New macOS Backdoor Stealthily Stealing Cryptowallets
Summary: MacOS users have reported infections resulting from the use of cracked software, exposing a previously undisclosed stealer malware that has the capability to collect data from cryptocurrency wallets and system configurations. Threat Level – Amber | Attack Report For a detailed threat advisory, download the …
Art of Impersonation Poses a Threat to Korean IT Powerhouses
Summary: Malicious entities have adeptly employed advanced strategies, masquerading as reputable Korean IT companies. The overarching objective is to establish persistence, achieved through the deployment of RATs such as AsyncRAT and VenomRAT. Threat Level – Amber | Attack Report For a detailed threat advisory, download the …
Critical GoAnywhere MFT Flaw Allows Attackers to Become Admins
Summary: A critical authentication bypass vulnerability (CVE-2024-0204) in Fortra GoAnywhere MFT enables attackers to create new admin users with full privileges, potentially leading to data exfiltration, malware deployment, and further attacks within the network. Threat Level – Red | Vulnerability Report For a detailed threat …
Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses
Summary: The ransomware operation ‘Kasseika’ has recently been identified using the Bring Your Own Vulnerable Driver (BYOVD) tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the malware gains privileges to terminate …
Critical RCE Flaw in Atlassian Confluence Sparks Active Exploitation
Summary: CVE-2023-22527 is a critical Remote Code Execution vulnerability in outdated Atlassian Confluence versions, actively exploited by malicious actors. Immediate patching to recommended versions is crucial, as nearly 40,000 exploitation attempts have been recorded within three days of disclosure. Threat Level – Red | Vulnerability …
NS-STEALER Utilizes Discord Bots for Covert Exfiltration of Sensitive Data
Summary: A recently discovered Java-based information stealer, named NS-STEALER, employs a Discord bot channel as an EventListener to exfiltrate sensitive data from compromised hosts. This malware is distributed through ZIP archives that disguise themselves as cracked software. Threat Level – Amber | Attack Report For …
ScarCruft Unleashes Tailored Attacks on Cybersecurity Frontlines
Summary: The ScarCruft APT group is actively targeting attacks on media organizations and individuals in the realm of threat intelligence. ScarCruft employs persistent tactics, using phishing emails to deliver RokRAT, a custom-designed backdoor. Threat Level – Amber | Attack Report For a detailed threat advisory, download …
Apple Fixes First Actively Exploited Zero-day of 2024
Summary: The CVE-2024-23222 vulnerability in Apple’s WebKit is actively being exploited, as the processing of maliciously crafted web content may result in arbitrary code execution, posing a severe threat to the security and control of affected tvOS, iPhones, iPads, and macOS. Immediate updating is crucial …
Attacks, Vulnerabilities and Actors 15 January to 21 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of six executed attacks, two instances of adversary activity, and eight exploited vulnerability, highlighting the …
ZLoader’s Resurgence after Two Years in the Shadows
Summary: Zloader is a highly sophisticated Trojan originating from the leaked Zeus source code. Notable for its adaptive nature, the malware continuously evolved through each campaign since its debut in August 2015. After nearly two years of dormancy, Zloader reemerged with new iterations. Threat Level …