Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide. What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]
The French National Agency for the Security of Information Systems (ANSSI) revealed a three-year-long operation launched by Sandworm APT against major IT and web hosting providers in France. The ANSSI advisory details that the campaign started back in 2017 and resulted in a series of subsequent breaches, including the compromise of Centreon, a monitoring software […]
In February 2021, Microsoft patched a privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that might provide threat actors with the ability to gain admin rights on the vulnerable host and disable pre-installed security products. SentinelOne experts, who revealed the issue, report that the flaw was introduced back in 2009 and stayed undisclosed […]
Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]
A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]
The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]
Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]
At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]
A recently-disclosed security issue in Sudo provides unauthenticated hackers with the ability to escalate their privileges to root on any Linux device. The flaw was imported back in 2011 and remained undetected for nearly a decade. Linux Sudo Vulnerability Description Sudo is a standard service for system administrators, which is ubiquitously applied across the majority […]
Threat analysts from Google warn of a current malicious campaign aimed at vulnerability researchers and Red Team members. Reportedly, a North Korean nation-backed actor stands behind this operation, leveraging novel social engineering methods to approach individual security practitioners via bogus social media profiles. Attack Against Security Researchers The campaign overview from the Google Threat Analysis […]