Month: June 2019

APT10 Spies for Eight Major Technology Companies

Delaware, USA – June 27, 2019 – Six more victims of the Cloud Hopper campaign became known. The campaign targeting Managed Service Providers conducted by APT10 was discovered at the end of last year, and now Reuters publishes the results of the investigation, in which Tata Consultancy Services, Dimension Data, Computer Sciences Corporation, NTT Data, […]

Read More
LokiBot and NanoCore RAT Lurking in ISO Files

Delaware, USA – June 26, 2019 – Spam campaigns spreading LokiBot and NanoСore RAT started in April, and by the end of June, researchers from Netskope discovered 10 samples of malicious attachments used in the campaigns. The ISO Image file format is unusual for this type of attack since attachments have large size (1-2 megabytes). […]

Read More
OSX/Linker Exploits Zero-Day to Bypass Gatekeeper

Delaware, USA – June 25, 2019 – Researchers have discovered the first OSX/Linker malware samples exploiting the unpatched vulnerability in Gatekeeper, for which proof-of-concept is publicly available for more than a month. Security researcher Filippo Cavallarin published PoC on his blog after the 90-day deadline had elapsed since notifying Apple of the vulnerability and the […]

Read More
Turla APT Hijacks OilRig Infrastructure

Delaware, USA – June 24, 2019 – One of the most notorious APT groups secretly used OilRig (aka APT34 or Crambus) infrastructure to attack the government entity in a Middle Eastern country. This is a rare, but not unique, case in which one of the cyber espionage groups hacks the servers of another group in […]

Read More
DanaBot targets Europe

Delaware, USA – June 21, 2019 – Another phishing campaign with the upgraded DanaBot trojan is reported to target Poland and Italy. The new DanaBot strain comes with a Blitzkrieg ransomware module that changes the extension of the encrypted files to .non. Initially, the DanaBot malware was observed during the phishing campaign in Australia back […]

Read More
The Victimized Riviera Beach Pays Ransom

The officials of Riviera Beach, Florida, held a meeting and voted to pay the ransom of 65 bitcoins ($603,000) to regain access to the local services that had been knocked down by the ransomware attack earlier in May 2019. The ransomware attack paralyzed the operations of the Riviera Beach city services including website, billing system, […]

Read More
Production of ASCO Stymied by Ransomware

Delaware, USA – June 18, 2019 – One of the leaders of airplane parts manufacturing was informed to have shut down operations at its plants because of a large-scale ransomware attack. Asco Industries who is the leader in the design and manufacture of major functional components for Boeing and Airbus commercial passenger jets, Airbus A400M […]

Read More
Daily Challenges of CFO in Cyber Security Company

I have been working in the company since its founding in 2015, and during this time SOC Prime has evolved from a small startup into a rapidly growing international company. Our employees are also growing professionally to keep up with the pace of development. For each of us, working at SOC Prime brought forth unexpected […]

Read More
Spike in Skimming Attacks on Magento Stores

Delaware, USA – June 13, 2019 – After publishing a proof-of-concept code for a critical vulnerability in the Magento content management system, the number of successful compromises of online stores increases significantly every month. Security update for the PRODSECBUG-2198 flaw was released at the end of March, and its exploitation began in less than a […]

Read More
RCE Vulnerabilities in NTLM Receive Patches

Delaware, USA – June 12, 2019 – Microsoft released monthly updates yesterday patching 88 vulnerabilities, 21 of which are critical. Among the patched vulnerabilities are CVE-2019-1040 and CVE-2019-1019 which affect Microsoft’s NTLM authentication protocol and their exploitation allow adversaries to bypass all major NTLM protection mechanisms on all Windows versions. Preempt researchers have published a […]

Read More