero-Day Flaws Impacting iPhones and Macs

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has addressed zero-day vulnerability exploited in targeted attacks on iPhones, Macs, and iPads. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Attacks, Vulnerabilities and Actors 17 July to 23 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, nine vulnerabilities, and three different adversaries...

Storm-0558 Chinese Threat Actor Targets Email Accounts

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approximately 25 organizations using tactics like credential harvesting, OAuth token, and phishing...

Revealing Vulnerabilities’ True Dimensions: Illuminating Your Detection Surface with HivePro Uni5

...

Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...

Kanti Ransomware Strikes Cryptocurrency Users

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kanti is a novel strain of ransomware that has been specifically designed to target cryptocurrency users. This sophisticated ransomware is cunningly crafted to infiltrate systems and encrypt files,...

A Deep Dive into Space Pirates’ Unconventional Cyber Arsenal

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Space Pirates have been a persistent digital threat since 2017, relentlessly targeting over 16 organizations in Russia and one in Serbia. Despite retaining its core methods, this infamous group continuous...

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

Hive Pro’s Take on Gartner’s Top Cybersecurity Trends 2023

In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...

Citrix Netscaler ADC and Gateway Vulnerabilities Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix has released a zero-day critical patch for a remote code execution vulnerability in Netscaler ADC and Netscaler Gateway that has been exploited, along with two other vulnerabilities. Urgent...

FIN8 Strikes with Noberus Ransomware via Altered Sardonic Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The financially motivated threat actor FIN8 has been detected employing a revised variant of the backdoor known as Sardonic to deliver the Noberus ransomware. To receive real-time threat advisories, plea...

Hive Pro Announces Relocation and Expansion of Headquarters to Support Growing Cybersecurity Demand

New Headquarters to Catalyze Innovation and Strengthen Commitment to Customer Success July 19, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market is thrilled to announce its upcoming corporate relocation to a new state-of-the-art headquarters in Herndon, Virginia. Th...

Hackers Target WooCommerce Payments Plugin to Hijack Websites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are orchestrating a widespread campaign to exploit a pivotal WooCommerce Payments plugin, thereby acquiring the privileges of various users, including those with administrator statu...

Active Exploitation of Adobe ColdFusion Critical Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Hackers are actively exploiting vulnerabilities in Adobe ColdFusion, specifically CVE-2023-29298 and CVE-2023-38203. These vulnerabilities allow attackers to bypass authentication, execute remote...

Attacks, Vulnerabilities and Actors 10 July to 16 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of six attacks executed, total six zero-day vulnerabilities out of which Five...

LokiBot Data Exfiltrating Trojan Targets Windows Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LokiBot, an infamous data-exfiltrating Trojan, has maintained a prominent presence since 2015. This pernicious malware predominantly sets its sights on Windows systems, diligently striving to acquire...

CustomerLoader Disseminating Diverse Malware Payloads

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A covert .NET loader, known as CustomerLoader, was specifically designed to facilitate the retrieval, deciphering, and activation of subsequent payloads. Throughout the early days of June 2023, various...

TA445 Targeting Government and Military Sectors in Ukraine and Poland

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TA455 conducts ongoing campaigns targeting government entities, military organizations, and civilians in Ukraine and Poland to steal information and establish remote access, using multi-stage infection...

Storm-0978 actively exploited the unpatched Office zero-day

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0978 is a Russian cybercriminal group that specializes in executing sophisticated phishing campaigns. Storm-0978 was found to be engaged in a new wave of attacks, leveraging the exploitation of...