Tag: Detection Content

CVE-2022-21907
Detect CVE-2022-21907: A Wormable RCE in Windows Server

Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]

Read More
Threat Bounty Program
SOC Prime Threat Bounty — December 2021 Results

December ‘21 Results In December 2021, Threat Bounty Program developers contributed 219 new detections to the SOC Prime Platform. To ensure the continuous quality enhancement of the published content, 231 rules earlier released by Threat Bounty authors were improved and updated.  SOC Prime Threat Bounty results for the previous month are available in NOVEMBER ‘21 […]

Read More
Destructive Cyber-Attack Against Ukrainian Government

Overview, Analysis, and Lessons Learned On January 13, 2021, a massive data-wiping cyber-attack hit Ukraine, taking down the online assets of the country’s government. As of January 17, 2021, up to 70 websites experienced temporary performance issues due to the intrusion, including the Cabinet, seven ministries, the Treasury, the National Emergency Service, and the state […]

Read More
Latest Zloader Campaign Abuses Microsoft Signature Verification

Zloader (aka Terdot and DELoader) is raging worldwide, evading banking systems’ defenses. Not something one expects to find under their Christmas trees, especially accompanied by the calamitous Log4j Vulnerability, but these are some crazy times we live in. According to the researchers, Zloader attack routines are growing in scale and sophistication, adopting diversified techniques and […]

Read More
SysJoker Malware Detection

New Year, fresh start! And for threat actors as well. Meet a brand-new backdoor malware that has been increasingly hitting the cyber domain throughout the last couple of months. Dubbed SysJoker, the threat obtains powerful evasion capabilities while being able to target major operating systems, including Windows, Linux, and macOS. SysJoker Malware Analysis SysJocker malware […]

Read More
CVE-2021-45046, CVE-2021-44228 Detection: Vulnerabilities in Log4j Java Library

Yet another splitting headache for SOC teams — beware of the hottest Log4j vulnerability CVE-2021-45046! The cybersecurity world has just been shaken by an increasing amount of exploitation attempts for CVE-2021-44228, a critical zero-day vulnerability affecting the Apache Log4j Java logging library, while another high-severity Log4j RCE flaw tracked as CVE-2021-45046 comes on the scene.  […]

Read More
Detect CVE-2021-42287, CVE-2021-42278 Exploitation Сhain

Adversaries have found a way to obtain full admin rights to the Active Directory (AD) domains by weaponizing CVE-2021-42287 and CVE-2021-42278 vulnerabilities. The nefarious exploitation chain enables Active Directory domain impersonation in just a couple of clicks. A batch of vulnerabilities tied to this exploitation chain drove the attention of security professionals in November 2021. […]

Read More
Detecting Grafana Zero-Day Vulnerability (CVE-2021-43798)

Brace yourself for the new zero-day vulnerability exploited in the wild. A recently-disclosed flaw affects Grafana, multi-platform open source analytics and interactive visualization app used by organizations globally to track and understand the metrics of their data. After the vulnerability details were occasionally leaked online, the multitude of proof-of-concept exploits spread over Twitter and GitHub, […]

Read More
Detecting CVE-2021-44515: Zero-Day in Zoho ManageEngine Desktop Central

Stay alert! Threat actors are actively leveraging the new zero-day vulnerability (CVE-2021-44515) in Zoho ManageEngine Desktop Central products to attack businesses worldwide. The flaw is a critical authentication bypass issue that enables hackers to gain unauthorized access and execute arbitrary code on vulnerable servers.  CVE-2021-44515 Description Zoho ManageEngine Desktop Central is a widely-used management utility […]

Read More
Cyber Threat Intelligence Promo
SOC Prime Launches Cyber Threat Intelligence Promo

Cyber Monday is over, but not the hot deals from SOC Prime. In December 2021, we launch the Cyber Threat Intelligence Promo to break the limits on Community content views for SOC Prime users for the remainder of the year!  Powered by its Detection as Code Platform, SOC Prime curates Threat Detection Marketplace, the world’s […]

Read More