Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]
Hot on the heels of nasty JetBrains TeamCity vulnerabilities (CVE-2024-27198, CVE-2024-2719), security experts reveal a new RCE affecting Microsoft Outlook. Authenticated adversaries might leverage the security issue to execute malicious code on the impacted instance, achieving extensive control over it. Although the vulnerability was patched by Microsoft in February 2024, the vendor classifies it as […]
Threat Bounty Publications In February, the members of the Threat Bounty program submitted more than 350 detections for review by the SOC Prime Team. After the review by the content verification team, 70 rules were successfully published on the SOC Prime Platform. During the verification, the SOC Prime Team provided more than 400 content rejection […]
A new malware iteration dubbed TODDLERSHARK comes into the spotlight in the cyber threat arena, which bears a striking similarity with BABYSHARK or ReconShark malicious strains leveraged by the North Korean APT group known as Kimsuky APT. The infection chain is triggered by weaponizing a couple of critical ConnectWise ScreenConnect vulnerabilities tracked as CVE-2024-1708 and […]
A couple of months after the massive exploitation of CVE-2023-42793, novel critical vulnerabilities in JetBrains TeamCity came into the spotlight, exposing affected users to the risks of the complete compromise of the impacted systems. Tracked as CVE-2024-27198 and CVE-2024-27199, the discovered security flaws can give unauthenticated attackers the green light to gain administrative control of […]
The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]
Apple has patched a notorious security gap affecting its Shortcuts app. The high-severity flaw enables adversaries to collect sensitive info without user consent. The uncovered zero-click Shortcuts vulnerability tracked as CVE-2024-23204 poses risks to user privacy, enabling threat actors to access sensitive data on the compromised device without the user’s permission. Detect CVE-2024-23204 Exploits With […]
Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
The nefarious China-backed Earth Preta APT also known as Mustang Panda has been targeting Asian countries in the long-lasting adversary campaign, which applied an advanced iteration of PlugX malware dubbed DOPLUGS. Detecting Earth Preta Attacks Using DOPLUGS Malware The year 2023 has been marked by the escalating activity of APT collectives reflecting the influence of […]
Today, we want to introduce to the SOC Prime’s community a talented and devoted member of the Threat Bounty Program and detection content author – Phyo Paing Htun, who has been publishing detections to the SOC Prime Platform since December 2022. Rules by Phyo Paing Htun Tell us about yourself and why you decided to […]