We are happy to announce that we have hit another major milestone on the way to delivering continuous security intelligence to the worldwide community. In a strong collaboration between the SOC Prime Team and our Threat Bounty Developer Program members, at the beginning of March 2021, we reached the number of 100,000 Detection and Response […]
HAFNIUM APT Exploits Microsoft Exchange Zero-Days to Steal Data and Install Malware In January 2021, security researchers from Violexity revealed a long-term malicious operation launched by China-affiliated HAFNIUM APT against a number of unnamed organizations. Threat actors leveraged a set of previously undisclosed zero-day vulnerabilities in Microsoft Exchange to access sensitive corporate information and perform […]
On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]
On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]
Cybersecurity analysts have detected a sophisticated malware sample that attacks Apple users in the wild. The joint research from Red Canary, Malwarebytes, and VMWare Carbon Black details that approximately 30,000 hosts across 153 countries have been compromised by the new threat dubbed Silver Sparrow. The topmost infection rates were spotted in the United States, Canada, […]
Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide. What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]
The French National Agency for the Security of Information Systems (ANSSI) revealed a three-year-long operation launched by Sandworm APT against major IT and web hosting providers in France. The ANSSI advisory details that the campaign started back in 2017 and resulted in a series of subsequent breaches, including the compromise of Centreon, a monitoring software […]
In February 2021, Microsoft patched a privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that might provide threat actors with the ability to gain admin rights on the vulnerable host and disable pre-installed security products. SentinelOne experts, who revealed the issue, report that the flaw was introduced back in 2009 and stayed undisclosed […]
Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]
A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]