Apple Addresses Zero-Day Vulnerabilities in macOS and Safari

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addressed vulnerabilities in macOS Ventura and Safari for macOS Big Sur/Monterey, which could potentially enable attackers to execute arbitrary code with kernel privileges or through...

Actors, Threats and Vulnerabilities 3 April to 9 April 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of five attacks that were executed...

80K QNAP Devices Vulnerable to Cyberattack

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple QNAP operating systems have been impacted by two vulnerabilities that could potentially allow remote authenticated users to access secret values. To receive real-time threat advisories,...

UNC4466 Attack Campaign Targets Veritas Backup Exec and Deploys ALPHV Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4466 conducted an attack campaign in late 2022, gaining initial access to an internet-exposed Windows server running Veritas Backup Exec and deploying the ALPHV ransomware, with over 8,500 potentially...

Money Message Ransomware Strikes with Million-Dollar Demands

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Money Message is a new ransomware group that targets victims all over the world, demanding million-dollar ransoms to avoid data leaks and deliver a decryptor. To receive real-time threat advisories, plea...

Multiple Command Injection Vulnerabilities Found in Cisco EPNM, ISE, and Prime Infrastructure

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary An attacker with authenticated, local access can exploit these vulnerabilities to escape the restricted shell and gain root privileges on the operating system. To receive real-time threat...

Botnets Actively Exploited Realtek and Cacti Flaws

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Attacks surged exploiting Cacti and Realtek vulnerabilities, resulting in the spread of ShellBot and Moobot malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

A New Rorschach Ransomware Threat Employing Hybrid-Cryptography

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rorschach is a new and highly effective ransomware that uses a hybrid-cryptography scheme and fast thread scheduling via I/O completion ports. To receive real-time threat advisories, please follow...

Winter Vivern APT targets EU with Zimbra flaw

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Winter Vivern abuses CVE-2022-27926 to attack public Zimbra webmail portals of government entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Unraveling North Korea’s Cyber Espionage Group APT43 Targeting Geopolitical Interests

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT43 is a cyber espionage group that serves North Korean regime interests by targeting government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues, mainly in Sout...

A Modular AlienFox Toolkit Used in Cloud-Based Email and Web Hosting Service Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AlienFox is a toolkit used by attackers to target email and web hosting services, particularly cloud-based and software-as-a-service SaaS email hosting services. To receive real-time threat advisories,...

Summary of Vulnerabilities & Threats: March 2023

...

Actors, Threats and Vulnerabilities 27 March to 2 April 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of Nine attacks that were executed...

CISA Known Exploited Vulnerability Catalog March 2023

For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...

SmoothOperator Campaign Trojanizes 3CXDesktopApp

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The 3CX desktop app trojanized via a multi-stage supply attack chain in the SmoothOperator campaign. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Hive Pro Unveils Enhanced Version of HivePro Uni5 Threat Exposure Management Platform v2.1.0

Featuring diversified deployment options, seamless tool integration, and a refined user interface. Milpitas, CA – 3rd April 2023 – Hive Pro, a prominent cybersecurity firm specializing in Threat Exposure Management, today introduced the version update v2.1.0 to its flagship HivePro Uni5 platform,...

Creal Stealer Preys on Cryptocurrency Users

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing site that is impersonating a cryptocurrency mining platform is disseminating the New Creal Stealer. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

New DBatLoader Malware Campaign Targets European Countries

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware campaign using DBatLoader to target European businesses through phishing emails. The attackers use obfuscation techniques and various file formats to distribute the malware, including Remco...

Donot APT Group Targets Government and Military Orgs in South Asia

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Donot group, also known as APT-Q-38, is a state-sponsored threat actor believed to operate out of a South Asian country. They primarily engage in network espionage activities targeting government...

Actors, Threats and Vulnerabilities 20 March to 26 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of 19 attacks that were executed...

Chinese Cyber Espionage Targets Middle Eastern Telecoms

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Chinese cyber espionage actors, Gallium and APT41, linked to Operation Soft Cell campaign, are targeting Middle Eastern telecommunications sector. To receive real-time threat advisories, please follow...

Bitter APT Group Targets Chinese Energy Sector with New phishing Campaign

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new cyber espionage campaign targeting the energy sector in China by the South Asian threat group Bitter APT. The campaign involves the use of social engineering tactics through phishing emails that...

Unveiling ChinaZ DDoS Threat Landscape

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ChinaZ, a Chinese threat group, is infamous for using DDoS botnets to attack Windows and Linux systems. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

New Dark Power Nim-based Ransomware Targeted Attacks Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Dark Power ransomware gang uses Nim programming language to create malware that encrypts specific services and processes, excludes crucial system files, clears logs, and generates a ransom note in...

Hive Pro Appoints John Lyons as Chief Revenue Officer

Milpitas, CA – 27th March 2023 – Hive Pro, a leading Threat Exposure Management vendor in cybersecurity, today announced the appointment of John Lyons as its new Chief Revenue Officer CRO. With more than 25 years of sales management experience in the IT industry, Lyons will be responsible for...

