Tag: Detection Content

SOC Prime Hyperdrive Helps SOC Teams Obtain and Customize Threat Detection Content Faster

Boston, MA, November 25, 2020 (GLOBE NEWSWIRE) — SOC Prime, the leader in Continuous Security Intelligence, today has made generally available the Hyperdrive add-on for its Threat Detection Marketplace, the world’s largest platform for SOC content. This newly released add-on helps companies to rapidly build up cyber defense capabilities in the specific threat area relevant […]

Read More
Ransomware Detection with Existing Technologies

It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]

Read More
CVE-2020-14882

In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale.  CVE-2020-14882 Overview […]

Read More
Energetic Bear Cyber Attack Detection

Last week the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a joint security advisory related to recently discovered cyberattacks of Russian state-sponsored cyber-espionage unit. Energetic Bear (also known as Dragonfly, Crouching Yeti, TEMP.Isotope, TeamSpy, Berserk Bear, Havex, and Koala) is actively interested in the US elections this time around. Over […]

Read More
Phobos Ransomware Detection: SOC Content Against EKING Attacks

Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]

Read More
Mount Locker Ransomware

Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]

Read More
Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More
In a Quest for Dridex Malware

To reach their evil goals, hackers are sending waves of malspam to targeted victims. Numerous strains of Dridex malware flatten out institutions and customers of the financial sector, and a new iteration of Dridex attack was noticed again after a period of inactivity earlier this month, Unit 42 reports. About Dridex Attacks First malspam attacks […]

Read More
Behaviour Analysis of Redline Stealer

Infostealers occupy a special place among malware, since, with their simplicity, they very effectively cope with their primary tasks: to collect all potentially valuable information in the system, exfiltrate it to the command-and-control server, and then delete themselves and traces of their activities. They are used by both beginners and advanced threat actors, and there are […]

Read More
Nanocore RAT Detection

Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]

Read More