Efficiency and collaboration are essential in cybersecurity. As part of the SOC Prime Platform, Uncoder AI is a a professional IDE & co-pilot for detection engiennering to streamline content creation and threat detection rule contribution. For those participating in the Threat Bounty Program, this tool makes it easier to contribute detection rules, collaborate with experts, […]
In today’s threat landscape, when the number and sophistication of cyber attacks are constantly rising, threat actors are targeting the most secure and critical systems across continents and industries. Organizations are continually improving their cyber defense posture, migrating to cloud-based security solutions that reportedly enhance real-time threat detection capabilities. Yet, as adversaries adopt new approaches, […]
The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022. ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]
A novel iteration of the RomCom malware family emerges in the cyber threat arena. The new malware, dubbed SnipBot, uses tricky anti-analysis techniques and a custom code obfuscation method to move laterally within the victim’s network and perform data exfiltration. Detect SnipBot Malware The notorious RomCom malware has resurfaced with a new SnipBot variant, actively […]
In today’s fast-moving technological landscape, organizations face unprecedented challenges in managing their security operations. When both threats and technologies change rapidly, organizations need the agility to adapt, migrate, and use multiple security solutions without being tied down by proprietary formats. Also, as the SIEM market evolves, vendors merge or pivot their offerings, and the organizations […]
In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]
Hackers are weaponizing PoC exploits for newly identified vulnerabilities in Progress Software WhatsUp Gold for in-the-wild attacks. Defenders have recently uncovered RCE attacks exploiting the critical SQL injection flaws tracked as CVE-2024-6670 and CVE-2024-6671. Notably, CVE-2024-6670 has been added to CISA’s Known Exploited Vulnerabilities Catalog. Detect CVE-2024-6670, CVE-2024-6671 Progress WhatsUp Gold Exploits In 2024, nearly […]
SOC Prime Recognizes Top Threat Bounty Researchers Mastering Uncoder AI SOC Prime continues to fuel the professional development of cybersecurity experts by recognizing and celebrating individual contributions to global cyber defense. Through the Threat Bounty Program, SOC Prime empowers skilled threat researchers and SIEM rules engineers to enhance their impact on collective cybersecurity efforts. Earlier […]
Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]
Detection Content Creation, Submission & Release August 2024 was challenging for the global cyber community, but it was also full of opportunities for SOC Prime’s Threat Bounty members to gain personal recognition and cash for their contributions. During August, 22 detections were successfully released to the SOC Prime Platform, and twice as many detections were […]