1589 matches found
Asylum Ambuscade Unmasking the Hybrid Threat Group in Cybersecurity
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Asylum Ambuscade: A cybercrime group active since 2020, targeting banks, cryptocurrency traders, and governments in North America, Europe, Asia, Africa, and South America. Their tactics include spear...
Satacom Malware Campaign Unleashed Crypto-stealing Extension
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A recently discovered malware campaign has been identified, utilizing the Satacom downloader as a conduit to distribute covert malware designed to illicitly extract cryptocurrency using a deceitful...
Critical Vulnerabilities in VMware Aria Operations Addressed and Secured
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary These three vulnerabilities in VMware Aria Operations could allow attackers to remotely execute code, access sensitive information, and potentially disrupt network operations, posing significant...
Google Addresses High-Stakes Chrome Zero-Day Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google tackles Chromes zero-day CVE-2023-3079 vulnerability, which is related to a weakness in the Chrome V8 JavaScript engine. It poses a significant threat by allowing attackers to execute...
MediaArena: A Deceptive Browser Hijacker Exploiting User Data and Security Threats
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MediaArena is a deceptive software that hijacks browsers, redirects searches, and collects user data for malicious activities, emphasizing the importance of removal and caution. To receive real-time thre...
Volt Typhoon Chinese Espionage Group Targets U.S. Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Volt Typhoon, a state-sponsored threat group from China, employs stealthy techniques, exploits vulnerabilities, and focuses on espionage in cyber operations targeting critical infrastructure organizations...
Actors, Threats and Vulnerabilities 29 May to 4 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, three attacks were executed, taking advantage of two different vulnerabilities in various systems, and involving one...
The Exploitation of Critical Zero-Day Vulnerability Found in MOVEit Transfer
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The MOVEit Transfer vulnerability is that it allows for unauthorized access to the database, potential manipulation or deletion of its contents, and exploitation of affected systems. To receive...
A New Horabot Botnet Threat Targeting Spanish-Speaking Users in the Americas
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new botnet program called "Horabot" is being used by a threat actor to deploy a banking trojan and spam tool, targeting Spanish-speaking users in the Americas. To receive real-time threat advisories,...
Summary of Vulnerabilities & Threats: May 2023
...
CISA Known Exploited Vulnerability Catalog May 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
A New RAT Named GobRAT Targeting Linux Routers in Japan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GobRAT, a new RAT, is infecting Linux routers in Japan through vulnerable web interfaces, granting attackers remote control and the ability to execute commands. To receive real-time threat advisories,...
Actors, Threats and Vulnerabilities 22 to 28 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of ten attacks executed, taking advantage of four different vulnerabilities in vario...
Buhti Ransomware Operation Repurposes Leaked Encryptors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Buhti ransomware, linked to Blacktail threat actors, employs leaked code of LockBit and Babuk variants. By exploiting vulnerabilities like PaperCut NG, they exfiltrate data and distribute ransomware. The...
PowerExchange Backdoor and Web Shells Breach at UAE Government Agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A high-severity attack targeted a UAE government agency, utilizing a custom PowerShell backdoor named PowerExchange and web shells on Microsoft Exchange servers. To receive real-time threat advisories,...
Pikabot A Stealthy Backdoor with Ingenious Evasion Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the "sleep" function, uses NtContinue API, employs language-based execution cessation, and shows connections to Qakbot...
A Zero-Day Vulnerability Found in Barracuda Email Security Gateway
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Zero-day Vulnerability Exploited in Barracuda Email Security Gateway Appliances, Promptly Patched, and a Subset of Customers Notified; Other Barracuda Products are Unaffected. To receive real-time...
GUI-Vil Threat Group Exploits AWS for Crypto Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GUI-Vil p0-LUCR-1, an Indonesian threat group, conducts unauthorized cryptocurrency mining using personalized infiltration tactics. They exploit AWS, leveraging compromised credentials and vulnerabilitie...
Unveiling the Stealthy Operations of GoldenJackal APT Group
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing...
WINTAPIX Kernel Driver Targeting Middle Eastern Nations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...
Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BlackCat ransomware operation is a highly sophisticated and customizable threat targeting corporate environments, featuring advanced encryption, spreading capabilities, and triple extortion tactics. ...
Actors, Threats and Vulnerabilities 15 to 21 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made significant discoveries in the field of cybersecurity threats. In the past week, they uncovered a total of eight attacks that were executed, taking advantage of five different vulnerabilities across...
APT28’s Cyber Espionage Campaigns Targeting Ukraine
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The APT28 intrusion group, linked to the Russian GRU and renowned for its cyber espionage and sabotage endeavors, was observed employing various phishing methodologies to target the Ukrainian civic...
MichaelKors Ransomware Targets Linux and VMware ESXi Systems with Hypervisor Jackpotting
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MichaelKors ransomware, a new RaaS operation, has been targeting Linux and VMware ESXi systems since April 2023, utilizing the tactic of "hypervisor jackpotting" to gain unrestricted access and encrypt...
