The increasing menace posed by nation-state actors continuously increases with new sophisticated attack methods adopted by APT collectives and a massive shift towards stealthiness & operational security. Recently, security researchers revealed a destructive campaign against Israeli organizations launched by an Iran-affiliated hacker group dubbed Agonizing Serpens (aka Agrius, BlackShadow). The main objective of this offensive […]
In the last five years, Chinese nation-backed offensive campaigns have evolved into more sophisticated, stealthy, and well-coordinated threats as compared to previous years. This transformation is characterized by the extensive exploitation of zero-days and known vulnerabilities in publicly accessible security and network instances. Additionally, there is a stronger focus on operational security, aimed at reducing […]
Just over a month after the disclosure of a critical Confluence zero-day tracked as CVE-2023-22515, a novel vulnerability emerges in the cyber threat arena impacting Atlassian products. Adversaries are setting eyes on a recently fixed and maximum severity vulnerability known as CVE-2023-22518 in all versions of Confluence Data Center and Confluence Server, which enables them […]
At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]
Vulnerabilities affecting popular software expose thousands of organizations in diverse industry sectors to severe threats. October has been rich in uncovering critical security flaws in widely used software products, like CVE-2023-4966, a hazardous Citrix NetScaler vulnerability, and CVE-2023-20198 zero-day affecting Cisco IOS XE. In the last decade of October 2023, defenders warned the global community […]
Offensive forces continuously look for new ways to gain access to the domain environment and sustain their presence by leveraging multiple attack vectors and experimenting with diverse adversary tools and techniques. For instance, they can take advantage of revealed security flaws as in the case of adversary attempts to exploit the vulnerability in Microsoft’s Windows […]
Adding to the list of critical Citrix NetScaler zero-days, security researchers warn of a new dangerous vulnerability (CVE-2023-4966) continuously exploited in the wild despite a patch issued in October. Marked as an information-disclosure flaw, CVE-2023-4966 enables threat actors to hijack existing authenticated sessions and potentially result in a multifactor authentication (MFA) bypass. According to security […]
Microsoft 365 (M365) is leveraged by over a million global companies, which can pose severe threats to the customers relying on this popular software in case of compromise. Since it possesses a set of default configurations, adversaries can set their eyes on them and exploit the latter exposing affected users to significant security risks, which […]
Hard on the heels of a new surge in the long-running Balada Injector campaign exploiting CVE-2023-3169, another critical security bug in popular software products comes to the spotlight. A new privilege escalation vulnerability affecting Cisco IOS XE software is actively exploited in the wild to help install implants on the impacted devices. The uncovered zero-day […]
Meet the new Threat Bounty Program digest that covers the recent news and updates of SOC Prime’s crowdsourced detection engineering initiative. Threat Bounty Content Submissions In September, the members of the Threat Bounty Program submitted 629 rules for review by the SOC Prime team before the publication for monetization. After the review and quality assessment, […]