Cinoshi A Novel Malware-as-a-Service Platform

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cinoshi is a new MaaS platform with a toolkit including a stealer, botnet, clipper, and crypto-miner. Offering free stealer and web panel is rare. To receive real-time threat advisories, please follow...

A Financially Motivated Threat Group UNC961 Targeting North American Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary UNC961 is a financially motivated cyber threat group that targets organizations in North America, with a focus on exploiting vulnerable Internet-facing servers during periods of vulnerability and exploit...

New Variant of BlackGuard Stealer Malware Steals Sensitive Information and Crypto Wallets

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the BlackGuard stealer malware that propagates through removable media and hijacks crypto wallets. It can steal sensitive information from various applications and supports stealing...

Rising Trend of macOS Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ALC is a scareware, pretending to be ransomware, as it doesnt carry out any file encryption on the victims device. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

ALC: Is It a Scareware or a Ransomware?

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ALC is a scareware, pretending to be ransomware, as it doesnt carry out any file encryption on the victims device. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

A Deserialization Vulnerability Found in Apache Dubbo

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apache has released a security notice for a deserialization vulnerability CVE-2023-23638 in Apache Dubbo that allows remote attackers to execute arbitrary code on the target system. To receive...

Mispadu Targets Latin America with MalSpamming

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mispadu has been linked to various spam campaigns, and it is capable of stealing both monetary and credential information while acting as a backdoor through keystroke and screenshot capture. To receive...

ShellBot Malware Targets Mismanaged Linux Servers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware infects mismanaged Linux SSH servers and uses IRC protocol for C&C. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Bad Magic APT employs new CommonMagic Framework and PowerMagic Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Bad magic APT was discovered using a new backdoor called PowerMagic and a malicious framework called CommonMagic to target organizations in the administrative, agriculture, and transportation sectors...

UNC3886 targets technologies with custom malware and exploits zero-day vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC3886 is a cyber espionage Chinese group that targets technologies without EDR solutions and exploits zero-day vulnerabilities to steal user credentials and maintain access. To receive real-time threat...

Winter Vivern with Pro-Russian Objectives Targets Government

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern Advanced Persistent Threat APT is a relatively underreported group that operates with pro-Russian objectives and targets government agencies. To receive real-time threat advisories, plea...

HivePro Uni5: The Ultimate Solution for Cybersecurity Teams

...

Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...

New HinataBot Go-Based Botnet with DDoS Capabilities and Mirai Connection

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HinataBot is a newly discovered Go-based botnet that spreads through old vulnerabilities and weak credentials. It carries out DDoS flooding attacks and has a connection with the Mirai malware family. To...

Actors, Threats and Vulnerabilities 13 March to 19 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in informati...

HookSpoofer A Novel Infostealer with Advanced Capabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korea-linked hacking group Reaper has recently been observed engaging in surveillance of North Korean defectors. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Reaper, North Korean hacking group, targets defectors

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary North Korea-linked hacking group Reaper has recently been observed engaging in surveillance of North Korean defectors. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

DotRunpeX Novel Injector Delivers Multiple Malware Strains

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DotRunpeX malware attack vectors have been linked to dozens of campaigns. The DotRunpeX is a second-stage infection used to deploy a variety of malware families, most notably stealers, RATs, loaders, and...

Outlook Vulnerability Exploited by Russian Hackers Since April 2022

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in Microsoft Outlook allowed an unknown Russian threat actor to gain access to a victims NTLM hash through a specially crafted email. To receive real-time threat advisories, please follow...

BianLian ransomware ramps up data-leak extortion and improves operational security

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BianLian ransomware group is ramping up data-leak extortion to extract payments, using similar tactics & a custom backdoor, and bringing 30 new C2 servers online monthly. To receive real-time threat...

New YoroTrooper Threat Actor Targeting Government and Energy Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new threat actor named "YoroTrooper," has been conducting espionage campaigns since at least June 2022. The groups main motivation appears to be espionage, and they register malicious domains or...

APT 29 Launches Malevolent Campaign Targeting Governments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT 29 has launched a novel campaign targeting Western countries. This latest operation involves the use of a malevolent dropper called ROOTSAW. To receive real-time threat advisories, please follow...

Malware Impersonating Websites Spread via Google Ads

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple Malware were found on newly registered websites impersonating various applications, likely originating from malicious Google Search Ads. To receive real-time threat advisories, please...

Adobe Addressed a Zero-day Vulnerability in ColdFusion 2021 and 2018

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Adobe has recently released security updates for ColdFusion 2021 and 2018 versions, addressing critical and important vulnerabilities that could potentially result in arbitrary code execution and...

Revamped Prometei Botnet Version Infects Over 10,000 Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Prometei v3 botnet, an upgraded version of the Prometei botnet malware, has compromised over 10,000 systems mining the Monero cryptocurrency. To receive real-time threat advisories, please follow...