Blog

Rapid7 Has Fallen Victim to Codecov Supply Chain Attack

A major cybersecurity company Rapid7 announced that a limited number of its source code repositories were exposed in course of the Codecov supply chain attack. According to the official statement, the compromised repos contained internal credentials and alert-related data for its Managed Detection and Response (MDR) clients. Codecov Supply Chain Attack On April 15, 2021, […]

Read More
Detecting FragAttacks: Overview of Newly Discovered WiFi Flaws

Yet another time security practitioners should brace themselves and check their coffee supplies due to a set of recently identified vulnerabilities in the Wi-Fi standard. Collectively called FragAttacks, these flaws affect nearly all wireless-enabled devices and allow adversaries to take control over the vulnerable systems to intercept secret information. Mathy Vanhoef, a security expert who […]

Read More
Detect DarkSide Ransomware with SOC Prime

DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]

Read More
SystemBC Malware Increasingly Used as Ransomware Backdoor

A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]

Read More
Creating Microsoft Azure Sentinel Rules in Your SIEM Instance

SOC Prime Threat Detection Marketplace provides access to 6,000+ Microsoft Azure Sentinel detections, including Queries, Rules, Functions, and Incident Response Playbooks mapped directly to MITRE ATT&CK® to match your organization-specific needs. You can seamlessly find the most relevant detections by applying the Microsoft sorting option and deploy content in a matter of clicks to your […]

Read More
Operation TunnelSnake: Moriya Rootkit Detection

Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]

Read More
Detect Privilege Escalation Vulnerabilities (CVE-2021-21551) in Dell BIOS Driver

Dell computers worldwide are potentially vulnerable to attacks due to high-severity flaws introduced back in 2009. According to experts, a set of five issues tracked together as CVE-2021-21551 affects Dell DBUtil driver and allows adversaries to gain kernel-mode privileges on the affected machines. Although CVE-2021-21551 has been present in the driver for more than a […]

Read More
Ivanti Patches Critical Pulse Connect Secure Flaws Under Active Exploitation

On May 3, 2021, Ivanti issued a security update addressing highly critical security holes in its Pulse Connect Secure SSL VPN appliance. The flaws have been reportedly used by APT actors to target government agencies, critical infrastructure objects, and private firms across the U.S. Pulse Connect Secure Vulnerabilities According to the CISA security alert from […]

Read More
Prometei Botnet Exploits Unpatched Microsoft Exchange Vulnerabilities for Propagation

Security researchers reveal a significant shift in malicious tactics of the Prometei botnet, which is now capable of leveraging the “ProxyLogon” exploit for Windows Exchange servers to penetrate the targeted network and drop cryptojacking malware onto users’ machines. Although the main objective is to mine Monero by exploiting the processing powers of the infected instances, […]

Read More
Passwordstate Supply Chain Attack Exposes 29K Companies to the Risk of Compromise

Australian software producer Click Studios has fallen victim to a security breach that resulted in a supply-chain attack. In April 2020, adversaries successfully compromised the upgrade mechanism of Click Studios’ Passwordstate enterprise password management app to deliver Moserpass malware onto the users’ devices. The number of affected customers is currently unknown, however, the vendor claims […]

Read More