Attacks, Vulnerabilities and Actors 22 to 28 July 2024

For a detailed threat digest, download the pdf file here

Summary

HiveForce Labs has recently made substantial advancements in identifying cybersecurity threats. Within the past week alone, HiveForce Labs detected five executed attacks, reported five vulnerabilities, and identified one active adversary. These findings highlight the persistent and escalating danger of cyber intrusions.

Furthermore, a new Linux variant of the Play ransomware is now targeting VMware ESXi environments, marking a departure from its previous focus on Windows systems. Additionally, a critical-severity vulnerability in Docker Engine, identified as CVE-2024-41110, was initially discovered and addressed in Docker Engine v18.09.1, released in January 2019. However, the fix was not incorporated into subsequent versions, leading to the reemergence of the vulnerability.

Moreover, the EvilVideo vulnerability specifically targeted the Telegram app for Android and was advertised for sale on a Russian-speaking XSS hacking forum by a seller named 'Ancryno.' GhostEmperor, a highly sophisticated Chinese-speaking cyber threat actor, has been executing advanced cyber espionage campaigns since 2020, primarily targeting entities in Southeast Asia. These escalating threats present a significant and immediate danger to users worldwide.

Subscribe?to receive our weekly threat digests and newsletters directly in your inbox.