Iranian Threat Actor Adapts Tactics to Stay One Step Ahead
Summary: Charming Kitten, an Iranian threat actor, has recently been linked to a series of attacks targeting the Middle East. This campaign involves deploying a new backdoor called BASICSTAR through a deceptive webinar portal. Threat Level – Red | Attack Report For a detailed threat advisory, download the …
Attacks, Vulnerabilities and Actors 12 to 18 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, five vulnerabilities were uncovered, and three active adversaries were identified. …
Akira Ransomware Exploits Cisco Flaw for Maximum Impact
Summary: The Akira ransomware has been identified for utilizing the Cisco AnyConnect SSL VPN as its initial access vector, specifically exploiting the CVE-2020-3259 vulnerability. Despite Cisco addressing this vulnerability with patches released in May 2020, the threat remains prevalent. Threat Level – Red | Attack Report For …
Novel Smishing Kit Leverages Cloud Platform
Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINO_DAS threat actor is linked to the operation that uses this cloud capability to send out a …
A Fresh Look at the Bumblebee’s Comeback Strategies
Summary: BumbleBee, a malicious loader discovered in March 2022, resurfaced in the cyber threat landscape on February 8, 2024, after a four-month hiatus. Unlike in previous campaigns, this attack chain diverges from conventional techniques. Threat Level – Amber | Attack Report For a detailed threat advisory, download the …
Turla Expands Their Arsenal with Next-Generation Malwares
Summary: In December 2023, a new backdoor dubbed TinyTurla-NG was deployed by the Russia-affiliated threat actor Turla as part of a three-month campaign targeting Polish non-governmental organizations (NGOs). The threat actor utilized malicious PowerShell scripts hosted on various websites, exploiting vulnerable versions of WordPress for their C2 operations. Threat …
Water Hydra Exploits CVE-2024-21412 to Target Financial Traders
Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving attack methods. Threat Level – Red | Attack Report For a …
Critical Flaw in Zoom Windows Apps Allows Privilege Elevation
Summary: Zoom has addressed an input validation flaw (CVE-2024-24691) that renders the Zoom desktop and VDI clients, along with the Meeting SDK for Windows, vulnerable to privilege escalation on the target system via the network, even by an unauthenticated attacker. Threat Level – Red | …
Rhysida Ransomware’s Decryptor is Now in Action
Summary: The Rhysida ransomware-as-a-service (RaaS) group poses a significant global threat, targeting diverse sectors. Recently, an implementation vulnerability in the source code of the Rhysida ransomware has been discovered. By exploiting this vulnerability to reconstruct encryption keys, it enables the development of a decryptor. This decryptor …
Microsoft’s February 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities
Summary: Microsoft’s February 2024 Patch Tuesday addresses 73 vulnerabilities, including actively exploited zero-days, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows SmartScreen(CVE-2024-21351), Internet Shortcut Files(CVE-2024-21412), and Microsoft Exchange Server (CVE-2024-21410) require immediate attention to mitigate potential risks. Threat Level …