A Critical Vulnerability uncovered in VMware Aria Operations for Networks
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities have been discovered in VMware Aria Operations for Networks (formerly vRealize Network Insight). The first vulnerability, CVE-2023-34039, is an authentication bypass that allows attackers to access the network CLI. The other …
AdLoad Malware Persists on Mac Systems with New Proxy Payload
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AdLoad malware persists on Mac systems with a new proxy application payload, converting infected devices into a proxy botnet. This scheme, involving thousands of IP addresses, points to a monetization strategy …
JanelaRAT Strikes at Latin American Financial Sector
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary JanelaRAT, a financial malware, is directed toward users in Latin America (LATAM) with the ability to seize sensitive data. This malicious software primarily focuses on gathering financial and cryptocurrency information from …
Monti Ransomware’s New Linux Variant Enhanced Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Monti ransomware, resembling Conti, resurfaces after a break, targeting legal and government sectors. A new Linux variant diverges significantly, using distinct tactics for encryption and virtual machine termination. Organizations must enhance …
Unveiling The TunnelCrack VPN Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to encrypt traffic. …
LummaC Stealer Enlists Amadey Bot to Unleash SectopRAT
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fresh approach to spreading SectopRAT has surfaced. This method involves distributing the SectopRAT payload by utilizing the Amadey bot, which is sourced from the LummaC stealer. To receive real-time threat …
Attacks, Vulnerabilities and Actors 7 August to 13 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, three vulnerabilities, and three different adversaries highlights the ever-present …
DroxiDat Targets Southern African Power Utility
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a targeted operation, an unidentified actor strategically deployed the advanced DroxiDat proxy-capable backdoor alongside Cobalt Strike beacons. The operation was aimed at a critical power utility within the infrastructure of …
Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability (CVE-2017-18368) in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. This exploitation enables the botnet …
Knocking the Surface of Rhysida Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Rhysida ransomware campaign is rapidly gaining notoriety, driven by a series of successful infiltrations into various sectors. Employing an array of dissemination techniques such as Cobalt Strike, phishing campaigns, and …