Adversaries are searching for new means of turning up the heat, this time bringing new, Rust-written ransomware to attack organizations in the U.S., Europe, Australia, India, and the Philippines. ALPHV BlackCat ransomware developers target Windows and Linux OSs through 3rd party framework/toolset (e.g., Cobalt Strike) or by exploiting vulnerable applications. The BlackCat gang is now […]
What goes on in the dark must come out in the light. Security experts have revealed an especially dangerous 12-year-old bug affecting nearly all Linux hosts. The flaw enables full root access on literally any Linux machine for a local, unprivileged threat actor if successfully exploited. CVE-2021-4034 (PwnKit) Description While the cyber domain is still […]
Catch the latest newscast about SOC Prime’s community! Today we want to introduce Nattatorn Chuensangarun, a prolific detection content author contributing to our Threat Bounty Program since August 2021. Nattatorn is an active content developer, concentrating his efforts on Sigma rules. You can refer to Nattatorn’s detections of the highest quality and value in the […]
A newly minted UEFI firmware malicious implant dubbed “MoonBounce” is ravaging in the wild. The threat is believed to be the handiwork of a Chinese-speaking APT41 hacking gang, aka Double Dragon or Winnti. This UEFI rootkit is set out to cause a stir, having already obtained the title of the most stealthy of all the […]
Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]
December ‘21 Results In December 2021, Threat Bounty Program developers contributed 219 new detections to the SOC Prime Platform. To ensure the continuous quality enhancement of the published content, 231 rules earlier released by Threat Bounty authors were improved and updated. SOC Prime Threat Bounty results for the previous month are available in NOVEMBER ‘21 […]
Overview, Analysis, and Lessons Learned On January 13, 2021, a massive data-wiping cyber-attack hit Ukraine, taking down the online assets of the country’s government. As of January 17, 2021, up to 70 websites experienced temporary performance issues due to the intrusion, including the Cabinet, seven ministries, the Treasury, the National Emergency Service, and the state […]
Zloader (aka Terdot and DELoader) is raging worldwide, evading banking systems’ defenses. Not something one expects to find under their Christmas trees, especially accompanied by the calamitous Log4j Vulnerability, but these are some crazy times we live in. According to the researchers, Zloader attack routines are growing in scale and sophistication, adopting diversified techniques and […]
New Year, fresh start! And for threat actors as well. Meet a brand-new backdoor malware that has been increasingly hitting the cyber domain throughout the last couple of months. Dubbed SysJoker, the threat obtains powerful evasion capabilities while being able to target major operating systems, including Windows, Linux, and macOS. SysJoker Malware Analysis SysJocker malware […]
Yet another splitting headache for SOC teams — beware of the hottest Log4j vulnerability CVE-2021-45046! The cybersecurity world has just been shaken by an increasing amount of exploitation attempts for CVE-2021-44228, a critical zero-day vulnerability affecting the Apache Log4j Java logging library, while another high-severity Log4j RCE flaw tracked as CVE-2021-45046 comes on the scene. […]