29 Nov 2023

HAWKEYE Alert Advisory, CVE, Cybersecurity, Managed SOC Services, SIEM Permalink

CVE-2023-36553: Command Injection Vulnerability in FortiSIEM

HAWKEYE November 29, 2023

Fortinet, a major cybersecurity company, recently published an advisory regarding a critical vulnerability affecting its FortiSIEM Report Server.

Read More

28 Nov 2023

HAWKEYE Advanced Persistent Threat, Alert Advisory, Cybersecurity, Threat Hunting Permalink

DarkCasino: A New Emerging APT Threat Exploiting a WinRAR Flaw

HAWKEYE November 28, 2023

NSFOCUS researchers examined the DarkCasino attack pattern, which exploited the WinRAR zero-day vulnerability identified as CVE-2023-38831. The financially motivated APT group conducted phishing operations against forum participants via online trading forum posts using specially generated archives.

Read More

27 Nov 2023

HAWKEYE Alert Advisory, CVE, Cybersecurity, Managed SOC Services, Vulnerability Assessment Permalink

Critical Vulnerability Patched in SAP Business One Product

HAWKEYE November 27, 2023

SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. In addition, three previously revealed security vulnerabilities have had their security notes updated.

Read More

17 Nov 2023

HAWKEYE Alert Advisory, CVE, Cybersecurity, Managed SOC Services, Vulnerability Assessment Permalink

Exploitation of Apache ActiveMQ Vulnerability CVE-2023-46604

HAWKEYE November 17, 2023

Rapid7 Managed Detection and Response (MDR) found potential exploitation of Apache ActiveMQ CVE-2023-46604 in two distinct customer scenarios on Friday, October 27.

Read More

16 Nov 2023

HAWKEYE Alert Advisory, CVE, Cybersecurity, Managed SOC Services Permalink

CVE-2023-4966 (Citrix Bleed) Active Exploitation

HAWKEYE November 16, 2023

Citrix published a security bulletin on October 10, 2023, regarding a vulnerability (CVE-2023-4966) that affects the NetScaler ADC and NetScaler Gateway appliances and allows sensitive information disclosure. It enables unauthenticated attackers to steal sensitive data from on-premises appliances set as an AAA virtual server or a gateway.

Read More

06 Nov 2023

HAWKEYE Alert Advisory, Cybersecurity, Managed SOC Services, Vulnerability Assessment Permalink

CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

HAWKEYE November 6, 2023

BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These solutions include load balancing, a web application firewall, access control, and methods to improve application performance and mitigate DDoS attacks, emphasizing application availability and security.

Read More

03 Nov 2023

HAWKEYE Cybersecurity, Managed SOC Services, Security Operations Center, Threat Hunting Permalink

Leveraging DETT&CT Framework

HAWKEYE November 3, 2023

Building detection is a difficult task, particularly with an increasing number of data sources. It might be challenging for detection engineers to keep track of numerous data sources and the necessary detection rules for them, or to avoid creating duplicate detection rules that cover the same techniques.

Read More

31 Oct 2023

HAWKEYE Cybersecurity, Phishing Permalink

The Rise of IPFS Phishing

HAWKEYE October 31, 2023

Phishing attacks are still one of the most prevalent methods for threat actors to get access, and they pose a serious risk to an organization’s digital assets.

Read More

30 Oct 2023

HAWKEYE Cyber Threat Intelligence, Cybersecurity, Security Operations Center Permalink

DCSync Attacks Explained

HAWKEYE October 30, 2023

Once an attacker gets access to a Windows endpoint, they can access credentials saved in clear text or as a hash. It is possible to retrieve credentials from a compromised Windows endpoint using a number of practical methods.

Read More

27 Oct 2023

HAWKEYE Alert Advisory, Cybersecurity, Vulnerability Assessment Permalink

North Korean Attacks Exploiting JetBrains TeamCity Vulnerability

HAWKEYE October 27, 2023

More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server.

