Tag: Detection Content

SOC Prime Mentioned as a Detection Content Provider in the 2021 Gartner, SIEM Magic Quadrant
SOC Prime Mentioned as a Detection Content Provider in the 2021 Gartner, SIEM Magic Quadrant

SOC Prime mentioned as a detection content provider for the second year in a row Boston, MA — SOC Prime, Inc., the leader in Detection as Code and Continuous Security Intelligence, recently announced it has been mentioned for the second year in a row in the 2021 Gartner, Magic Quadrant for Security Information and Event […]

Read More
Detect PrintNightmare (CVE-2021-1675) Exploitation Attempts
Detect PrintNightmare (CVE-2021-1675) Exploitation Attempts

A notorious remote code execution (RCE) bug in Windows Print Spooler allows attackers to achieve full system compromise on the unpatched instances. The vulnerability, dubbed PrintNightmare (CVE-2021-1675), was initially rated as a low-severity issue that enables privilege escalation to admin on the targeted hosts. However, after deep-dive research by experts who discovered the potential for […]

Read More
BazarLoader Malware Detection
BazarLoader Malware Detection

Experts warn about an unusual approach to infect targets with BazarLoader — a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]

Read More
LockBit Ransomware Detection
LockBit Ransomware Detection

Despite being a relatively new player in the cyber threat arena, LockiBit ransomware quickly earned the fame of a prolific and dangerous malware strain. During 2020-2021, LockBit was consistently included in the list of the most active and notorious malicious samples. To achieve this, LockBit maintainers leverage Ransomware-as-a-Service (RaaS) model to involve more affiliates and […]

Read More
Novel Epsilon Red Ransomware Targets Unpatched Microsoft Exchange Servers
Novel Epsilon Red Ransomware Targets Unpatched Microsoft Exchange Servers

REvil gang may stand behind the brand-new malware variant that explicitly attacks enterprise Microsoft Exchange servers to penetrate corporate networks. The new threat relies on a batch of PowerShell scripts weaponized to exploit known vulnerabilities for final payload delivery. Currently, researchers confirmed at least one successful attack ended up in a 4.29BTC ($210,000) ransom payment. […]

Read More
Detect Wormable RCE Vulnerability (CVE-2021-31166) in Windows HTTP.sys
Detect Wormable RCE Vulnerability (CVE-2021-31166) in Windows HTTP.sys

Microsoft has recently fixed a highly critical bug (CVE-2021-31166), which enables remote code execution with kernel rights on the machines running Windows 10 and Windows Server. The vendor warns that this flaw is wormable and could self-propagate across multiple servers inside the organizational network to cause maximum harm. The Proof of Concept (PoC) exploit has […]

Read More
Rapid7 Has Fallen Victim to Codecov Supply Chain Attack
Rapid7 Has Fallen Victim to Codecov Supply Chain Attack

A major cybersecurity company Rapid7 announced that a limited number of its source code repositories were exposed in course of the Codecov supply chain attack. According to the official statement, the compromised repos contained internal credentials and alert-related data for its Managed Detection and Response (MDR) clients. Codecov Supply Chain Attack On April 15, 2021, […]

Read More
Detecting FragAttacks: Overview of Newly Discovered WiFi Flaws
Detecting FragAttacks: Overview of Newly Discovered WiFi Flaws

Yet another time security practitioners should brace themselves and check their coffee supplies due to a set of recently identified vulnerabilities in the Wi-Fi standard. Collectively called FragAttacks, these flaws affect nearly all wireless-enabled devices and allow adversaries to take control over the vulnerable systems to intercept secret information. Mathy Vanhoef, a security expert who […]

Read More
Detect DarkSide Ransomware with SOC Prime
Detect DarkSide Ransomware with SOC Prime

DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]

Read More
SystemBC Malware Increasingly Used as Ransomware Backdoor
SystemBC Malware Increasingly Used as Ransomware Backdoor

A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]

Read More