Volt Typhoon: A Cyber Threat to U.S. Critical Infrastructure
Summary: State-sponsored cyber actors from the People’s Republic of China, known as Volt Typhoon, are actively targeting critical infrastructure in the United States, employing sophisticated tactics like pre-compromise reconnaissance and living off-the-land techniques. Threat Level – Red | Attack Report For a detailed threat advisory, download …
JetBrains TeamCity Authentication Bypass Flaw, Paving the Way for Server Takeover
Summary: JetBrains addressed a critical security flaw in its TeamCity On-Premises product. The vulnerability identified as CVE-2024-23917, could potentially allow an unauthorized attacker with HTTP(S) access to a TeamCity server to circumvent authentication mechanisms and acquire administrative privileges over the affected server. Threat Level – …
Deceptive Crypto Sites A Breeding Ground for XPhase Clipper
Summary: A global malware campaign is actively targeting cryptocurrency enthusiasts, employing deceptive websites that masquerade as authentic cryptocurrency applications and ultimately leading to the execution of the XPhase Clipper payload. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file …
Mispadu Leverages CVE-2023-36025 Vulnerability in Latest Attack
Summary: A new variant of the Mispadu infostealer, a malware known for targeting Spanish and Portuguese speakers, specifically targets Mexican regions and leverages the CVE-2023-36025 vulnerability to gain access. It extends its data theft reach beyond previous versions, capturing browser history, cookies, and even cryptocurrency …
FritzFrog Expanding Its Lethal Reach with Frog4Shell
Summary: The recent activities surrounding the FritzFrog Golang-based botnet reveal in its iterations, the employment of an exploit called ‘Frog4Shell,’ capitalizing on the Log4Shell vulnerability. Threat Level – Red | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat …
Ukraine Hit by Cyber Attack 2,000+ Computers Infected by DIRTYMOE
Summary: The UAC-0027 group executed a sophisticated cyber attack against Ukrainian organizations. Their weapon of choice was the notorious DIRTYMOE (PURPLEFOX) malware. This modular malware has been active for over half a decade and poses a serious threat. Threat Level – Amber | Attack Report …
EventLogCrasher Flaw Not Serviced by Microsoft
Summary: A recently identified vulnerability, known as EventLogCrasher, poses a significant risk to Windows platforms by allowing authenticated attackers to disrupt the Windows Event Log service. This vulnerability affects all iterations of Windows and has yet to be addressed by Microsoft, lacking an assigned CVE …
Attacks, Vulnerabilities and Actors 29 January to 4 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and six exploited vulnerabilities, highlighting the …
Leaky Vessels in Cloud Environments Shake Docker and Beyond
Summary: Four vulnerabilities, collectively termed ‘Leaky Vessels,’ have been uncovered within container engine components, specifically affecting the runC command line tool. In the most severe instances, illicit entry into the underlying host operating system could result in the compromise of vital credentials, empowering adversaries to …