1589 matches found
Dragon Breath APT Evolves with Double DLL Sideloading
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Dragon Breath APT targets the gambling industry using the double-clean-app technique & DLL sideloading. Chinese-speaking Windows users are being targeted. To receive real-time threat advisories, please...
Fortinet addresses Vulnerabilities in FortiADC, FortiOS and FortiProxy
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has issued security patches for two high-severity vulnerabilities - an OS command vulnerability in FortiADC, and an out-of-bounds write flaw in sslvpnd of FortiOS and FortiProxy. To recei...
SideCopy Resurfaces to Target Indian Defense
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SideCopys recent campaign utilizes SILENTTRINITY and targets the Indian defense industry, warranting attention from SideCopy threat actors. To receive real-time threat advisories, please follow HiveForce...
New BlackBit Ransomware Targets South Korea
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BlackBit ransomware, a variant of LokiLocker, checks keyboard layout, disables defenses, and presents payment info through various methods. To receive real-time threat advisories, please follow HiveForce...
New Atomic Stealer MacOS malware Steals Browser Cookies and Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Atomic Stealer malware is a full-featured infostealer designed to steal sensitive data from macOS users. The malware can grab account passwords, browser data, session cookies, and crypto-wallets. To...
Earth Longzhi Unleashes New ‘Stack Rumbling’ Tactic
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT41s Earth Longzhi launches a new campaign targeting organizations in Asia Pacific using "stack rumbling" to disable security products and install Behinder web shell. To receive real-time threat...
The Emergence of 1877 Team and Rising Hacktivist Threat
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 1877 Team is a hacktivist collective founded by a small group of Iraqi Kurds in July 2021. The 1877 Team has claimed responsibility for a range of cyber attacks on national governments, universities,...
New LOBSHOT Malware Being Distributed Through Google Ads
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOBSHOT is a new malware that is being distributed through Google Ads. It is a remote access trojan that can allow threat actors to take control of an infected Windows devices hidden desktop, execute...
TP-Link Router Vulnerability Triggers Mirai Malware Infection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TP-Link router vulnerability allows attackers to execute commands and infect devices with the Mirai malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
CISA Known Exploited Vulnerability Catalog April 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included in the catalog, a vulnerability must meet three criteria: hav...
Summary of Vulnerabilities & Threats: April 2023
...
FIN7-Affiliated Hackers Exploit Flaws in Veeam Backup Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Publicly accessible servers using Veeam Backup & Replication VBR software were attacked, likely through a recently fixed vulnerability CVE-2023-27532, by a group with similarities to the FIN7 activity...
Outdated Internet Protocol Vulnerable to Massive DoS
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Critical SLP vulnerability affects 54k devices, including VMware, posing a risk of massive DoS attacks costing businesses up to $120k. To receive real-time threat advisories, please follow HiveFor...
Actors, Threats and Vulnerabilities 24 to 30 April 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of eight attacks that were executed. These attacks were taking advantage of three different...
New Version of ViperSoftX Malware Targets Password Managers and Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ViperSoftX is an information-stealing malware primarily targeting cryptocurrencies, using sophisticated encryption techniques and monthly changes in command-and-control servers to evade detection. To...
New macOS malware RustBucket attributed to North Korean group BlueNoroff
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RustBucket, attributed to BlueNoroff, is split into two stages, with the second stage application appearing as a legitimate PDF viewer but becoming malicious when a specific PDF is loaded. To receive...
North Korean-Backed Group’s Sparks X_Trader Supply Chain Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The XTrader software supply chain attack affected at least a number of critical infrastructure entities in the United States and Europe. To receive real-time threat advisories, please follow HiveForce La...
New PingPull Malware Variant Targets Linux Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The PingPull malware variant that targets Linux systems is linked to Alloy Taurus, and it communicates with a domain over HTTPS to receive encrypted commands for executing specific functions. To receive...
Charming Kitten Hackers Utilize New Tactics with BellaCiao Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT group, Charming Kitten, is using a new, sophisticated malware called BellaCiao to target specific victims in multiple regions, employing unique communication tactics with its...
Daggerfly APT Deploys MgBot to Target African Telecoms Organization
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Daggerfly advanced persistent threat group has been observed using previously unseen plugins from the MgBot malware framework in a recent campaign. To receive real-time threat advisories, please foll...
Malevolent EvilExtractor Stealer Attacks Strike Europe and US
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary EvilExtractor is a new type of malware that extracts sensitive data from Windows systems. Its a data theft tool gaining notoriety due to increased attacks in Europe and the US. To receive real-time threa...
New Tomiris APT Group Targets Governments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Tomiris is a Russian-speaking advanced persistent threat APT group that has been active since at least 2021 and is known for its use of sophisticated tactics and tools, including zero-day exploits and...
