ALC: Is It a Scareware or a Ransomware?
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ALC is a scareware, pretending to be ransomware, as it doesn’t carry out any file encryption on the victim’s device. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
A Deserialization Vulnerability Found in Apache Dubbo
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apache has released a security notice for a deserialization vulnerability (CVE-2023-23638) in Apache Dubbo that allows remote attackers to execute arbitrary code on the target system. To receive real-time threat advisories, please …
Mispadu Targets Latin America with MalSpamming
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mispadu has been linked to various spam campaigns, and it is capable of stealing both monetary and credential information while acting as a backdoor through keystroke and screenshot capture. To receive real-time …
ShellBot Malware Targets Mismanaged Linux Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware infects mismanaged Linux SSH servers and uses IRC protocol for C&C. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Bad Magic APT employs new CommonMagic Framework and PowerMagic Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Bad magic APT was discovered using a new backdoor called PowerMagic and a malicious framework called CommonMagic to target organizations in the administrative, agriculture, and transportation sectors for espionage purposes. To …
UNC3886 targets technologies with custom malware and exploits zero-day vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC3886 is a cyber espionage Chinese group that targets technologies without EDR solutions and exploits zero-day vulnerabilities to steal user credentials and maintain access. To receive real-time threat advisories, please follow HiveForce …
Winter Vivern with Pro-Russian Objectives Targets Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern Advanced Persistent Threat (APT) is a relatively underreported group that operates with pro-Russian objectives and targets government agencies. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italy’s geofencing and creates a loader process on the victim’s computer. …
New HinataBot Go-Based Botnet with DDoS Capabilities and Mirai Connection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HinataBot is a newly discovered Go-based botnet that spreads through old vulnerabilities and weak credentials. It carries out DDoS flooding attacks and has a connection with the Mirai malware family. To receive …