Tag: Detection Content

SOC Prime Threat Bounty — May 2023 Results
SOC Prime Threat Bounty — May 2023 Results

Threat Bounty Publications In May, members of the Threat Bounty community submitted 426 rules for a chance of publication to the SOC Prime Platform for monetization. After consideration and validation by SOC Prime’s team, 81 detections were successfully published. Explore Detections We are happy to report that the information provided during the Threat Bounty Developer […]

Read More
UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations
UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations

Just a couple of weeks ago, CERT-UA raised awareness among the global cyber defender community about an ongoing cyber-espionage campaign targeting Ukraine and organizations in Central Asia linked to the UAC-0063 group. In early June, CERT-UA researchers issued another alert covering the long-term cyber-espionage activity mainly exploiting the email attack vector and targeting Ukrainian government […]

Read More
SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective
SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective

Embrace Your Cyber Defense Arsenal: Choose a Tool Tailored for Your Unique Cyber Defense Journey SOC Prime equips every cyber defender with a global threat detection platform for collective cyber defense. To help cyber defenders drive immediate value from SOC Prime Platform based on their current security needs, SOC Prime has launched a new three-pronged […]

Read More
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations

Hot on the heels of the maximum severity flaw in GitLab software known as CVE-2023-2825, another critical vulnerability comes to the scene, creating a significant buzz in the cyber threat landscape. At the turn of June 2023, Progress Software uncovered a critical vulnerability in MOVEit Transfer that can lead to privilege escalation and instantly issued […]

Read More
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations

Driving Cost-Efficient, Zero-Trust, and Multi-Cloud Security Backed by Collective Expertise SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic […]

Read More
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks

Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of  May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]

Read More
Interview with Threat Bounty Developer – Mustafa Gurkan Karakaya
Interview with Threat Bounty Developer – Mustafa Gurkan Karakaya

Today, we want to introduce to SOC Prime’s community one of the most active members of the Threat Bounty Program and the author of validated detections available on the SOC Prime Platform. Meet Mustafa Gürkan Karakaya, who has been demonstrating his expert cybersecurity knowledge and the potential for further development since he joined the Program […]

Read More
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw

GitLab has recently issued its latest critical security update v. 16.0.1, addressing a path traverse vulnerability tracked as CVE-2023-2825 with a CVSS score reaching the maximum limit of 10.0. The update affects installations running version 16.0.0., with earlier software versions being not impacted. The successful exploitation of a highly critical security bug enables unauthenticated adversaries […]

Read More
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure

For years, China has been launching offensive operations aimed at collecting intelligence and gathering sensitive data from U.S. and global organizations in multiple industries, with attacks frequently related to nation-backed APT groups, like Mustang Panda or APT41. On May 24, 2023, NSA, CISA, and FBA, in conjunction with other U.S. and international authoring agencies, issued […]

Read More
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop

We are delighted to announce that SOC Prime will be speaking at the Eleventh EU MITRE ATT&CK® Community Workshop, which takes place in Brussels on May 26, 2023. The upcoming event connects cybersecurity professionals from across the globe in a single venue fostering information exchange and enabling anyone to learn best industry practices from their […]

Read More