The infamous Lazarus APT group (aka HiddenCobra, APT37) was yet again spotted agitating the world of cyber. This time security analysts revealed a highly targeted cyber-espionage campaign aimed at major manufacturing and electrical industry enterprises across Europe. Lazarus Toolset and Attack Scenario The initial attack vector used by Lazarus hackers was similar to that leveraged […]
Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]
This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers āsecurity and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]
Boston, MA, November 25, 2020 (GLOBE NEWSWIRE) ā SOC Prime, the leader in Continuous Security Intelligence, today has made generally available the Hyperdrive add-on for its Threat Detection Marketplace, the worldās largest platform for SOC content. This newly released add-on helps companies to rapidly build up cyber defense capabilities in the specific threat area relevant […]
It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]
In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale. CVE-2020-14882 Overview […]
Last week the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a joint security advisory related to recently discovered cyberattacks of Russian state-sponsored cyber-espionage unit. Energetic Bear (also known as Dragonfly, Crouching Yeti, TEMP.Isotope, TeamSpy, Berserk Bear, Havex, and Koala) is actively interested in the US elections this time around. Over […]
Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the worldās largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]
Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]
Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]