Malware Concealed Within PDFs for Data Theft
Summary: In a recently observed campaign an infostealer masquerading as the Adobe Reader installer was being distributed. The file is being distributed by the threat actor in PDF format, luring people to download and execute it, collecting sensitive information. Threat Level – Amber | Attack Report For …
VCURMS and STRRAT Trojans Using AWS and GitHub as Launchpads
Summary: A sophisticated phishing campaign is targeting personnel, enticing them to click on a seemingly innocuous button to authenticate payment details. However, this action initiates the download of a harmful JAR file from Amazon Web Services (AWS) onto the victim’s device. This malicious file serves …
Microsoft’s March 2024 Patch Tuesday Addresses 60 Vulnerabilities
Summary: Microsoft’s March 2024 Patch Tuesday addresses 60 vulnerabilities, including two critical vulnerabilities, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows Hyper-V (CVE-2024-21407 and CVE-2024-21408) require immediate attention to mitigate potential risks. Threat Level – Red | Vulnerability Report …
Attacks, Vulnerabilities and Actors 4 to 10 March 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of seven attacks were executed, four vulnerabilities were uncovered, and two active adversaries were identified. …
Cisco Secure Client Flaw Enables Attackers To Steal VPN Sessions
Summary: A high severity vulnerability tracked as CVE-2024-20337 have been addressed by Cisco affecting its Secure Client software that could allow a threat actor to start a VPN session with the targeted user. Threat Level – Red | Vulnerability Report For a detailed threat advisory, download the pdf …
Evasive Panda China-Linked Cyberespionage Targeting Tibetans
Summary: Evasive Panda, a threat actor associated with China, has masterminded an intricate cyberespionage campaign targeting Tibetan users since at least September 2023. This operation employs both watering hole and supply chain attacks to achieve its objectives. Threat Level – Red | Attack Report For a detailed …
Critical VMware Vulnerabilities Leading To Sandbox Escape
Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMware ESXi are all impacted by these vulnerabilities. Threat Level …
TA4903 Spoofing Government Entities and SMBs for Financial Gain
Summary: TA4903, a financially motivated threat actor, conducts high-volume email campaigns targeting U.S. organizations for credential phishing and business email compromise (BEC). They spoof various U.S. government agencies and private businesses, employing tools like EvilProxy and incorporating QR codes into phishing campaigns. TA4903’s evolving tactics include expanding …
SapphireStealer’s Stealthy Invasion via Deceptive Legal Documents
Summary: An intricate campaign aimed at Russian individuals has emerged, showcasing the SapphireStealer malware, a publicly available information-stealing tool introduced in December 2022. The incorporation of social engineering techniques significantly enhances the efficacy of these campaigns, allowing attackers to evade detection by assuming the guise …
Misconfigured Servers Targeted with New Golang Malwares
Summary: In a newly observed malware campaign, threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish a reverse shell for persistent remote access. The attackers utilize new Golang-based …