Proof-of-Concept Released for Kubernetes Vulnerabilities Exposing Windows Nodes
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Three interconnected high-severity security vulnerabilities have been identified in Kubernetes. These vulnerabilities could potentially be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. Notably, …
Apple Addresses Two Zero-Day Flaws Exploited by Attackers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple’s two zero-day vulnerabilities (CVE-2023-41064 and CVE-2023-41061) enable arbitrary code execution and system crashes. As these vulnerabilities are actively exploited, they pose severe risks, including data exposure and potential targeted attacks. …
3AM Ransomware: LockBit’s Failed Standoff Revealed
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware variant, self-dubbed ‘3AM’ has arisen as a result of a rogue attack conducted by a ransomware affiliate. Initially, this affiliate attempted to install the LockBit ransomware on a …
Microsoft’s September 2023 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the September Patch Tuesday release, Microsoft addressed a total of 59 CVEs, encompassing five critical vulnerabilities. Within this range of vulnerabilities, the security update covered the typical spectrum of issues, …
Adobe Acrobat Zero-Day Exploited in Wild
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability, identified as CVE-2023-26369, poses a critical security risk as it allows remote attackers to compromise vulnerable systems. This vulnerability affects Acrobat on both Windows and macOS platforms. Successful …
Charming Kitten’s ‘Sponsor’ Strikes 34 Organizations in Brazil, Israel, and U.A.E
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, also known as Ballistic Bobcat, orchestrated a sophisticated campaign aimed at 34 diverse targets across Brazil, Israel, and the United Arab Emirates. This operation employed a novel backdoor, which …
Cybercriminals Target Graphic Designers with Cryptojacking Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are taking advantage of a legitimate Windows tool known as Advanced Installer to compromise the computers of graphic designers with cryptocurrency mining malware. These scripts are designed to infect individuals …
Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability (CVE-2023-4863) in Google Chrome enables arbitrary code execution and system crashes. Actively exploited “in the wild,” it poses severe risks, including data exposure and potential targeted attacks. Immediate …
HijackLoader a Deceptive Modular Malware Loader
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new malware loader, HijackLoader, is swiftly gaining prominence within the cybercriminal sphere, being leveraged to disseminate an array of malicious malware strains, including DanaBot, SystemBC, and RedLine Stealer. To receive …
Attacks, Vulnerabilities and Actors 4 September to 10 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of ten executed attacks, one instance of adversary activity, and six vulnerabilities including two zero-day …