Barracuda Fixes ACE Zero-day Vulnerability Exploited by Attackers
Summary: The Barracuda Email Security Gateway vulnerability (CVE-2023-7102) allows remote attackers to execute arbitrary commands, posing a substantial threat to the security and functionality of affected systems. Exploitation by threat actors has led to the deployment of new malware variants, emphasizing the severe impact on …
UAC-0099 Utilizes WinRAR Exploit to Deploy LONEPAGE Malware
Summary: UAC-0099, a threat actor, has been involved in persistent attacks targeting Ukraine. These attacks leverage a critical vulnerability in WinRAR to deploy a malware strain known as LONEPAGE. Notably, the threat actor focuses on Ukrainian employees working for organizations outside of Ukraine. Threat Level …
Cloud Atlas Exploits Six-Year-Old Flaw to Target Russian Companies
Summary: The threat actor Cloud Atlas has been identified in spear-phishing attacks targeting Russian enterprises. The modus operandi involves a phishing message in the initial stage, containing a lure document that exploits CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor. This six-year-old vulnerability is leveraged …
Operation RusticWeb: Coordinated Strikes on Indian Government
Summary: Since October 2023, an orchestrated phishing campaign named ‘Operation RusticWeb’ has been systematically targeting the Indian government and defense sector, deploying Rust-based malware for sophisticated intelligence gathering. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file here To …
Attacks, Vulnerabilities and Actors 18 December to 24 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of 15 executed attacks, 4 instances of adversary activity, and 7 exploited vulnerabilities, highlighting the …
MetaStealer a $125 Ticket to Digital Chaos
Summary: MetaStealer, a nefarious information-stealing malware, initially surfaced in discreet online marketplaces with a pricing structure of USD 125 per month or USD 1000 for an unlimited subscription, subsequently becoming entangled in malvertising campaigns. Threat Level – Red | Attack Report For a detailed threat …
Bandook a 2007 Legacy Still Thriving in the Threat Landscape
Summary: The Bandook malware is a persistent remote access trojan (RAT) that surfaced in 2007. Programmed in Delphi and C++, it has evolved through various iterations over the years and has historical associations with Dark Caracal. It featured prominently in a campaign dubbed ‘Operation Manul’. …
Zero-Click Outlook RCE Exploitation Chain in Windows
Summary: Two vulnerabilities (CVE-2023-35384 and CVE-2023-36710) in Microsoft Windows can be chained to achieve remote code execution (RCE) on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a malicious …
Muddywater Utilizes Custom Tools to Target Telecom Companies
Summary: Iranian espionage group Muddywater,targeted telecommunications companies in Egypt, Sudan, and Tanzania in November 2023. The attackers employed a diverse set of tools for this activity, including leveraging the MuddyC2Go infrastructure. Additionally, they utilized the SimpleHelp remote access tool and Venom Proxy. The attackers also …