Month: September 2017

Retefe Trojan can leverage EternalBlue exploit

Delaware, USA – September 26, 2017 – Researchers from Proofpoint discovered that banking Trojan Retefe leveraged EternalBlue exploit. The last Retefe campaign targeted banks in Switzerland. Adversaries use this malware since 2013 in attacks against financial institutions in Central Europe, Britain and Japan. The Trojan redirects users to proxy servers hidden in the Tor network […]

Read More
SOC Prime team at Anomali Detect’17

Delaware, USA – September 22, 2017 – SOC Prime, Inc. announces that its team attends Anomali Detect’17. Andrii Bezverkhyi and Ruslan Mikhalov visit the Anomali’s threat intelligence event of the year that is held at the Gaylord National Resort & Convention Center, September 20 – 22, 2017 in National Harbor, Maryland. This year Anomali Detect […]

Read More
Recent Locky Ransomware Campaigns

Delaware, USA – September 21, 2017 – This year, Locky is the most commonly used Ransomware in the world. Almost every week researchers report mass spam campaigns (about 20 million emails per day) targeting residents of dozens of countries. Constant modifications and advanced methods of social engineering allow this virus to be very effective. Particularly […]

Read More
Detection of RDP Hijacking

Delaware, USA – September 19, 2017 – The possibility of RDP session hijacking in Microsoft Windows is known since 2011. In March of this year researcher Alexander Korznikov described detailed methods of hijacking in his blog. At the moment there are about 2.5 million open RDP servers in the world, and, according to the research, […]

Read More
Motiv ICT Security

PROBLEM Every day organizations face new kinds of attacks and theft attempts of valuable business data. Hackers are becoming more and more resourceful. A good example is current rise of ransomware, which takes sensitive data of a company as a hostage. With such a multitude of active threats, companies must not only know about them […]

Read More
Predictive Maintenance Update

Delaware, USA – September 14, 2017 – SOC Prime announces the release of the update for Predictive Maintenance platform for HPE ArcSight. Predictive Maintenance 3.4.6 has become even more convenient for large companies with a distributed network. Now you can deploy several PMs and forward data to Primary PM so you can have a full […]

Read More
Use Case Cloud is released!

Delaware, USA – September 11, 2017 — SOC Prime announces the release of Use Case Cloud. UCC platform has undergone significant changes and acquired many new features that will help improve the efficiency of your SIEM and greatly facilitate SOC operations. Make your SIEM smarter. Now SIEM content is integrated with MITRE ATT&CK. This will […]

Read More
Our Team at Protect 2017

London, UK – September 11, 2017 – SOC Prime reports that our team has already arrived at the conference and prepares for a session. The session “ArcSight vs AI cyber weapons: A field report from the epicenter of cyberwar” Session ID: T37837 (https://software-events.ext.hpe.com/protectsessionshome) will take place in a few hours, today at 14:45 PM in […]

Read More
SOC Prime grows its North American office

Delaware, USA – September 8, 2017 – SOC Prime, Inc. announces an expansion of its team in North America. Foluwa T. Rewane will lead our operations and customer communications in North America as an Executive Technical Account Manager. Foluwa has 15+ years of Technology Management experience that has allowed him to work within various aspects […]

Read More
Event Filtering in IBM QRadar

While configuring a SIEM tool (including IBM QRadar), administrators often make the wrong decision: “Let’s send all logs to SIEM, and then we’ll figure out what to do with them.” Such actions most often lead to enormous license utilization, huge workload on a SIEM tool, appearance of a cache queue, and sometimes to event loss. […]

Read More