Ivanti Addresses Flaws Leading to DoS Attacks and Code Execution

...

CoralRaider Targeting Social Media Accounts Across Asia for Financial Gain

...

Over 170K Users Hit by Fake Python Infrastructure

...

Tracing the Footprints of Agent Tesla’s Conspirators

...

LayerSlider WordPress Plugin Flaw Impacts Over 1 Million Sites

...

Sync-Scheduler: The Premier Document Stealer

...

Unveiling Earth Freybug’s New TTPs Adoption with UNAPIMON

...

CISA Known Exploited Vulnerability Catalog March 2024

Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and reduce...

CISA Known Exploited Vulnerability Catalog March 2024

For a detailed CISAs KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability KEV catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog,...

Stealer Malwares Delivered Through Malicious Ads and Bogus Websites

Summary: Two distinct stealer malware programs, including Atomic Stealer, are being distributed to Apple macOS users through deceptive advertisements and counterfeit websites. These recent attacks have successfully infected victims macOS devices with infostealers. Threat Level - Red | Attack Repo...

Summary of Vulnerabilities, Actors & Attacks: March 2024

...

Attacks, Vulnerabilities and Actors 25 to 31 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of twelve attacks were executed, ten vulnerabilities were uncovered, and two active adversaries were...

Building Stronger Partnerships: Why Threat Exposure Management (CTEM) Matters

The enterprise digital landscape is too large to simply manage. Gone are the days of securing just a physical network perimeter. Today's IT infrastructure encompasses everything from lines of code to sprawling cloud environments. This sprawl creates a massive attack surface, making it increasingl...

Key Terms of Exposure Management: What You Need to Know

Keeping pace with the latest terminology and acronyms in cybersecurity can feel like trying to drink from a firehose. Individuals and organizations often find themselves reaching for a dictionary to decode the alphabet soup of acronyms and terminology that Gartner and similar experts continually...

XZ Utils Backdoored, A Supply Chain Nightmare

Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...

Hive Pro Announces Launch of Alliance Partner Program in North America for MSPs and VARs

Herndon, VA – 01 April 2024 – Hive Pro, a pioneer vendor in Threat Exposure Management, announced the formal launch of its North America Alliance Partner Program for Managed Service Providers MSP and Value-Added Resellers VARs. This initiative aims to empower Managed Service Providers MSPs and...

‘Operation FlightNight’ Targeting India with Deceptive Air Force Invitations

Summary: In a campaign dubbed Operation FlightNight, unidentified threat actors have focused on Indian government agencies and energy companies, aiming to deploy a modified variant of an open-source information stealer malware known as HackBrowserData. The threat actors have been observed...

Google Patches Critical Zero-Day Exploits Found at Pwn2Own

Summary: Google patched two zero-day vulnerabilities in Chrome CVE-2024-2886, CVE-2024-2887 from Pwn2Own Vancouver 2024, allowing arbitrary code execution. Updating Chrome is essential to ensure youre protected. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download th...

UNC5174 Functions as an Initial Access Broker, Exploiting Vulnerabilities

Summary: UNC5174, a threat actor believed to be associated with China, has been identified exploiting various vulnerabilities and deploying custom tools such as SNOWLIGHT, GOHEAVY, and GOREVERSE for post-exploitation activities. These tools enable UNC5174 to carry out sophisticated cyber...

Sysrv Harnessing Google Subdomains to Circulate XMRig

Summary: Sysrv, an advanced botnet, employs a Golang worm to infiltrate devices and distribute XMRig cryptocurrency miners, leveraging network vulnerabilities and undergoing constant evolution through operator refinement. Threat Level - Red | Attack Report For a detailed threat advisory, download...

Agenda Ransomware Targets VMWare vCenter & ESXi Servers Globally

Summary: Agenda ransomware, also known as Qilin, active since 2022, targets global victims across industries. Their latest tactic leverages a custom script to infect VMWare environments, potentially crippling virtual machines and causing data loss. Organizations should be aware of this threat and...

The Exposure Management Acronym Dictionary

In this video, Anand Choudha, CEO at Hive Pro, and Jeelan Poola, CPO at Hive Pro, introduce the HivePro Uni5 Threat Exposure Management Platform. HivePro Uni...

StrelaStealer Resurfaces with Upgraded Attack Chain

Summary: A recent wave of phishing attacks has been detected, targeting over 100 organizations across the United States and the European Union. These attacks aim to distribute StrelaStealer, a dynamic information-stealing malware. The attackers employ spam emails containing attachments that...

Evil Ant The Python-Powered Ransomware

Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...

APT29 Targets German Political Parties with New WINELOADER

Summary: APT29, linked to Russias SVR, targeted German political parties in late February 2024 using a new backdoor variant named WINELOADER, signaling a shift in operational focus beyond diplomatic missions. This marks a broader threat to European and Western political entities, driven by the SV...

Attacks, Vulnerabilities and Actors 18 to 24 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, eight vulnerabilities were uncovered, and five active adversaries...

Critical SQL Injection Vulnerability Discovered in Atlassian Bamboo

Summary: Atlassian has released patches addressing several security vulnerabilities, including a significant critical issue impacting Bamboo Data Center and Server, identified as CVE-2024-1597. This flaw, leading to a SQL injection, poses a risk of unnecessary data exposure and potential data...

Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine

Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraines critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID...

TeamCity Vulnerabilities Unleash Jasmin Ransomware and More

Summary: Recently patched vulnerabilities in JetBrains TeamCity CVE-2024-27198, CVE-2024-27199 have emerged as a breeding ground for cyber threats, as attackers leverage them to disseminate various dangers such as Jasmin ransomware, XMRig cryptominers, SparkRAT backdoor, and remote access trojans...

The NVD Disruption: Navigating Through Uncertainty in Cybersecurity

In recent weeks, a significant disruption has unfolded at the US National Institute of Standards and Technology NIST, impacting its National Vulnerability Database NVD and, by extension, the global cybersecurity landscape. The NVD, a cornerstone in the cybersecurity defense mechanisms of...

Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution

Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level - Red |...

From Observer to Asuka – The Reinvention of Stealer

Summary: A malware-as-a-service MaaS called AsukaStealer, advertised on a Russian-language cybercrime forum by the alias breakcore, has surfaced. Priced at $80 per month, AsukaStealer is written in C++ and features customizable configurations and a user-friendly interface designed for harvesting...

Unveiling BunnyLoader 3.0 Enhanced Malware Capabilities

Summary: BunnyLoader 3.0, which has been active since September 2023, is a malicious malware variant known for its enhanced data theft and advanced keylogging capabilities. This modular malware provides attackers with flexibility and presents challenges in terms of detection. Despite its global...

Operation PhantomBlu Deploys NetSupport RAT via OLE Template

Summary: Under the guise of Operation PhantomBlu, a new phishing campaign is aimed at American companies with the goal of deploying the remote access trojan NetSupport RAT. By utilising OLE template manipulation, the PhantomBlu operation presents a sophisticated exploitation technique. This...

The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group

Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEPGOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan RAT software for full control over infected hosts, while employing legitimate services like Dropbox for comman...

Aiohttp Vulnerability Leveraged by ShadowSyndicate

Summary: The cybercriminal group ShadowSyndicate has been detected scanning for vulnerable servers, aiming to exploit a recently addressed vulnerability in the widely-used Aiohttp library. This exploit, if successful, could lead to unauthorized access to sensitive data on servers globally, posing...

Earth Krahang APT Campaign Targeting Global Governments

Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...

Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

Attacks, Vulnerabilities and Actors 11 to 17 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, HiveForce Labs discovered eight executed attacks, uncovered ten vulnerabilities, and identified two active...

LockBit Takedown and Resurgence

What Happened? In a coordinated effort by National Crime Agency, Europol and multiple other internation law enforcement agencies dealt a significant blow to the operations of the LockBit ransomware group. Dubbed Operation Cronos, this multi-agency initiative led to the seizure of LockBit's dark w...

Cisco IOS XR Flaws Enable Privilege Elevation and DoS Attacks

Summary: Three high-severity vulnerabilities have been discovered in the Cisco IOS XR software, posing risks of denial-of-service DoS attacks and elevation of privilege. These vulnerabilities are tracked as CVE-2024-20320, CVE-2024-20318, and CVE-2024-20327. Threat Level - Amber | Vulnerability...

Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites

Summary: A critical Cross-Site Scripting XSS vulnerability CVE-2024-2194 in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or sit...

Magnet Goblin Strikes Public-Facing Servers

Summary: Magnet Goblin, characterized by its financial incentives, strategically exploits zero-day vulnerabilities within publicly accessible services by employing sophisticated malware sourced from the Nerbian family, which also includes NerbianRAT and MiniNerbian. Threat Level - Red | Actor...

TimbreStealer Focuses On Mexico With Social Engineering

Summary: Since at least November 2023, there has been a persistent phishing spam campaign targeting potential victims in Mexico. The campaign entices users to download TimbreStealer, a new information stealer that has been disguised. This campaign use financial-themed phishing emails to lure...

Fortinet Releases Patches for Critical Vulnerabilities in Various Products

Summary: A critical SQL Injection vulnerability CVE-2023-48788 in FortiClientEMS software enables attackers to execute unauthorized code or commands via specially crafted HTTP requests. Additionally, two other critical bugs in FortiOS and FortiProxy have been addressed. Update promptly to patched...

Malware Concealed Within PDFs for Data Theft

Summary: In a recently observed campaign an infostealer masquerading as the Adobe Reader installer was being distributed. The file is being distributed by the threat actor in PDF format, luring people to download and execute it, collecting sensitive information. Threat Level - Amber | Attack Repo...

VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads

Summary: A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services AWS onto the victims device. This malicious file...

Microsoft’s March 2024 Patch Tuesday Addresses 60 Vulnerabilities

Summary: Microsofts March 2024 Patch Tuesday addresses 60 vulnerabilities, including two critical vulnerabilities, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows Hyper-V CVE-2024-21407 and CVE-2024-21408 require immediate attention to mitigat...

Attacks, Vulnerabilities and Actors 4 to 10 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of seven attacks were executed, four vulnerabilities were uncovered, and two active adversaries were...

Cisco Secure Client Flaw Enables Attackers To Steal VPN Sessions

Summary: A high severity vulnerability tracked as CVE-2024-20337 have been addressed by Cisco affecting its Secure Client software that could allow a threat actor to start a VPN session with the targeted user. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the...