Delaware, USA – October 10, 2019 – The National Cybersecurity Agency of France (ANSSI) published two reports on cyberattacks targeted at service providers, design offices, government bodies, and other strategic entities. The first report reveals details about separate attacks on service providers and design offices, in one of which attackers use mainly the PlugX backdoor. PlugX […]
We keep interviewing the developers of our Threat Bounty Program (https://my.socprime.com/en/tdm-developers) to encourage cybersecurity professionals to develop more Sigma rules, share their threat-detection content and build a stronger community. The previous interview is here https://socprime.com/blog/interview-with-developer-florian-roth/ Meet Thomas Patzke Thomas is one of the most inspiring experts in the cybersecurity community who has 13+ years of […]
Delaware, USA – October 8, 2019 – Well-known groups of financially-motivated cybercriminals not only do not remain aloof from continuing to gain popularity in skimming attacks but in fact, are leaders against the background of young hacking teams. At the end of summer, IBM X-Force IRIS linked Magecart Group 6 to FIN6, showing that the […]
Delaware, USA – October 7, 2019 – Last week, three hospitals of the DCH Health System were attacked by the Ryuk gang and were forced to close the doors and accept only critical patients. The attack took place on October 1, and for several days IT personal with the help of law enforcement and independent […]
Delaware, USA – October 4, 2019 – The new sophisticated remote access trojan by Turla APT not only provides attackers with full access to the victim’s system but also modifies Chrome and Firefox browsers to manipulate digital certificates and mark outbound TLS traffic with unique host-related identifiers. Kaspersky Lab researchers discovered Reductor RAT during the […]
Delaware, USA – October 3, 2019 – The campaign lasted at least until the end of September, and researchers associate it with the activities of the Gorgon group. The Prevailion team found a financially motivated campaign, which began last year and uses legitimate resources to infect victims with Azorult or RevengeRAT malware, and for command-and-control […]
SOC Prime Threat Detection Marketplace (SOC Prime TDM) is a community-based library of relevant and actionable threat detection content that has been uniting cybersecurity content authors to stand on the defensive of cyberspace to deliver the best content to the community for more than five years already. SOC Prime TDM provides ready-made tested Rule Packs, […]
Delaware, USA – October 2, 2019 – An ongoing campaign by one of the Chinese cyber-espionage groups targets technology companies in Southeast Asia. BlackBerry Cylance discovered a campaign lasting about two years and distributing a modified PcShare backdoor and trojanized Narrator executable. According to a recent Crowdstrike report on the activity of state-sponsored hackers, Chinese […]
Delaware, USA – October 1, 2019 – Adversaries take advantage of the fact that many antivirus solutions do not carefully scan OpenDocument Text files. Security researchers at the Cisco Talos team have discovered the use of ODT files to spread malware in several campaigns targeting English and Arabic speaking users. The files used are archives […]
Delaware, USA – September 30, 2019 – One of the most sophisticated Magecart groups is exploring new ways to steal payment card data. IBM X-Force team discovered Magecart scripts which can be deployed on Level 7 routers that are capable of manipulating traffic at the application level. It is not known whether scripts were used […]