Meet the latest newscast about the SOC Prime Developers community! Today we want to introduce Onur Atali, a keen developer contributing to our Threat Bounty Program since June 2021. Onur is an active content creator, concentrating his efforts on Sigma rules. You can refer to Onur’s detections of the highest quality and value in Threat […]
Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]
July continues to be an effortful month for Microsoft. After the critical PrintNightmare (CVE-2021-1675) and HiveNightmare (CVE-2021-36934) vulnerabilities, security researchers have identified a critical security gap that might result in a complete Windows domain compromise. The issue, dubbed PetitPotam, takes advantage of the Encrypting File System Remote Protocol (MS-EFSRPC) and allows attackers to proceed with […]
Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]
July 2021 proceeds to be a really hot and tough month in terms of the loud cybersecurity events. While the world of cyber is still recovering from PrintNighmare vulnerability (CVE-2021-1675), Kaseya supply chain attack, and SolarWinds Serv-U zero-day (CVE-2021-35211), Windows has officially announced a new notorious flaw within its products. A recently disclosed HiveNightmare (aka […]
A critical zero-day bug (CVE-2021-35211), existing in SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products, has been repeatedly exploited in the wild by a China-baked hacker collective, Microsoft reveals. The flaw provides threat actors with the ability to execute arbitrary code remotely and reach the full system compromise. CVE-2021-35211 Description According to […]
WildPressure ATP group, known for its repeating attacks against the oil and gas sector in the Middle East, has recently upgraded its malicious toolkit with a new version of Milum Trojan. The enhancements made to the strain allow adversaries to compromise macOS devices alongside traditional Windows systems. According to security experts, the Trojan is able […]
SOC Prime mentioned as a detection content provider for the second year in a row Boston, MA — SOC Prime, Inc., the leader in Detection as Code and Continuous Security Intelligence, recently announced it has been mentioned for the second year in a row in the 2021 Gartner, Magic Quadrant for Security Information and Event […]
A notorious remote code execution (RCE) bug in Windows Print Spooler allows attackers to achieve full system compromise on the unpatched instances. The vulnerability, dubbed PrintNightmare (CVE-2021-1675), was initially rated as a low-severity issue that enables privilege escalation to admin on the targeted hosts. However, after deep-dive research by experts who discovered the potential for […]
Experts warn about an unusual approach to infect targets with BazarLoader — a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]