June ā22 Updates This June we introduced several significant updates related to SOC Primeās Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authorsā achievements on a dedicated page. Also, the beta version […]
Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]
The notorious Cobalt Strike Beacon malware has been actively distributed by multiple hacking collectives in spring 2022 as part of the ongoing cyber war against Ukraine, mainly leveraged in targeted phishing attacks on Ukrainian state bodies. On July 6, 2022, CERT-UA released an alert warning of a new malicious email campaign targeting Ukrainian government entities. […]
The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]
Zohoās ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zohoās products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products.Ā On […]
Instantly Explore the Executable Binary References Linked to Sigma Rules for More Insightful Contextual Information SOC Prime has recently released integration for its cyber threats search engine with EchoTrail.io database. Now, SOC Prime users can streamline threat investigation with the comprehensive information about executable binaries (filenames or hashes) launched on Windows, accessible right from our […]
Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]
The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoftās Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackersā control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]
On June 20, 2022, CERT-UA issued two separate alerts that warn the global cybersecurity community of a new wave of cyber-attacks on Ukrainian organizations weaponizing the nefarious zero-day vulnerability actively exploited in the wild and tracked as CVE-2022-30190 aka Follina. In the CERT-UA#4842 alert, cybersecurity researchers unveiled the malicious activity by a hacking group identified […]