Tag: Detection Content

Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)

On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]

Read More
Silver Sparrow: New Mac Malware Silently Infects Users for Mysterious Purpose

Cybersecurity analysts have detected a sophisticated malware sample that attacks Apple users in the wild. The joint research from Red Canary, Malwarebytes, and VMWare Carbon Black details that approximately 30,000 hosts across 153 countries have been compromised by the new threat dubbed Silver Sparrow. The topmost infection rates were spotted in the United States, Canada, […]

Read More
Zeoticus 2.0: Nasty Ransomware Strain Receives Major Upgrade

Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide.  What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]

Read More
Centreon Software Vendor Hacked in a Long-Lasting Campaign by Sandworm APT

The French National Agency for the Security of Information Systems (ANSSI) revealed a three-year-long operation launched by Sandworm APT against major IT and web hosting providers in France. The ANSSI advisory details that the campaign started back in 2017 and resulted in a series of subsequent breaches, including the compromise of Centreon, a monitoring software […]

Read More
Microsoft Addressed a 12-Years-Old Privilege Escalation Vulnerability in Windows Defender

In February 2021, Microsoft patched a privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that might provide threat actors with the ability to gain admin rights on the vulnerable host and disable pre-installed security products. SentinelOne experts, who revealed the issue, report that the flaw was introduced back in 2009 and stayed undisclosed […]

Read More
MuddyWater APT Uses ScreenConnect to Spy on Middle East Governments

Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]

Read More
Oracle WebLogic Server Vulnerability (CVE-2021-2109) Results in Complete Server Takeover

A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]

Read More
New Zoom Phishing Abuses Constant Contact to Bypass SEGs

The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]

Read More
Quasar RAT: Detecting Malicious Successors

Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]

Read More
Detection for Sysmon with Threat Detection Marketplace

At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]

Read More