1589 matches found
New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...
Microsoft’s July 2023 Patch Tuesday Addresses 5 Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts July 2023 Patch Tuesday includes security updates for 130 flaws, including five actively exploited zero-day vulnerabilities, nine are rated as Critical’, and 37 remote code execution...
Exploit found in the wild for Critical VMware Aria Operations Bug
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary An exploit has surfaced for CVE-2023-20864, a highly significant security vulnerability within the VMware Aria Operations for Logs analysis tool utilized in cloud management. This exploit empowers...
The Unrelenting Nature of TOITOIN Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TOITOIN malware campaign, targeting businesses in the LATAM region, employs sophisticated techniques and multi-stage infection chains with numerous malware samples disguised as compressed ZIP archive...
Hive Pro Secures Second Round of Seed Funding to Expand Headquarters and Enhance Hive Pro Threat Exposure Management Platform
July 12, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, announced today that they have closed $4 million in their seed funding round from private investors. The successful completion of Hive Pro’s second round of seed funding will support the continued delivery ...
Apple Addresses A Zero-Day Vulnerability Which Is Actively Exploited in Wild
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-37450 discovered in multiple Apple products is being actively exploited in the wild, specifically when processing web content. This vulnerability can potentially resul...
Attacks, Vulnerabilities and Actors 3 July to 9 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForceLabs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eight attacks executed, a zero-day vulnerability in the WordPress Plugin, and thre...
Unveiling New Big Head Ransomware Variants and Their Stealthy Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The emergence of Big Head ransomware and its variants suggests a shared source, distributed through deceptive Windows update and Word installer disguises. The threat actor engages via email and Telegram,...
Charming Kitten’s Latest Malware Arsenal and Targeting Strategies
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an adaptable threat actor, has shifted to new malware tactics and targets by employing LNK infection chains and utilizing cloud hosting providers. This evolution in their approach poses ...
Crysis Threat Actors Unleash Venus Ransomware via RDP
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The threat actors behind the Crysis ransomware are currently utilizing the Venus ransomware as a component of their attack strategy, with a primary focus on targeting vulnerable systems through active...
Surge in 8Base Ransomware Group Activity
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary 8Base Ransomware group define themselves as “honest and simple pentesters”, have spiked their activities recently and was observed to be within the top 2 performing ransom groups. To receive real-time...
Hive Pro Announces Release of Version 3.0.1 of Threat Exposure Management Platform
Introducing Self-Service SaaS for HivePro Uni5 Flagship Product and Enhanced Visualizations for Improved Cybersecurity Insights Milpitas, CA – 6th July 2023—Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce the release of version 3.0.1 of the Hive Pro: Threat...
New Variant of RUSTBUCKET Malware Targeting Cryptocurrency Providers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RUSTBUCKET malware family is actively developing, adding persistence capabilities, while the REF9135 operation by the DPRK targets cryptocurrency service providers. To receive real-time threat advisories...
European Ministries Fall Victim to Chinese Hacker’s SmugX Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Chinese nation-state group has been persistently conducting a campaign targeting Foreign Affairs ministries and embassies in Europe. They employ HTML smuggling techniques to distribute a new variant of...
Vulnerability in WordPress Plugin threatens Website takeover
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary WordPress Ultimate Member Plugin, with over 200K installations helps in streamlining user registration and login processes. It has been found vulnerable to unauthenticated privilege escalation,...
Summary of Vulnerabilities & Threats: June 2023
...
Attacks, Vulnerabilities and Actors 26 June to 2 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of four attacks executed, taking advantage of three different vulnerabilities in...
Lockbit Ransomware strikes, demands $70-million Ransom
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Lockbit sub-group, National Hazard Agency, claims of data exfiltration from TSMC systems, allegedly deployed Ransomware and demands 70-million-dollar ransom. TSMC has clarified that their system is...
CISA Known Exploited Vulnerability Catalog June 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Andariel Group unleashes New EarlyRAT malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Andariel is a sub-group of Lazarus and is remarkably stealthy in its operation. Recently they have developed new malware called EarlyRAT. To receive real-time threat advisories, please follow HiveForce La...
PindOS malware deploying Bumblebee and IcedID
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary PindOS, new JavaScript dropper has been spotted in the wild. It is specifically engineered to deliver next-stage payloads and is currently deploying infamous malwares like deploying Bumblebee and IcedID...
JokerSpy macOS Backdoor Attacks Japanese Cryptocurrency Exchange
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An unknown cryptocurrency exchange in Japan became the target of a precise attack employing an intricate Apple macOS backdoor called JokerSpy. References to JokerSpy can be traced back to as early as Apr...
MULTI#STORM Campaign Sets Sights on India and U.S. with RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The MULTISTORM phishing campaign employs JavaScript files to disseminate RATs throughout compromised systems. This intricate attack utilizes a multi-stage procedure that commences when the victim engages...
Millions of Github Repository susceptible to Repojacking
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Millions of GitHub repositories may be vulnerable to Repojacking, which could lead to large-scale supply chain attacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Fortinet Addressed Critical RCE FortiNAC Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has released patches for critical and medium vulnerabilities in its FortiNAC network access control solution, addressing issues related to remote code execution and command injection. To...
Attacks, Vulnerabilities and Actors 19 June to 25 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, taking advantage of seventeen different vulnerabilities ...
