1589 matches found
Microsoft fixed 83 vulnerabilities including two zero-day vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft has released its March 2023 Patch Tuesday update, addressing a total of 83 vulnerabilities, including 9 critical, 70 important, 1 moderate, and 3 other vulnerabilities...
Tick Launches Attack on East Asian Data-Loss Prevention Software Company
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tick, an APT group, attacked an East Asian data-loss prevention software company, compromising update servers and distributing malware, using trojanized installers, to access computers of government and...
IceFire Ransomware Strikes Linux-Powered Enterprise Networks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A New Linux variant of IceFire ransomware is disseminated by exploiting the deserialization flaw in IBM Aspera Faspex, targeting networks of media/entertainment firms...
BlackLotus UEFI Bootkit Exploits Windows 11 vulnerability
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackLotus is a UEFI bootkit that can exploit a vulnerability in Windows 11 systems and is advertised and sold on underground forums for $5,000...
New KamiKakaBot Malware Targeting Government Entities in ASEAN Countries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The new KamiKakaBot malware has been discovered targeting government entities in ASEAN countries, with the Dark Pink APT group believed to be behind the campaign...
Chrome 111 addresses an array of security flaws
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Chrome has addressed several security vulnerabilities that encompass unauthorized access, Use after Free, Type Confusion, and Heap buffer overflow...
Actors, Threats and Vulnerabilities 6 March to 12 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...
New GoBruteforcer Malware Targeting Web Servers Running Popular Services
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The GoBruteforcer malware targets web servers and uses Golang programming language. It employs CIDR block scanning to access servers through brute force and deploy an...
Multiple Vulnerabilities in Various Fortinet Products in March 2023
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Fortinet has identified a number of vulnerabilities in several of its products, including FortiOS, FortiProxy, FortiAnalyzer, and others, which range from...
8220 Gang leverages ScrubCrypt in Cryptojacking Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The 8220 Gang leverages ScrubCrypt for crypto-jacking, which is available on HackForums for $40 per month or up to $200 for a lifetime...
New BlackSnake Ransomware Performs Clipper Operations on Cryptocurrency Users
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackSnake ransomware has been discovered with clipper functionality that intercepts and replaces the cryptocurrency wallet addresses of victims with those of attacke...
Sharp Panda A Sophisticated Cyber-Espionage Campaign Targeting Governments
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Sharp Panda cyber-espionage campaign, which has been active for a considerable period, focuses on infiltrating government entities in Southeast Asia. This operatio...
Tracking the Malicious Email Campaigns of Russia-Aligned TA499
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary TA499 is a group of threat actors aligned with the Russian state that engages in impersonation-based, patriotically motivated misinformation campaigns. They use email ...
Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cybercriminals are using Microsoft OneNotes ability to embed files to deliver malware to users via social engineering techniques. OneNote allows users to organize...
SYS01 Stealer Targets Government and Manufacturing Industry
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SYS01 stealer has been targeting critical government infrastructure employees, manufacturing companies, and other industries, and using various delivery technique...
ImBetter Stealer Malware Targets Cryptocurrency Wallets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ImBetter Stealer malware steals sensitive data and cryptocurrency wallets by tricking users into downloading it through phishing websites that mimic popular crypto...
RedLine Stealer Used in Spear-Phishing Campaign Targeting Hospitality Industry
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A spear-phishing campaign targeting the hospitality industry used subject lines and text to trick hotel staff into clicking on malicious links that led to the downloa...
Hiatus Hacking Campaign Targets DrayTek Vigor Routers to Steal Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A malware campaign called "Hiatus" that targets business-grade routers, specifically DrayTek Vigor models 2960 and 3900 running an i386 architecture. The campaign...
Multiple Vulnerabilities Found in Cisco IP Phones Web-Based Management Interface
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Cisco has disclosed two high-severity vulnerabilities affecting its IP phones, with one causing remote code execution RCE and the other enabling...
Actors, Threats and Vulnerabilities 27 February to 5 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs discovered six actors that have been active in the past week. TA866, APT-C-61, and DEV-0569 are cybercrime groups that focus on Financial gain. The other three...
Unveiling the Malicious Tactics of LokiBot Malware
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary LokiBot is a constantly evolving information-stealing malware that creates a backdoor on infected machines to collect sensitive data, and it uses ISO files and API...
Two New Vulnerabilities Discovered in TPM 2.0 Library
Threat Level Vulnerability Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Trusted Platform Module TPM 2.0 specification, a hardware-based technology used to provide tamper-resistant secure cryptographic functions, is affected by...
CISA Known Exploited Vulnerability Catalog February 2023
For a detailed CISAs KEV Catalog, download the pdf file here Summary For a detailed CISAs KEV Catalog, download the pdf file here The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. To be included ...
Royal Ransomware Targets Organizations with Custom Encryption and Double Extortion Tactics
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Since September 2022, threat actors have been attacking both US and international organizations using a version of ransomware called Royal. This ransomware is unique...
New MQsTTang Backdoor from Mustang Panda Targets Political and Governmental Organizations
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A new custom backdoor called MQsTTang, which they attribute to the Mustang Panda APT group. This backdoor is part of an ongoing campaign that began in early January...
