Tag: Detection Content

Enable Continuous Content Management with the SOC Prime Platform

With the release of the SOC Prime Platform for collaborative cyber defense, threat hunting, and threat discovery, the capabilities to fully automate detection content streaming have been also taken to a new level. Now, the Continuous Content Management module is available to all users registered on the SOC Prime Platform with a corporate email address, […]

Read More
CVE-2021-22005
Detect Critical VMware vCenter Vulnerability (CVE-2021-22005) Exploitation Attempts

On September 24, 2021, CISA issued an alert warning about multiple exploitation attempts for а critical vulnerability (CVE-2021-22005) in VMware vCenter Server. A heavy number of scans for the vulnerable servers broke forth after the Vietnamese security researcher Jang published an incomplete exploit for CVE-2021-2205. Jang’s technical notes were enough for experienced hackers to produce […]

Read More
Microsoft Exchange ProxyShell Attack
Microsoft Exchange ProxyShell Attack Detection

Thousands of Microsoft Exchange servers remain vulnerable to ProxyShell remote code execution vulnerabilities despite the patches issued in April-May. To make things even worse, security researchers are observing a significant spike in scans for vulnerable Exchange servers, after the technical overview of the ProxyShell attack was revealed at the Black Hat conference on August 4-5, […]

Read More
interview Onur Atali
Interview with Threat Bounty Developer: Onur Atali

Meet the latest newscast about the SOC Prime Developers community! Today we want to introduce Onur Atali, a keen developer contributing to our Threat Bounty Program since June 2021. Onur is an active content creator, concentrating his efforts on Sigma rules. You can refer to Onur’s detections of the highest quality and value in Threat […]

Read More
Pulse Connect Secure Patch Bypass
CVE-2021-22937 Detection: Patch Bypass Vulnerability in Pulse Connect Secure

Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]

Read More
PetitPotam Attack Detection
PetitPotam NTLM Relay Attack Detection

July continues to be an effortful month for Microsoft. After the critical PrintNightmare (CVE-2021-1675) and HiveNightmare (CVE-2021-36934) vulnerabilities, security researchers have identified a critical security gap that might result in a complete Windows domain compromise. The issue, dubbed PetitPotam, takes advantage of the Encrypting File System Remote Protocol (MS-EFSRPC) and allows attackers to proceed with […]

Read More
DevilsTongue Detection
DevilsTongue Spyware Detection

Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]

Read More
HiveNightmare (CVE-2021-36934) detection
Detect HiveNightmare (CVE-2021-36934) Exploitation Attempts

July 2021 proceeds to be a really hot and tough month in terms of the loud cybersecurity events. While the world of cyber is still recovering from PrintNighmare vulnerability (CVE-2021-1675), Kaseya supply chain attack, and SolarWinds Serv-U zero-day (CVE-2021-35211), Windows has officially announced a new notorious flaw within its products. A recently disclosed HiveNightmare (aka […]

Read More
SolarWinds Serv-U Zero-Day (CVE-2021-35211) Detection

A  critical zero-day bug (CVE-2021-35211), existing in SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products, has been repeatedly exploited in the wild by a China-baked hacker collective, Microsoft reveals. The flaw provides threat actors with the ability to execute arbitrary code remotely and reach the full system compromise. CVE-2021-35211 Description According to […]

Read More
WildPressure Malware Detection

WildPressure ATP group, known for its repeating attacks against the oil and gas sector in the Middle East, has recently upgraded its malicious toolkit with a new version of Milum Trojan. The enhancements made to the strain allow adversaries to compromise macOS devices alongside traditional Windows systems. According to security experts, the Trojan is able […]

Read More