Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]
Dell computers worldwide are potentially vulnerable to attacks due to high-severity flaws introduced back in 2009. According to experts, a set of five issues tracked together as CVE-2021-21551 affects Dell DBUtil driver and allows adversaries to gain kernel-mode privileges on the affected machines. Although CVE-2021-21551 has been present in the driver for more than a […]
On May 3, 2021, Ivanti issued a security update addressing highly critical security holes in its Pulse Connect Secure SSL VPN appliance. The flaws have been reportedly used by APT actors to target government agencies, critical infrastructure objects, and private firms across the U.S. Pulse Connect Secure Vulnerabilities According to the CISA security alert from […]
Australian software producer Click Studios has fallen victim to a security breach that resulted in a supply-chain attack. In April 2020, adversaries successfully compromised the upgrade mechanism of Click Studios’ Passwordstate enterprise password management app to deliver Moserpass malware onto the users’ devices. The number of affected customers is currently unknown, however, the vendor claims […]
Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of […]
On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]
Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]
Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]
On April 6, 2021, US-CERT issued an urgent alert warning about an ongoing malicious campaign that leverages old vulnerabilities in mission-critical SAP applications to target organizations worldwide. According to security experts, threat actors apply a variety of techniques, tactics, and procedures to target insecure instances. The successful attack might result in full system compromise, sensitive […]
The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]