Deceptive WinRAR PoC Released on GitHub Drops VenomRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A hacker is disseminating a counterfeit proof-of-concept (PoC) exploit for a WinRAR vulnerability that was recently patched on GitHub, with the intention of infecting those who download it with the VenomRAT …
GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition (EE). This vulnerability is significant as it enables an attacker to execute pipelines as another user, potentially leading to …
Earth Lusca’s Sneaky Moves Unleashes New Linux Backdoor
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Earth Lusca, a highly sophisticated Chinese threat actor, is believed to have resumed its operations in the first half of 2023. This cyber espionage group utilizes the SprySOCKS backdoor, primarily targeting …
HTTPSnoop and PipeSnoop Malware Target Telecoms in the Middle East
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HTTPSnoop and PipeSnoop malware targeting Middle East telecom providers, part of the ShroudedSnooper intrusion set, masquerading as legitimate components while executing shellcode via HTTP and IPC pipes, posing a threat to …
Trend Micro Addresses Zero-Day Flaws Exploited in the Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical zero-day vulnerability, tracked as CVE-2023-41179, has been identified in the third-party AV uninstaller module contained in Trend Micro Apex One, Worry-Free Business Security, and Worry-Free Business Security Services. This …
Redfly Targets Critical Infrastructure in Asia with ShadowPad Trojan
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Redfly, an espionage group, targeted Asian critical infrastructure, compromising a national grid for six months using ShadowPad. This underscores a rising trend in such attacks, raising global concerns. Their operation involved …
Attacks, Vulnerabilities and Actors 11 September to 17 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of eight attacks were executed, along with eleven vulnerabilities discovered, and two different adversaries were identified, all of …
APT 33 Uses Password Spray Campaigns to Infiltrate Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 33 (aka Peach Sandstorm) is an Iranian nation-state threat actor that was first identified in 2013. This group is notorious for conducting cyber espionage campaigns and has been associated with …
‘ThemeBleed’ flaw in Windows 11 Enables Code Execution
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The CVE-2023-38146 vulnerability in Windows 11 allows remote attackers to execute arbitrary code, potentially compromising the affected system’s security and integrity, and posing a significant threat to user data and system …
Storm-0324 Exploits Microsoft Teams Chats Deploying JSSLoader
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0324 is a financially motivated threat actor with a history of operations dating back to 2016. This actor has a specialization in facilitating ransomware deployments and providing access to compromised networks …