With crypto mining attacks significantly increasing over the past couple of years, increasing awareness of cryptojacking is of paramount importance. Cybersecurity researchers have recently uncovered a massive cryptojacking campaign abusing free CI/CD service providers, with over 30 GitHub, 2,000 Heroku, and 900 Buddy accounts compromised. Dubbed PURPLEURCHIN, the malicious operation applies sophisticated obfuscation techniques and […]
Independent Audit Once Again Verifies SOC Prime’s Compliance with the SOC 2® Requirements We are thrilled to announce that SOC Prime has once again successfully completed the SOC 2 Type II audit conducted by I.S. Partners, LLC, one of the industry-leading internal controls attestation firms certified by the PCI Council as a Qualified Security Assessor. […]
In May 2022, Cuba ransomware maintainers resurfaced marking their loud entrance into the cyber threat arena by leveraging a novel custom remote access Trojan called ROMCOM (or RomCom) RAT. On October 22, 2010, CERT-UA warned the global cyber defender community of the ongoing phishing campaigns targeting Ukrainian officials with the email sender masquerading as the […]
Threat actors don’t sleep, and cyber defenders cannot sleep a wink either to keep up with emerging threats. In 2022, a wave of critical “shell” vulnerabilities has been flooding the cyber threat arena, starting with the loud appearance of Log4Shell at the turn of the year, followed by Spring4Shell in March, then ProxyNotShell just one […]
SOC Prime Threat Bounty Program keeps uniting enthusiastic and keen detection content developers who joined the community to contribute to collective cyber defense and monetize their exclusive detections on the SOC Prime Platform. Please meet Wirapong Petshagun who joined the Threat Bounty community in June 2022 and has been regularly publishing high-quality rules to help […]
Throughout 2021-2022, ransomware continues to be one of the dominant trends in the cyber threat landscape, illustrated by the increasing sophistication of intrusions and a rapidly growing number of ransomware affiliates. Cybersecurity researchers warn of the ongoing malicious campaigns, which target Windows users and distribute Magniber ransomware disguised as software updates. Detect Magniber Ransomware Magniber […]
September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]
Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]
A community-driven approach based on Detection-as-Code principles and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® enables intelligent-driven threat detection, cost-efficient and cross-platform threat investigation, and instant access to detections for critical threats. SOC Prime’s platform aggregates over 200,000 pieces of detection content easily convertible to 25+ SIEM, EDR, and XDR formats and aligned with […]
BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]