Tag: Detection Content

CVE-2023-24055 Detection: Notorious Vulnerability in KeePass Potentially Exposing Cleartext Passwords

Stay alert! Security researchers have discovered a notorious vulnerability posing a serious threat to users of a popular password manager KeePass. A security flaw, tracked as CVE-2023-24055, might affect KeePass version 2.5x, potentially allowing attackers to obtain stored passwords in cleartext.  CVE-2023-24055 Detection With proof-of-concept (PoC) exploit available, and in view that KeePass is one […]

Read More
Detect CVE-2022-47966 Exploits: Critical Zoho ManageEngine RCE Vulnerability Under Active Exploitation

Another day, another critical RCE making rounds in the cyberthreat arena. This time security practitioners are urged to patch ASAP against a critical remote code execution bug (CVE-2022-47966) affecting multiple Zoho ManageEngine products. Since the proof of concept (PoC) exploit was publicly released last week, experts have observed a huge spike of in-the-wild attacks leveraging […]

Read More
Rhadamanthys Malware Detection: New Infostealer Spread via Google Ads & Spam Emails to Target Crypto Wallets and Dump Sensitive Information

Security experts have shed light on a novel malicious sample hiding in the malicious arena, an evasive stealer dubbed Rhadamanthys. The malware is commonly distributed via Google ads redirecting compromised users to phishing webpages disguised as widely-used legitimate software.  Detect Rhadamanthys Malware In view of the increasing popularity of Rhadamanthys stealer being broadly distributed in […]

Read More
CVE-2022-42475 Detection
CVE-2022-42475 Detection: Zero-Day Vulnerability in FortiOS SSL-VPN Exploited in Attacks Against Government Entities and Large Organizations

Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe.  Detect CVE-2022-42475: […]

Read More
SOC Prime Threat Bounty —  December 2022 Results

December ‘22 Publications During the last month of the year 2022,  Threat Bounty developers managed to submit 441 rules to review by SOC Prime Team for a chance of publication to the Platform for monetization. The submitted rules were reviewed by a team of seasoned engineers, and based on the collective decisions, 126 rules were […]

Read More
Raspberry Robin Malware Detection: Enhanced Worm-Like Version Attacking European Financial Institutions

No matter the holiday season, adversaries have no vacation inventing new malicious tricks to target unsuspecting victims. Last week, security researchers uncovered an enhanced variant of the worm-like Raspberry Robin malware dropper leveraged to target financial and insurance companies across European countries. Experts specifically note that Rasperry Robin received a significant upgrade, including complex obfuscation […]

Read More
russia-Backed Turla Group on the Rise
Turla Activity Detection: russian Cyberespionage Group Targeting Ukraine Uses Decade-Old USB-Delivered Andromeda Malware to Spread Novel Backdoors

With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]

Read More
SOC Prime Introduces The Prime Hunt

Simplify Threat Investigation with a Single UI for All Threat Hunters, Right Within Your Browser SOC Prime launches The Prime Hunt v 1.1.1, an open-source browser extension for threat hunting that acts as the industry-first platform-agnostic UI for all threat hunters, no matter what SIEM or EDR they use. The tool enables security engineers to […]

Read More
BlueNoroff Group Attack Detection
BlueNoroff Group Activity Detection: Threat Actors Apply Novel Methods to Bypass Windows Mark-of-the-Web (MoTW) Protection

BlueNoroff, which is part of the larger Lazarus Group, is a financially-motivated hacking collective striving to gain financial benefits from its offensive capabilities. The group, known for stealing cryptocurrency and commonly applying Word documents and LNK files for initial intrusion, has currently been leveraging new adversary methods. In the latest attacks, BlueNoroff experiments with new […]

Read More
IcedID Botnet Detection
IcedID Botnet Detection: Malvertising Attacks Abusing Google Pay-Per-Click (PPC) Ads

In late December 2022, cybersecurity researchers observed a new burst of malicious activity distributing the noteworthy IcedID botnet. In this ongoing adversary campaign, threat actors abuse Google pay-per-click (PPC) ads to spread the novel variant of malware tracked as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Detecting IcedID Botnet Infections Through Malvertising In view that the IcedID botnet is constantly evolving, […]

Read More