Attacks, Vulnerabilities and Actors 18 to 24 March 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, eight vulnerabilities were uncovered, and five active adversaries were identified. …
Critical SQL Injection Vulnerability Discovered in Atlassian Bamboo
Summary: Atlassian has released patches addressing several security vulnerabilities, including a significant critical issue impacting Bamboo Data Center and Server, identified as CVE-2024-1597. This flaw, leading to a SQL injection, poses a risk of unnecessary data exposure and potential data manipulation. Threat Level – Red …
Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine
Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraine’s critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID arrays, potentially causing …
TeamCity Vulnerabilities Unleash Jasmin Ransomware and More
Summary: Recently patched vulnerabilities in JetBrains TeamCity (CVE-2024-27198, CVE-2024-27199) have emerged as a breeding ground for cyber threats, as attackers leverage them to disseminate various dangers such as Jasmin ransomware, XMRig cryptominers, SparkRAT backdoor, and remote access trojans (RATs). Since the release of proof-of-concept (PoC) …
Critical Flaw In Ivanti Standalone Sentry Leads To Remote Code Execution
Summary: Ivanti Standalone Sentry has been identified as vulnerable to a critical remote code execution flaw, tracked as CVE-2023-41724. Exploiting this vulnerability, a remote attacker could gain unauthorized access to the target system and execute arbitrary commands. Threat Level – Red | Vulnerability Report For …
From Observer to Asuka – The Reinvention of Stealer
Summary: A malware-as-a-service (MaaS) called ‘AsukaStealer,’ advertised on a Russian-language cybercrime forum by the alias ‘breakcore,’ has surfaced. Priced at $80 per month, AsukaStealer is written in C++ and features customizable configurations and a user-friendly interface designed for harvesting data. Threat Level – Amber | …
Unveiling BunnyLoader 3.0 Enhanced Malware Capabilities
Summary: BunnyLoader 3.0, which has been active since September 2023, is a malicious malware variant known for its enhanced data theft and advanced keylogging capabilities. This modular malware provides attackers with flexibility and presents challenges in terms of detection. Despite its global targeting, it refrains …
Operation PhantomBlu Deploys NetSupport RAT via OLE Template
Summary: Under the guise of Operation PhantomBlu, a new phishing campaign is aimed at American companies with the goal of deploying the remote access trojan NetSupport RAT. By utilising OLE template manipulation, the PhantomBlu operation presents a sophisticated exploitation technique. This technique uses Microsoft Office …
The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group
Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEP#GOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan (RAT) software for full control over infected hosts, while employing legitimate services like Dropbox for command and control communication to …