Attacks, Vulnerabilities and Actors 23 October to 29 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited vulnerability, highlighting the …
Lazarus Unleash SIGNBT Malware in Latest Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group has been identified as the mastermind behind a recent cyber campaign. They persistently targeted a software vendor, successfully compromising the vendor’s systems by exploiting software vulnerabilities and introducing …
Redefining the StripedFly Malware Framework
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An intricate cross-platform malware framework, known as StripedFly, operated discreetly for five years, surreptitiously compromising over a million Windows and Linux systems. It skillfully evaded in-depth analysis and was initially misclassified …
Vmware vCenter Flaws Leading to RCE Attacks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts. CVE-2023-34048 is associated with an Out-of-Bounds …
Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting through HTML email messages, enabling remote attackers …
YoroTrooper Covert Cyber Espionage Masters of Kazakhstan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary YoroTrooper, a stealthy threat actor primarily focused on espionage, first emerged in June 2022. YoroTrooper’s targets appear to be concentrated within the Commonwealth of Independent States (CIS) nations, with its operatives …
Attackers Exploit Brazil’s PIX System with GoPIX Malware Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The popularity of Brazil’s PIX payment system has attracted cybercriminals using GoPIX malware, targeting users searching for “WhatsApp web” with malicious ads. This poses a threat to users’ financial and personal …
Attackers Exploit VMware’s Aria Operations for Logs Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical authentication bypass vulnerability (CVE-2023-34051) in VMware Aria Operations for Logs allows remote code execution with root privileges under certain conditions, raising concerns for compromised networks. The security patch attempted …
ExelaStealer A New Entrant in the InfoStealer Landscape
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ExelaStealer is a newly discovered InfoStealer malware that emerged in August 2023. Its distinctive feature lies in being an open-source tool, customizable for a fee. Primarily coded in Python, ExelaStealer can …
Hackers Infiltrate Russian Government and Industrial Entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Numerous governmental and pivotal industrial entities in Russia fell victim to a sophisticated Go-based custom backdoor. This malicious software was specifically crafted for data theft, suggesting its involvement in secretive intelligence …