APT28 Leveraged Three Roundcube Exploits in Espionage Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 conducted a sophisticated campaign targeting prominent organizations in Ukraine. The campaign involved spear-phishing emails, and these attachments exploited vulnerabilities in the Roundcube webmai...
RedEyes Exploiting Ably Platform Using FadeStealer and Wiretapping Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RedEyes, a state-sponsored APT group, is targeting individuals through spear phishing emails and employing an Infostealer with wiretapping capabilities, utilizing the Ably platform for command and contro...
Mirai Botnet Exploits Multiple Flaws in the Latest Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Mirai botnet is actively exploiting vulnerabilities in various devices, aiming to create botnets and launch DDoS attacks. To receive real-time threat advisories, please follow...
Flea APT Targets Foreign Ministries with New Backdoor.Graphican
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Flea APT15 targeted foreign ministries with their new backdoor, Backdoor.Graphican, leveraging Microsoft Graph API and OneDrive for C&C communication. To receive real-time threat advisories, please follo...
Tsunami Botnet Preying on Insufficiently Shielded Linux SSH Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An ongoing hacking campaign has been targeting inadequately secured Linux SSH servers. The objective of this campaign is to deploy the Tsunami DDoS botnet. To receive real-time threat advisories, please...
Condi Malware Strikes TP-Link Routers for DDoS Rampage
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Condi, a recently discovered malware, utilizes a security vulnerability within TP-Link Archer Wi-Fi routers to ensnare these devices into a botnet specifically designed for launching distributed...
New Chromeloader Shampoo Campaign Infecting Chrome and Stealing Data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The current ChromeLoader Shampoo campaign, where users unknowingly download and execute VBScript files from malicious websites. These files trigger a series of PowerShell scripts, leading to the...
State-Sponsored Hackers Target Middle Eastern and African Governments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Persistent cyber-espionage attacks, targeting governmental entities in the Middle East and Africa, have been unleashed by a group known as CL-STA-0043. This group has employed unprecedented methods to...
The Rising Diicot Threat Group with Diverse Attack Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Romanian threat group “Diicot” has been actively employing SSH bruteforcing and deploying malware loaders to compromise systems for the purpose of cryptocurrency mining. The campaign involves exploitin...
STORM-1359 DDoS triggered outage of Microsoft Services
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The STORM-1359 group a.k.a Anonymous Sudan recently targeted Microsoft services with a DDoS attack, resulting in the disruption of multiple services. To receive real-time threat advisories, please follow...
Actors, Threats and Vulnerabilities 12 June to 18 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of twenty different vulnerabilities in...
Mystic Stealer Malware Targeting Browsers, Wallets, and Messaging Platforms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mystic Stealer is an advanced information stealer malware known for its low detection rate, code manipulation techniques and is stealing sensitive data from browsers, wallets & messaging platforms, posin...
Cybercriminals Exploit Old Telerik Bug for Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT actors and financially motivated cybercriminals were observed exploiting old Telerik vulnerabilities in an attack targeting a US government agency. To receive real-time threat advisories, please foll...
ChamelGang Strikes Again With ChamelDoH Malware XDNS-over-HTTPS
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Chinese threat group ChamelGang has developed the Linux malware ChamelDoH, which uses DNS-over-HTTPS for encrypted communication with attackers. To receive real-time threat advisories, please follow...
Unveiling Cadet Blizzard APT’s Wiper Attacks Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cadet Blizzard, a Russian GRU-sponsored threat group, conducted major cyber operations using WhisperGate, a customized wiper malware, to demonstrate their destructive capabilities through targeted attack...
LockBit Ransomware Evolving Tactics and Pervasive Impact in 2023
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LockBit ransomware is a highly impactful Ransomware-as-a-Service RaaS variant that targets critical sectors globally. Since 2020, victims in the US alone have paid around $91 million in ransom payments...
Chinese Espionage Hackers Exploit ESXi Zero-Day
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-sponsored hacking group, UNC3886, has been actively exploiting the CVE-2023-20867 vulnerability and using advanced backdoors such as VirtualPita and VirtualPie to carry out malicious activiti...
Microsoft’s June 2023 Patch Tuesday Addresses 78 Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts June 2023 Patch Tuesday addressed 78 flaws, including 38 remote code execution vulnerabilities. Notable fixes included SharePoint and Exchange Server vulnerabilities, while no zero-day...
DoubleFinger A Sneaky Loader Targets Cryptocurrency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A sophisticated campaign utilized an advanced multi-stage DoubleFinger loader to deploy the GreetingGhoul malware, which is designed to steal cryptocurrency credentials. To receive real-time threat...
A Flaw in Microsoft Visual Studio Installer Enables Malicious Extension Distribution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Microsoft Visual Studio Installer allows attackers to gain unauthorized access, compromise systems, and distribute malicious extensions, posing a significant security risk. To...
Fortinet Releases Patch for Pre-announced Critical Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical vulnerability in FortiOS and FortiProxy SSL-VPN, resolving a heap-based buffer overflow pre-authentication flaw. This update is crucial because the vulnerability...
Actors, Threats and Vulnerabilities 5 June to 11 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...
Fortifying Financial Services Cybersecurity with Hive Pro
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Stealth Soldier Strikes North Africa with Espionage Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Stealth Soldier is a backdoor malware that conducts surveillance and espionage attacks. It targeted North Africa by mimicking Libyan websites to distribute malware. To receive real-time threat advisories...