ownCloud Critical Vulnerability is under active exploitation
HiveForce Labs Summary: Hackers are actively exploiting a critical vulnerability (CVE-2023-49103) in ownCloud, a popular open-source file-sharing solution, exposing sensitive data in containerized deployments. Administrators are urged to promptly apply recommended fixes, including disabling the ‘phpinfo’ function and changing exposed credentials. Threat Level – Red | Vulnerability …
ParaSiteSnatcher A Silent Threat to Latin America
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability (CVE-2023-6345) actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 (Windows) or 119.0.6045.199 (Mac and Linux) promptly to safeguard against the identified vulnerabilities. Threat Level – …
Google Addresses Sixth Zero-Day Flaw Exploited by Attackers Wildly
Summary: Multiple vulnerabilities have been discovered in Google Chrome, including a zero-day vulnerability (CVE-2023-6345) actively exploited for remote code execution. Users are advised to update Chrome to version 119.0.6045.199/.200 (Windows) or 119.0.6045.199 (Mac and Linux) promptly to safeguard against the identified vulnerabilities. Threat Level – …
Hive Pro and ICS Arabia announce strategic partnership to enhance the reach of Threat Exposure Management to Smart Cities and Digital Infrastructure
HERNDON, VA., Nov. 28, 2023 – Hive Pro®, a pioneer vendor in Threat Exposure Management, announced a strategic partnership with ICS Arabia, a front-runner in the development of Smart Cities and Digital Infrastructure in the Kingdom of Saudi Arabia and the Middle East. This partnership heralds a …
North Korean Hackers Target Crypto Users with RustBucket and KandyKorn
Summary: North Korean-aligned threat actors are targeting macOS users with two malware frameworks, RustBucket and KandyKorn, in an attempt to steal cryptocurrency. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow …
North Korean APT’s Covert Supply-Chain Ambush
Summary: There has been a significant increase in software supply chain attacks orchestrated by North Korean hackers. Notably, the MagicLine4NX and 3CX compromises gained attention, with the Lazarus hacking group employing a sophisticated approach. They leverage a zero-day vulnerability in the MagicLine4NX software to execute …
Attacks, Vulnerabilities and Actors 20 November to 26 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, six instances of adversary activity, and one exploited vulnerability, highlighting the …
The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day
Summary: DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability found in WinRAR software. …
Mirai Botnet’s Offspring InfectedSlurs Exploits Dual Zero-Days
Summary: A new Mirai-based malware botnet, InfectedSlurs, is actively conducting a sophisticated campaign by exploiting two zero-day remote code execution (RCE) vulnerabilities in routers and video recorder (NVR) devices. These vulnerabilities, currently being exploited in the wild, facilitate the creation of a distributed denial-of-service (DDoS) …
Lazarus Group Orchestrates Supply Chain Attack on CyberLink Corp
Summary: The Lazarus Group (Labyrinth Chollima) orchestrated a supply chain attack on CyberLink Corp., manipulating a legitimate application installer to impact over 100 devices globally. The attack involves a second-stage payload, labeled LambLoad, communicating with compromised infrastructure and reflecting Lazarus Group’s focus on espionage and …
