Tag: Detection Content

CISA’s Binding Operational Directive 22-01
Detecting Vulnerabilities Prioritized in CISA’s Binding Operational Directive 22-01

To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]

Read More
BlackMatter ransomware
BlackMatter Ransomware Detection

BlackMatter ransomware is on the rise, hitting high-profile targets across the US, Europe, and Asia. Being an off-spring of the infamous DarkSide hacking collective, BlackMatter adopted the most prolific tactics from its predecessor to crash into the big ransomware game during July 2021. The joint advisory by CISA, FBI, and NSA attributes multiple attacks against […]

Read More
Nobelium detection
NOBELIUM APT Attacks Global IT Supply Chain to Spy on Downstream Customers

Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]

Read More
MysterySnail Attack Detection

Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]

Read More
Atom Silo Ransomware
Detecting Atom Silo Ransomware Infections

Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]

Read More
Threat Bounty
SOC Prime Threat Bounty — September 2021 Results

In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform.  More than […]

Read More
Why Facebook Was Down
What Is BGP and How Its Failure Took Facebook Down?

On October 4, 2021, Facebook – and all the major services Facebook owns – went down for approximately six hours. The social media “blackout” started at 11:40 Eastern Time (ET) right after Facebook Domain Name System (DNS) records had become unavailable. The incident analysis from Cloudflare details that DNS names for Facebook just stopped resolving, […]

Read More
FoggyWeb Detection
FoggyWeb Backdoor Detection

Microsoft has recently uncovered yet another piece of malware leveraged by the infamous NOBELIUM APT group since spring 2021. The new threat, dubbed FoggyWeb, acts as a post-exploitation backdoor able to exfiltrate information from Active Directory Federation Services (AD FS) servers. Malware has been used in targeted attacks against multiple organizations globally while staying unnoticed […]

Read More
Detect CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server

Last week security researchers identified a severe security hole affecting Apache HTTP Server. The flaw (CVE-2021-41773) enables unauthorized adversaries to access the sensitive data stored on the web server via a path traversal attack. The vulnerability immediately drove the attention of hackers being massively exploited in the wild despite the patch released on October 5, […]

Read More
ZLoader detection
Detecting Zloader Campaigns

Notorious Zloader banking Trojan is back with a brand new attack routine and evasive capabilities. Latest Zloader campaigns leverage a new infection vector switching from spam and phishing to malicious Google ads. Furthermore, a sophisticated mechanism to disable Microsoft Defender modules helps Zloader to fly under the radar.  According to the researchers, the latest shift […]

Read More