A New Info-Stealing Malware Named “Stealc” Targeting Cryptocurrency Wallets
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new information-stealing malware called Stealc was discovered in January 2023. This malware is designed to steal sensitive information from various sources including web browsers, desktop cryptocurrency wallets, and browser extensions …
The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples …
Actors, Threats and Vulnerabilities 13 February to 19 February 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs identified seven active actors over the past week. There were three prominent Russian actors, namely TA505, Nodaria, and KillNet. Additionally, three Chinese actors, Tonto …
Multiple Fortinet products are vulnerable to unauthorized code execution flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has released security updates to rectify security weaknesses in its range of products, such as FortiWeb, FortiOS, FortiNAC, FortiProxy, and others. The most significant vulnerability resides in the FortiNAC network …
APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Earth Kitsune, an advanced persistent threat (APT) actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor …
ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers’ vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners. …
Israel’s Technion Targeted by DarkBit Ransomware’s Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DarkBit ransomware is a newly emerged threat in the cybersecurity scene that has targeted Technion – Israel Institute of Technology, a prestigious academic institution in Israel. The attackers behind this …
New Ransomware Campaign “TZW” Linked to GlobeImposter Targets South Korean Organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware campaign called TZW is affecting organizations in South Korea. The campaign is linked to the known malware family GlobeImposter, suggesting that the actors behind GlobeImposter are rebranding and …
Dalbit Threat Actor Launches Attack Campaign Against Multiple Korean Organizations
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Dalbit is a threat actor group that has been active since at least 2022. They have been targeting South Korean companies, with more than 50 confirmed attack attempts so far. The …
Citrix Resolves Vulnerabilities in Virtual Apps and Workspace Apps
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix Systems has addressed vulnerabilities in its Virtual Apps and Desktops, as well as Workspace Apps products, that could potentially enable attackers with local access to the target to elevate their …