Tag: Detection Content

Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies
Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies

Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]

Read More
FireEye Breach: Leaked Red Team Toolkit Detection
FireEye Breach: Leaked Red Team Toolkit Detection

This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]

Read More
SOC Prime Hyperdrive Helps SOC Teams Obtain and Customize Threat Detection Content Faster
SOC Prime Hyperdrive Helps SOC Teams Obtain and Customize Threat Detection Content Faster

Boston, MA, November 25, 2020 (GLOBE NEWSWIRE) — SOC Prime, the leader in Continuous Security Intelligence, today has made generally available the Hyperdrive add-on for its Threat Detection Marketplace, the world’s largest platform for SOC content. This newly released add-on helps companies to rapidly build up cyber defense capabilities in the specific threat area relevant […]

Read More
Ransomware Detection with Existing Technologies
Ransomware Detection with Existing Technologies

It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]

Read More
CVE-2020-14882
CVE-2020-14882

In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale.  CVE-2020-14882 Overview […]

Read More
Energetic Bear Cyber Attack Detection
Energetic Bear Cyber Attack Detection

Last week the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a joint security advisory related to recently discovered cyberattacks of Russian state-sponsored cyber-espionage unit. Energetic Bear (also known as Dragonfly, Crouching Yeti, TEMP.Isotope, TeamSpy, Berserk Bear, Havex, and Koala) is actively interested in the US elections this time around. Over […]

Read More
Phobos Ransomware Detection: SOC Content Against EKING Attacks
Phobos Ransomware Detection: SOC Content Against EKING Attacks

Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]

Read More
Mount Locker Ransomware
Mount Locker Ransomware

Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]

Read More
Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)
Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More
Dridex Malware Detection: Proactively Defend With SOC Content
Dridex Malware Detection: Proactively Defend With SOC Content

Dridex malware has been attacking banks and financial institutions for almost a decade. In 2019, the US Department of Justice brought charges against Russian nationals who stood behind the creation of the Dridex malware and were leading criminal activities that delivered them about $100 million. Even back in 2015, Dridex was responsible for roughly $30.5 […]

Read More