Adobe ColdFusion Vulnerability Leads to Federal Agency Breach
HiveForce Labs Summary: Unidentified threat actors exploit Adobe ColdFusion vulnerability (CVE-2023-26360) on government servers, leading to potential unauthorized code execution. Incidents involve reconnaissance, data extraction attempts, and emphasize the importance of software updates. Threat Level – Red | Attack Report For a detailed threat advisory, download the pdf …
AeroBlade Swoops Down on U.S. Aerospace Giants
Summary: A US-based aerospace entity has become a victim of an intricate year-long cyber espionage campaign orchestrated by AeroBlade. AeroBlade’s probable goal was to enhance visibility into the internal resources of its target, evaluating vulnerabilities for potential future ransom demands. Threat Level – Amber | …
Novel Tool Set Targeting Entities in the Middle East, Africa, and U.S.
Summary: An undisclosed threat actor has targeted organizations in the Middle East, Africa, and the U.S., deploying a newly identified backdoor named Agent Racoon. The attacker utilizes tools like Ntospy and a customized version of Mimikatz called Mimilite to carry out malicious activities. Threat Level …
Iranian APT Group ‘CyberAv3ngers’ Target U.S. Critical Infrastructure
Summary: CyberAv3ngers, an Iranian APT group affiliated with the IRGC, is known for cyberattacks against critical infrastructure, recently targeting U.S. Water and Wastewater Systems facilities. The group employs defacement tactics, exploiting default credentials in Unitronics PLCs, and expressing anti-Israel sentiments. Threat Level – Red | …
SugarGh0st RAT A Customized Gh0st Variant in Cyber Espionage
Summary: A malicious campaign deploying the customized SugarGh0st RAT, likely orchestrated by a Chinese-speaking threat actor targeting the Uzbekistan Ministry of Foreign Affairs and South Korean users. SugarGh0st, a variant of Gh0st RAT, exhibits advanced features for remote control, keylogging, and espionage. Threat Level – …
Attacks, Vulnerabilities and Actors 27 November to 3 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, six vulnerabilities were uncovered, and two active adversaries were identified. …
CISA Known Exploited Vulnerability Catalog November 2023
For a detailed CISA’s KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, …
Cactus Ransomware Exploits Vulnerabilities in Qlik Sense
Summary: The Cactus ransomware is actively exploiting critical Qlik Sense vulnerabilities, with the ultimate goal of establishing persistence and enabling remote control, infiltrating corporate networks stealthily. This serves as a stark reminder that unpatched Qlik Sense instances are prime targets for this relentless threat. Threat …
DJVU Ransomware’s Variant Emerges Disguised as Cracked Software
Summary: A variant of the DJVU ransomware, disguising itself as cracked software, has emerged and is demanding a ransom of $980 for decryption. These incidents involve the infiltration of systems by various commodity loaders and infostealers, with the adversary’s primary objectives being data exfiltration and …
