News

MegaCortex Ransomware Attacks Organizations in Europe and North America

Delaware, USA – May 6, 2019 – Since the beginning of the month, a new player on the ransomware scene has already conducted several dozen attacks on corporate networks. Sophos researchers continue the investigation and report that organizations in the United States, Italy, Canada, France, Ireland, and the Netherlands have become targets of MegaCortex ransomware […]

SOC Prime is Attending Workshop – EU ATT&CK Community

Delaware, USA – May 3, 2019 – SOC Prime team will be in Brussels next week where Workshop – EU ATT&CK Community will take place on Thursday-Friday 9-10 May. This is the third workshop of EU ATT&CK Community which is organized by practitioners and for practitioners with an interest in the use of the MITRE […]

A2 Hosting is Hit by GlobeImposter 2.0 Ransomware

Delaware, USA – May 2, 2019 – Ransomware attack on a US-based web hosting provider disabled the company’s Windows servers for eight days. As reported by A2 Hosting, the incident occurred on April 22, the security team detected the file encryption process on Windows hosting servers and shut down all of them to prevent the […]

Emotet Malware Starts to Use IoT Devices as Proxy

Delaware, USA – April 30, 2019 – The authors of Emotet improved their trojan by starting to use the new evasion technique and adding a new level of protection for command-and-control infrastructure. Researchers at Trend Micro analyzed the new campaign and discovered that the trojan now does not send data directly to C&C servers, instead […]

Oracle WebLogic Components Trigger Zero-Day Vulnerability

Delaware, USA – April 26, 2019 – A zero-day vulnerability in Oracle WebLogic allows attackers to remotely execute arbitrary code and it is already used in the wild. The security flaw was discovered on Sunday by KnownSec 404’s researchers, they notified the developer, but so far there is no official response from Oracle. Judging by […]

TA505 Group Pushes Signed ServHelper Backdoor

Delaware, USA – April 25, 2019 – The researchers intercepted the attack of the TA505 hacker group targeted at a large financial organization and analyzed the techniques and tools of cybercriminals. TA505 has been conducting its operations for about 5 years; previously, the group used large-scale malspam campaigns to distribute RATs, ransomware and banking trojans. […]

Operation ShadowHammer Hits at Least Six More Companies

Delaware, USA – April 24, 2019 – New details about the operation ShadowHammer affecting tens of thousands of systems around the world have published. Experts of Kaspersky Lab linked the distribution of the trojanized ASUS Live Updater to the supply-chain attack by the infamous Chinese Winnti group, in addition, they found three more victims of […]

Carabank’s Tool Source Code is Leaked

Delaware, USA – April 23, 2019 – Security researcher Nick Carr uncovered two archives containing the full source code of Carabank’s backdoor including code of never-before-seen plugins uploaded to VirusTotal. The Carabank group (also known as Anunak, Cobalt Group or FIN7) has been active since at least 2014, they have been attacking financial institutions around […]

Aggah Campaign Spreads RevengeRAT Using Legitimate Services

Delaware, USA – April 22, 2019 – At the end of March, a large-scale campaign to distribute RevengeRAT using Pastebin, BlogSpot, and Bit.ly was uncovered. Palo Alto Networks’ researchers admit that the campaign is being conducted by the Pakistani threat actor ‘Gorgon Group‘, but so far there is not enough evidence to state this with […]

Developer Program Launch

Delaware, USA – April 19, 2019 – SOC Prime, Inc. announces Developer program for the global Threat Detection Marketplace. SOC Prime and the TDM platform has, first and foremost, always been focused on enabling the security community through our open-source and free to access tools. We’re doubling down on that commitment by introducing the Developer […]