Tag: Detection Content

Operation TunnelSnake: Moriya Rootkit Detection
Operation TunnelSnake: Moriya Rootkit Detection

Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]

Read More
Detect Privilege Escalation Vulnerabilities (CVE-2021-21551) in Dell BIOS Driver
Detect Privilege Escalation Vulnerabilities (CVE-2021-21551) in Dell BIOS Driver

Dell computers worldwide are potentially vulnerable to attacks due to high-severity flaws introduced back in 2009. According to experts, a set of five issues tracked together as CVE-2021-21551 affects Dell DBUtil driver and allows adversaries to gain kernel-mode privileges on the affected machines. Although CVE-2021-21551 has been present in the driver for more than a […]

Read More
Ivanti Patches Critical Pulse Connect Secure Flaws Under Active Exploitation
Ivanti Patches Critical Pulse Connect Secure Flaws Under Active Exploitation

On May 3, 2021, Ivanti issued a security update addressing highly critical security holes in its Pulse Connect Secure SSL VPN appliance. The flaws have been reportedly used by APT actors to target government agencies, critical infrastructure objects, and private firms across the U.S. Pulse Connect Secure Vulnerabilities According to the CISA security alert from […]

Read More
Passwordstate Supply Chain Attack Exposes 29K Companies to the Risk of Compromise
Passwordstate Supply Chain Attack Exposes 29K Companies to the Risk of Compromise

Australian software producer Click Studios has fallen victim to a security breach that resulted in a supply-chain attack. In April 2020, adversaries successfully compromised the upgrade mechanism of Click Studios’ Passwordstate enterprise password management app to deliver Moserpass malware onto the users’ devices. The number of affected customers is currently unknown, however, the vendor claims […]

Read More
Interview with Threat Bounty Developer: Shelly Raban
Interview with Threat Bounty Developer: Shelly Raban

Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of […]

Read More
Pulse Connect Secure Vulnerabilities Are Exploited in Ongoing Attacks Against High-Profile Targets
Pulse Connect Secure Vulnerabilities Are Exploited in Ongoing Attacks Against High-Profile Targets

On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]

Read More
IcedID Leverages Innovative Delivery Methods, Significantly Increases Infection Rates
IcedID Leverages Innovative Delivery Methods, Significantly Increases Infection Rates

Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]

Read More
Vyveva: New Custom Malware in Lazarus Toolkit
Vyveva: New Custom Malware in Lazarus Toolkit

Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]

Read More
Critical SAP Vulnerabilities Are Under Active Exploitation In Ongoing Attacks Worldwide
Critical SAP Vulnerabilities Are Under Active Exploitation In Ongoing Attacks Worldwide

On April 6, 2021, US-CERT issued an urgent alert warning about an ongoing malicious campaign that leverages old vulnerabilities in mission-critical SAP applications to target organizations worldwide. According to security experts, threat actors apply a variety of techniques, tactics, and procedures to target insecure instances. The successful attack might result in full system compromise, sensitive […]

Read More
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets

The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]

Read More