Critical PaperCut Security Vulnerabilities Actively Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Attackers are leveraging severe vulnerabilities in PaperCut MF/NG software to install Atera remote management software, posing a significant risk due to proof-of-concept exploits being available...
Actors, Threats and Vulnerabilities 17 to 23 April 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of ten attacks that were executed...
APT28’s SNMP Attack on Cisco Routers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 used SNMP access to exploit Cisco routers and gain network access, utilizing weak SNMP community strings and exploiting a vulnerability to deploy Jaguar Tooth. To receive real-time threat advisorie...
A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...
New Wave of QBot Attacks Detected via Malicious PDF Attachments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new wave of QBot banking Trojan attacks was identified in April 2023, utilizing malicious PDF attachments in emails written in various languages. To receive real-time threat advisories, please follow...
LockBit Ransomware Targets MacOS
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LockBit ransomware has been discovered on VirusTotal compiled for Apples macOS arm64 architecture, raising concerns about the ransomware threat on Mac devices. To receive real-time threat advisories,...
Hive Pro: Threat Exposure Management – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
HivePro Uni5 – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
ArtemisPro – Solution Overview
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
Hive Pro: Threat Exposure Management – Datasheet
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
HivePro Uni5 – Datasheet
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
ArtemisPro – Datasheet
In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...
FIN7 & Wizard Spider team up to disseminate Domino malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary FIN7 threat actors and Wizard Spider collaborate to distribute Domino malware family in recent attacks. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
New Zaraza Bot Malware Steals Login Credentials from 38 Web Browsers via Telegram
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new credential-stealing malware named Zaraza bot uses Telegram as its command and control, targeting 38 web browsers and exfiltrating sensitive data for potential identity theft and financial fraud. To...
APT36 targets Indian educational institutions with Crimson RAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT36 is targeting educational institutions and students in the Indian subcontinent by distributing malicious documents to stage the Crimson RAT. To receive real-time threat advisories, please follow...
Kadavro Vector Ransomware spread as a fake Tor browser installer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kadavro Vector is a NoCry ransomware variant that encrypts files and demands Monero XMR cryptocurrency for decryption. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Actors, Threats and Vulnerabilities 10 April to 16 April 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of nine attacks that were executed...
Google Chrome Emergency Update Fixes Zero-Day Exploit in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A potential vulnerability in Google Chrome versions before 112.0.5615.121, identified as CVE-2023-2033, involves Type confusion in V8, which could allow a remote attacker to potentially exploit he...
Rilide Stealer Extension Targets Chromium-Based Browsers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Rilide Stealer Extension is a sophisticated malware that disguises itself as a benign Google Drive extension and targets Chromium-based browsers. To receive real-time threat advisories, please follow...
The Bitter Group Targets Chinese Agencies with CHM Malware via Email Attachments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Bitter group targets South Asian government agencies with Office documents and has recently distributed CHM malware to specific Chinese organizations via email attachments. To receive real-time threa...
Fortinet Addresses Security Flaws Across Multiple Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet releases security updates for multiple products, including a significant FortiPresence vulnerability patch. To receive real-time threat advisories, please follow HiveForce Labs on LinkedI...
Malware Attack Targets Windows Users with Spoofed Energoatom Document
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malware comes in the form of a spoofed document from Energoatom and is believed to be part of a larger campaign against Ukraines energy sector, which has been under constant cyberattacks since the...
Trigona Ransomware Targets Improperly Managed MS-SQL Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trigona ransomware is installed on vulnerable MS-SQL servers that are not properly managed, allowing attackers to execute malicious commands and encrypt files without distinguishing file extensions. To...
Nation-State Actors MERCURY and Partner DEV-1084 Carry Out Destructive Attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MERCURY, a nation-state actor linked to the Iranian government, worked with another actor, DEV-1084, to carry out a destructive attack. To receive real-time threat advisories, please follow HiveForce Lab...
Microsoft Addresses Zero-Day and Wormable Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsofts April 2023 Patch Tuesday and security updates address one actively exploited the zero-day vulnerability and a total of 97 flaws, consisting of 7 critical and 90 important vulnerabilitie...
Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa ransomware is a new threat that exploits the CVE-2023-28252 vulnerability to infiltrate and encrypt victims files, demanding a ransom for their release. To receive real-time threat advisories,...
Desert Falcon Strikes with an Upgraded Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Desert Falcons, a cyber-espionage group, has been seen deploying upgraded variants of its malware toolset in strikes against Palestine and Middle Eastern entities. To receive real-time threat advisories,...
New Cylance Ransomware Targets Linux and Windows Operating Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cylance ransomware is a new malware that is capable of adjusting to customized encryption tactics and can accept different command-line parameters. To receive real-time threat advisories, please follow...