Month: October 2017

Delaware, USA – October 20, 2017 – Leviathan hacker group has been engaged in cyber espionage for about three years. Their primary targets are research institutions, as well as defense and naval industries mainly located in the US and Western Europe. Researchers from Proofpoint revealed details of Leviathan’s latest attacks. In the most recent campaigns, […]

Delaware, USA – October 20, 2017 – SOC Prime, Inc. announces a new partnership with doIT Solutions GmbH. doIT Solutions was founded in 2010 and now provides large companies with modern security solutions, focusing on their flexibility and reliability, as well as ease of operation. The company aims to provide its customers with the most […]

In the previous article, we examined Additional Data fields and how to use them. But what if events do not have needed/required/necessary information even in Additional Data fields? You may always face the situation when events in ArcSight don’t contain all needed information for Analysts. E.g., user ID instead of username, host ID instead of […]

Delaware, USA – October 18, 2017 – BAE Systems, the company involved in the investigation of the recent theft of $ 60 million from a bank in Taiwan, reported on its blog about new details. At the moment, the bank managed to return most of the funds, and two suspects that were detained in Sri […]

While working with SIEM, eventually you come across a situation where your tool requires to be updated to the latest version, moved to a different data center or migrated to a more productive installation. An integral part of this is the creation of backups and the subsequent transfer of data, configurations or customized content to […]

Delaware, USA – October 17, 2017 – According to researchers from Kaspersky Lab, BlackOasis APT uses a new vulnerability in Adobe Flash (CVE-2017-11292) to deliver FinSpy spyware. Adobe has already released the patch for this vulnerability. Exploiting of CVE-2017-11292 allows adversaries to execute code on assets running most operating systems. Hackers from BlackOasis APT group […]

Simple integration helps search for malicious processes Greetings Everyone! Let’s continue to turn Splunk into a multipurpose tool that can quickly detect any threat. My last article described how to create correlation events using Alerts. Now I’ll tell you how to make a simple integration with Virus Total base. Many of us use Sysmon in […]

Delaware, USA – October 16, 2017 – Researchers from Trend Micro report an attack on financial institutions in several former Soviet Republics. Adversaries leveraged business process compromise attack to steal approximately 40 million dollars. In this cases, adversaries exploited the overdraft limit on payment cards: they sent emails to banks’ customers with a proposal to […]

Delaware, USA – October 13, 2017 – Researchers from Cisco Talos reported a targeted attack on a number of organizations in the US, in which adversaries used fileless Remote Access Tool DNSMessenger. This campaign is notable for the leveraging of a compromised government server, and the method of distribution. Malicious emails were disguised as messages […]

Delaware, USA – October 12, 2017 – Researchers from ICEBRG actively monitor the activities of the FIN7 hacker group and recently discovered significant changes in their techniques. One of the primary tools of FIN7, the backdoor HALFBAKED, is continuously being changed and modified by attackers. The latest detected modification is able to extract the auto-complete […]