PaperCut has recently reported that the company’s application servers are vulnerable to a critical RCE flaw known as CVE-2023-27350, with a CVSS of 9.8. As a response to a growing number of exploitation attempts, CISA added the discovered bug to its Known Exploited Vulnerabilities (KEV) catalog. Detect CVE-2023-27350 Exploitation Attempts Proactive detection of vulnerability exploitation […]
Cybersecurity researchers have uncovered a new malware family called Domino attributed to the adversary activity of the financially motivated russia-backed FIN7 APT group. Cyber defenders also link the use of Domino with another former hacking group known as Trickbot aka Conti, which has been applied in the malicious campaign by the latter threat actors since […]
The notorious North Korean hacking collective Lazarus Group, also tracked as APT38, Dark Seoul, or Hidden Cobra, has earned its reputation as high-profile nation-backed threat actors, mainly targeting cryptocurrency companies. In the newly discovered malicious campaign dubbed DeathNote, adversaries are shifting their focus by primarily setting eyes on the defense organizations along with automotive and […]
With the tax season in full swing, threat actors are setting eyes on financial organizations. According to the latest cybersecurity reports, U.S. accounting firms and other financial institutions have fallen prey to a series of adversary campaigns spreading GuLoader malware since March 2022. Threat actors spread the GuLoader malicious samples by leveraging a phishing attack […]
With a growing number of zero-day flaws affecting widely used software products, proactive detection of vulnerability exploitation has been among the most prevalent security use cases since 2021. Microsoft has recently issued a series of security updates relevant to critical flaws affecting its products, including a patch for a zero-day actively exploited in the wild […]
Threat Bounty Publications During March, our keen Threat Bounty content authors submitted 423 rules for verification by SOC Prime. However, all Threat Bounty detections undergo validation by our internal content verification team, who examine the rules one by one and make decisions on content publication to the SOC Prime Platform. Notwithstanding the persistence and objection […]
With a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the outbreak of the full-fledged war, cyber defenders are looking for ways to help Ukraine and its allies boost their cyber resilience. On April 3, 2023, CERT-UA issued a new alert covering the […]
Cybersecurity experts have uncovered an ongoing adversary campaign exploiting 3CXDesktopApp, a software application for business communication used by 12 million customers worldwide. According to the reports, threat actors gain initial access to the compromised environment, deploy payloads, and then attempt to drop info-stealing malware capable of hijacking login credentials at the final attack stage. Detecting […]
Stay alert! Adversaries set eyes on Aspena Faspex, an IBM file-exchange application frequently used by large enterprises to speed up file transfer procedures. Specifically, threat actors attempt to leverage a pre-authenticated remote code execution (RCE) vulnerability (CVE-2022-47986) affecting the app to proceed with ransomware attacks. At least two ransomware collectives were spotted exploiting CVE-2022-47986, including […]
Heads up! A novel infostealer is making a splash in the cyber threat arena targeting macOS users. Cybersecurity researchers have observed a novel MacStealer macOS malware that steals user credentials and other sensitive data stored in the iCloud KeyChain, web browsers, and crypto wallets. Detecting MacStealer MacOS Malware Being yet another infostealing malware surfacing in […]