Ivanti Addresses Zero-Day Vulnerability Exploited in Attacks
Summary: Ivanti has addressed two new high-severity vulnerabilities, CVE-2024-21893 and CVE-2024-21888, affecting its Connect Secure and Policy Secure products. CVE-2024-21893, in particular, has been actively exploited in the wild, posing a significant risk to affected systems. Threat Level – Red | Vulnerability Report For a …
CISA Known Exploited Vulnerability Catalog January 2024
For a detailed CISA’s KEV Catalog, download the pdf file here Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, …
UNC4990 Leverage Hosting Platforms in USB Infection Chain
Summary: UNC4990, a financially motivated threat actor, has been observed targeting organizations in Italy by utilizing weaponized USB drives as an initial infection vector. Additionally, they are employing trusted websites such as Vimeo, GitHub, and Ars Technica to host encoded payloads disguised within seemingly benign …
Critical Remote Code Execution Flaws Uncovered in Jenkins
Summary: Multiple vulnerabilities have been discovered in Jenkins and number of associated plugins, allowing attackers unauthorized data access and execute arbitrary commands. The critical vulnerability CVE-2024-23897, allows attackers to read system files and opens number of attack vectors associated with Remote Code Execution. Threat Level …
CherryTree Impostor Dubbed CherryLoader Makes Its Move
Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent control. Threat Level – Red | Attack Report For …
Malicious Google Ads Target Chinese Users, Covertly Delivering RATs
Summary: Chinese-speaking users are being targeted in an ongoing malvertising campaign that leverages Google ads. The threat actor employs Google advertiser accounts to create deceptive ads that lure users into downloading Remote Administration Trojans (RATs). The malicious ads are designed to mimic popular messaging platforms, …
FAUST: A Phobos Ransomware Variant Launches Fileless Attack
Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from untrusted …
Midnight Blizzard Exploiting Legacy OAuth for Lateral Movement
Summary: Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of multi-factor authentication (MFA). The attackers leveraged this access to move laterally within Microsoft’s network, potentially exfiltrating data and gaining broader control. Threat Level – Red …
Attacks, Vulnerabilities and Actors 22 January to 28 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, three instances of adversary activity, and three exploited vulnerabilities, highlighting the …
AllaKore RAT’s Grip Tightens on Mexican Financial Institutions
Summary: A threat actor has been targeting Mexican banks and cryptocurrency trading since at least 2021. Using custom installers, the actor distributes a modified version of the AllaKore RAT, an open-source remote access tool. The campaign cleverly mimics the Mexican Social Security Institute (IMSS) in …