Snip3 Crypter an Advanced RAT Loader Targeting Multiple Industries
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A multi-stage remote access trojan RAT loader called Snip3 crypter was recently discovered deploying RAT families, including QuasarRAT and DcRAT, to target victims...
A New APT named APT-C-61 Targets South Asia
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary APT-C-61, also known as Tengyun Snake, is an advanced persistent threat APT group that has been active since at least January 2020 in South Asia. This group mainly...
Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...
ParallaxRAT targets cryptocurrency organizations through phishing emails
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary ParallaxRAT is a remote access Trojan RAT that has been distributed through phishing emails since December 2019. Recently, ParallaxRAT has been targeting cryptocurren...
Summary of Vulnerabilities & Threats: February 2023
...
Highly Sophisticated SCARLETEEL Cloud Attack That Stole Proprietary Data
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The SCARLETEEL attack was a highly sophisticated cloud operation that involved the theft of proprietary data by exploiting a compromised Kubernetes container,...
Blackfly Chinese APT targets Asian conglomerate in materials sector
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, has been targeting multiple subsidiaries of an Asian conglomerate operating in the...
Malicious DPRK Actors Target the Healthcare Industry in the US & South Korea
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary State-sponsored malicious actors from the Democratic Peoples Republic of Korea DPRK have carried out a ransomware attack against the healthcare systems of South Korea...
TA866 New Financially-Motivated Threat Actor Targeting US and Germany Organizations
Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary A new financially motivated threat actor named TA866 has been active since October 2022 and targets organizations in the United States and Germany. The attack chain...
AgentTesla Trojan Returns with Phishing Campaigns Using GuLoader to Steal Secrets
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The AgentTesla Trojan continues to pose a threat as attackers use GuLoader to deliver it in new phishing campaigns targeting various industries and countries...
New Post-Exploitation Exfiltrator-22 Ransomware Framework Designed to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new post-exploitation framework called EXFILTRATOR-22 a.k.a. EX-22 appears to have been created by a group operating in North, East, or South-East Asia. The group is skilled in defense evasion and...
Actors, Threats and Vulnerabilities 20 February to 26 February 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs has identified five active threat actors over the past week. The Earth Kitsune APT and Lazarus Group are North Korean-based cybercrime groups that focus on...
Deceptive Discord Campaign Targets Government Entities with PureCrypter Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Government entities in the Asia-Pacific and North American regions have been targeted by a threat actor using the PureCrypter malware downloader. This particular malware has been used to distribute vario...
Apple Discovers Three New Vulnerabilities in macOS Ventura 13.2
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has updated its macOS Ventura 13.2 advisories to include three new vulnerabilities. One of them is a race condition affecting the crash reporter component, which can allow an attacker to rea...
Lazarus Strikes with WinorDLL64 Backdoor Discovered in Wslink Malware loader
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A newly discovered backdoor named WinorDLL64 seems to be associated with the malware downloader Wslink. This revelation suggests that Lazarus, the notorious North Korea-aligned group, may have employed...
Exploiting ChatGPT’s Popularity for Malware Distribution
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The attack on ChatGPT involved the exploitation of its widespread usage to distribute malware and carry out various cyber-attacks, including phishing and typosquatting...
New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new attack group called Clasiopa has been observed targeting materials research organizations in Asia using a distinct toolset that includes a custom malware called Backdoor.Atharvan. It is unclear wher...
Icarus a Versatile Infostealer with Rootkit and hVNC Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Icarus Stealer malware is equipped with a Hidden Virtual network computing hVNC feature, which enables the attacker to generate a concealed desktop and traverse the compromised system without any...
Newly Identified Threat Actor Hydrochasma Targets Shipping Companies and Medical Laboratories in Asia
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Hydrochasma is a newly identified threat actor that has been targeting shipping companies and medical laboratories in Asia since October 2022. This groups primary focus appears to be on intelligence...
HardBit Ransomware: A Threatening Cyber Attack Targeting Organizations with New Version 2.0
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HardBit is a ransomware strain that focuses on extorting cryptocurrency payments from organizations in exchange for data decryption. It first emerged in October 2022, and a newer version, HardBit 2.0,...
Injection vulnerability in VMware Carbon Black App Control
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary There is an injection vulnerability in VMware, specifically in the Carbon Black App Control product. If a malicious actor, who has privileged access to the App Control administration console,...
DarkCloud Stealer A Multi-Stage Malware That Pilfers Sensitive data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkCloud Stealer is a type of malware distributed worldwide through spam operations and designed to pilfer sensitive information from a victims device. The sale of DarkCloud Stealer was reported in...
Mylobot: A Sophisticated Botnet Malware Targeting Computers Worldwide
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mylobot is a Windows-targeting malware and was first discovered in 2017. It has not received much attention since then, but it is noteworthy for its ability to transform the infected system into a proxy...
WIP26 attacks Middle Eastern telecom service providers
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The newly discovered WIP26 threat cluster is an espionage-focused group that has been concentrating on infiltrating Middle Eastern telecom companies. To evade detection, the group heavily relies on public...
A New Info-Stealing Malware Named “Stealc” Targeting Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new information-stealing malware called Stealc was discovered in January 2023. This malware is designed to steal sensitive information from various sources including web browsers, desktop cryptocurrenc...