Read More

26 Oct 2023

HAWKEYE Alert Advisory, Cyber Threat Intelligence, Cybersecurity, Middle East Permalink

With Unique Implants, A New ShroudedSnooper Actor Targets Middle Eastern Telecom Companies

HAWKEYE October 26, 2023

State-sponsored actors and highly skilled adversaries have frequently targeted telecommunications businesses worldwide in recent years.

Read More

25 Oct 2023

HAWKEYE Cybersecurity, Vulnerability Assessment Permalink

CVE-2023-34039: Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks

HAWKEYE October 25, 2023

The VMware Aria management and monitoring package provides full-scope operations management, IT automation, log management, analytics creation, network visibility, and capacity planning for virtualized environments and hybrid clouds.

Read More

24 Oct 2023

HAWKEYE Alert Advisory, Cybersecurity, Malware Protection Permalink

Evidence Leads to Lazarus as the VMConnect Supply Chain Attack Continues

HAWKEYE October 24, 2023

Recently, Sonatype and Reversing Labs analyzed the fraudulent PyPI package ‘VMConnect,’ developed to imitate the authentic VMware vSphere connector module closely, ‘vConnector,’ but actually contains a malicious code.

Read More

22 Sep 2023

HAWKEYE Cybersecurity, Vulnerability Assessment Permalink

Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT

HAWKEYE September 22, 2023

A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT group, to spread the remote access trojan QuiteRAT.

Read More

21 Sep 2023

HAWKEYE Ransomware Protection, Vulnerability Assessment Permalink

Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability

HAWKEYE September 21, 2023

Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical infrastructure organizations and Latin American IT companies.

Read More

20 Sep 2023

HAWKEYE Cybersecurity, Vulnerability Assessment Permalink

CVE-2023-2868: Barracuda Still Being Exploited and Lessons Learned

HAWKEYE September 20, 2023

A significant remote command injection vulnerability was discovered in Barracuda Email Security Gateway (ESG) on May 20th, 2023, according to a security advisory issued by The Cybersecurity and Infrastructure Security Agence (CISA).

Read More

05 Sep 2023

HAWKEYE Advanced Persistent Threat, Alert Advisory, Cyber Security, Middle East Permalink

Alert Advisory: Supply Chain Attack by Iran’s APT34 Targets the UAE

HAWKEYE September 5, 2023

An Iranian threat group called OilRig typically targets businesses in the Middle East involved in various industries. Still, it has also sometimes attacked businesses outside of the Middle East. Additionally, it appears that OilRig engages in supply chain attacks, whereby the threat actor uses the trust among entities to attack its main targets.

Read More

28 Aug 2023

HAWKEYE Cyber Security, Phishing Permalink

PhishForce: In-the-wild Phishing of Facebook Accounts Using a Vulnerability in Salesforce’s Email Services

HAWKEYE August 28, 2023

We have been subjected to fraudulent emails from the early days of the internet, from intrusive spam to highly targeted and customized phishing efforts. Bad actors will always manage to keep one step ahead, coming up with new ways to bypass filtering laws and other regulations aimed to clean up our inboxes, despite substantial breakthroughs in email detection and blocking over the years.

Read More

16 Aug 2023

HAWKEYE Cyber Security, Security Operations Center Permalink

Monitoring USB Usages in OT Environments

HAWKEYE August 16, 2023

Industrial control systems are vital infrastructures that need strict security protocols, particularly those that operate in operational technology (OT) environments. Using USB devices in these settings raises certain red flags as they may bring malware or unapproved access.

Read More

10 Aug 2023

HAWKEYE Cyber Security, Malware Protection, Managed SOC Services, Threat Hunting Permalink

A Sneaky Cross-Platform Threat Targeting Redis Server: P2PInfect Worm

HAWKEYE August 10, 2023

Unit 42 cloud researchers discovered a new peer-to-peer (P2P) worm on July 11, 2023, which they have named P2PInfect.

Read More