How to become a Threat Hunter? This question is extremely popular in the cybersecurity community. The next important question is how to advance your Threat Hunting career. In both cases, obtaining professional certifications is the best answer. Whether youāre a beginner or an accomplished specialist, continuous learning is what helps you become the best version […]
LockBit threat actors have been recently under the spotlight in the cyber domain. In July 2022, the hacking collective hit the headlines by introducing the first-ever bug bounty program launched by a ransomware gang. In the latest cyber-attacks, the notorious ransomware group applies Living-off-the-Land tools by abusing the legitimate Microsoft Defenderās command-line utility to deploy […]
A good threat hunt is unthinkable without useful pieces of software that help to navigate enormous pools of data. How can you tell the difference between good, bad, and benign? Analyzing all the intelligence, logs, history, and research data with one pair of eyes (even multiplied by many human Threat Hunters) would have taken years. […]
Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.Ā […]
Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoftās Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackersā control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]
Just two days after the nefarious CVE-2022-30190 aka FollinaĀ was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]
SOC Prime is thrilled to participate in the Ninth EU MITRE ATT&CKĀ® Community Workshop taking place in Brussels, June 2, 2022. The upcoming event will host security practitioners and offer insights into the latest updates to the MITRE ATT&CK framework for enhanced cyber defense. The program includes a series of peer sessions and informative presentations […]
In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]
On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]