Year: 2017

A new wave of attacks using Loki Infostealer

Delaware, USA ā€“ December 26, 2017 ā€“ Several campaigns spreading Loki Infostealer were detected in December. Campaigns differ in both distribution methods and malware modifications. Trojan Loki is a modular malware, anyone can buy it on Darknet forums and its functionality varies depending on the modification. In addition, hackers do not hesitate to crack this […]

Read More
Massive Brute Force Campaign Targets WordPress Sites

Delaware, USA ā€“ December 21, 2017 ā€“ This Monday, Wordfence company reported on the start of massive brute force campaign against WordPress websites. There are more than 10,000 IPs from different countries involved in this attack. Employees of security firm recorded splashes exceeding 14 million attempts of password guessing per hour that targeted approximately 200,000 […]

Read More
The activity of GratefulPOS is increased for the holidays

Delaware, USA ā€“ December 20, 2017 ā€“ Researchers from the RSA FirstWatch division reported on a campaign distributing the GratefulPOS malware discovered about a month ago. The virus itself is based on a code of a number of other malware intended for attacks on POS systems. At the time of publication, it is not known […]

Read More
SOC Prime is Nominated for Several Awards

Delaware, USA ā€“ December 15, 2017 ā€“ SOC Prime enters nomination in the ‘Fastest Growing Cybersecurity Company’ category at Cybersecurity Excellence Awards. You can vote for us here: https://cybersecurity-excellence-awards.com/candidates/soc-prime In less than two weeks, the company will reach the mark of three years in cybersecurity, and during this period SOC Prime has grown up from […]

Read More
SSL Framework Now Detects Vulnerabilities That Can Lead to ROBOT Attack

Delaware, USA ā€“ December 14, 2017 ā€“ SSL Framework Advanced for ArcSight is already available in Use Case Cloud. In the next few days, use cases for QRadar and Splunk will be released. SSL Framework helps more than 100 companies around the world to monitor their external SSL certificates in real time, to learn about […]

Read More
New content for IBM QRadar in Use Case Cloud

Delaware, USA ā€“ December 12, 2017 ā€“ New content for IBM QRadar is added to Use Case Cloud. These are DNS Security Check Advanced and External Top Domains Baseline Basic SIEM use cases. DNS Security Check is one of the most high-demand use cases, and the Advanced version of this package will allow organizations to […]

Read More
Ursnif v3 Attacks Business and Corporate Banking Users in Australia

Delaware, USA ā€“ November 30, 2017 ā€“ Researchers from IBM X-Force discovered a new version of Ursnif banking trojan (also known as Gozi). This version is although created on the basis of the code that was leaked in 2010 and it significantly differs from the other trojans of this family, which allows suggesting that there […]

Read More
Necurs Botnet Started to Spread Scarab Ransomware

Delaware, USA ā€“ November 28, 2017 ā€“ The infamous botnet Necurs has recently begun to distribute new Scarab Ransomware. In the first wave of a spam campaign, the botnet sent over 12 million malicious emails. Attackers used the tactic that was tested in Locky campaigns: the subject of phishing emails was “Scanned from [Lexmark, Canon, […]

Read More
DNS Security Check Advanced for Arcsight is available in UCC

Delaware, USA ā€“ November 27, 2017 ā€“ DNS Security Check Advanced for ArcSight was released. Basic version of this use case is one of the most popular turn-key content in Use Case Cloud as it helps provide a basis for DNS protocol monitoring. It visualizes and automatically notifies the SIEM administrator about all discovered misconfigurations […]

Read More
Integrating QRadar with VirusTotal

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

Read More