CryptNet A Novel Ransomware-as-a-Service
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CryptNet is a new ransomware-as-a-service group that employs data exfiltration and .NET code. Currently, it has two victims listed on its data leak site. To receive real-time threat advisories, please...
Camaro Dragon Targets European Foreign Affairs with Malicious Firmware Implant
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Camaro Dragon is a Chinese state-sponsored advanced persistent threat APT group that has been targeting European foreign affairs entities. To receive real-time threat advisories, please follow HiveForce...
Apple Patches Three Exploited Zero-Day Vulnerabilities in macOS
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses three exploited zero-day vulnerabilities in macOS, fixing sandbox escape and code execution issues in the WebKit browser engine. To receive real-time threat advisories, please foll...
Unveiling the Minas Miner’s Deceptive Tactics
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Minas is a multi-stage cryptocurrency miner with a concealed presence. It evades detection through encryption, randomization, and persistence techniques, showcasing determined network compromise. To...
MEME#4CHAN The Unconventional Phishing Campaign Spreading XWorm
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A persistent cyber threat known as MEME4CHAN has emerged, characterized by an intricate phishing campaign. This cluster of malicious activity employs a distinctive attack chain methodology, successfully...
8220 Gang Exploiting Vulnerabilities in Cloud Environments for Cryptocurrency Mining
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 8220 Gang is a cyber threat group that targets cloud and container environments, exploiting vulnerabilities in applications like Oracle WebLogic, Apache Log4j, and Atlassian Confluence. To receive...
Rancoz Ransomware Employs Advanced Techniques to Encrypt Victims’ Files
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rancoz ransomware demonstrates the growing danger of tailored ransomware strains, leveraging advanced encryption techniques. To receive real-time threat advisories, please follow HiveForce Labs on Linked...
Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI...
RA Group’s Custom Ransomware Hits US & South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The emergence of the RA ransomware group highlights the utilization of the recently leaked Babuk ransomware source code as they employ it to develop their variant of the malware. To receive real-time...
Lancefly APT Group Deploys Custom Backdoor ‘Merdoor’ in Targeted Attacks
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Lancefly APT group targets South and Southeast Asia using the Merdoor backdoor and an updated ZXShell rootkit. Their attack chain involves credential theft, lateral movement, file staging, and...
Actors, Threats and Vulnerabilities 08 to 14 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, identified a total of nine attacks that were executed. Additionally, HiveForce Labs identified four different...
XSS Vulnerability in Popular WordPress Plugin Affects 2 Million Sites
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Cross-Site scripting vulnerability has been discovered in an Advanced Custom Fields plugin for WordPress which has put 2 Million websites at risk. To receive real-time threat advisories, please...
Greatness a Growing Threat to Microsoft 365 Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Phishing-as-a-Service PaaS platform named Greatness has experienced a surge in its operations, which target organizations utilizing Microsoft 365 in the United States, United Kingdom, Australia, Sout...
New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...
CACTUS Ransomware Emerges as New Threat Targeting Large Enterprises
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CACTUS is a new strain of ransomware that targets large commercial entities using a variety of tools and tactics to distribute the ransomware binary and maintain persistence within the environment while...
New DownEx Malware Campaign Targets Foreign Government Institutions in Central Asia
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DownEx malware was discovered in a cyberattack on government institutions in Kazakhstan and Afghanistan in 2022, likely with state sponsorship. The attackers used spear-phishing emails to infiltrate...
Uncovering the Latest Tactics of the SideWinder APT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SideWinder APT group uses advanced tactics like spear-phishing, DLL side-loading & more. A new server-side polymorphism technique, highlighting the need for multi-layered security measures. To receive...
DarkWatchMan RAT Targets Russians
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkWatchMan is a Remote Access Trojan RAT distributed via a phishing website imitating a renowned Russian website. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Snake a Stealthy Cyber-Espionage Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Snake is a powerful cyber-espionage malware developed by FSB & linked to Turla hackers. Boasts high stealth, rigorous engineering & global reach. To receive real-time threat advisories, please follow...
Microsoft’s May 2023 update addresses two Zero-Day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft released a security update in May 2023 to address 40 CVEs, including two zero-day vulnerabilities that have already been exploited in the wild. To receive real-time threat advisories,...
Immediate Threat Reduction for a Telecom Company
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
New AndoryuBot Malware Exploits Ruckus Wireless Flaw for DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AndoryuBot targets critical Ruckus Wireless Admin panel vulnerability to infect Wi-Fi access points for use in DDoS attacks, malware supports 12 DDoS attack modes and is marketed through YouTube videos. ...
Immediate Threat Reduction for a Telecom Company
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Kimsuky APT Group Employs ReconShark
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a North Korean APT group, is using a new malware tool called ReconShark to conduct global cyberattacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
A New Akira Ransomware Targets Multiple Industries and Demands Millions in Extortion
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Akira ransomware is a new threat targeting corporate networks and has already attacked several companies in various industries, stealing their data and demanding ransom from $200,000 to millions of...
Actors, Threats and Vulnerabilities 01 to 07 May 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eight attacks executed, taking advantage of different vulnerabilities in various...