In February 2021, Microsoft patched a privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that might provide threat actors with the ability to gain admin rights on the vulnerable host and disable pre-installed security products. SentinelOne experts, who revealed the issue, report that the flaw was introduced back in 2009 and stayed undisclosed […]
Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]
A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]
The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]
Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]
At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]
A recently-disclosed security issue in Sudo provides unauthenticated hackers with the ability to escalate their privileges to root on any Linux device. The flaw was imported back in 2011 and remained undetected for nearly a decade. Linux Sudo Vulnerability Description Sudo is a standard service for system administrators, which is ubiquitously applied across the majority […]
Threat analysts from Google warn of a current malicious campaign aimed at vulnerability researchers and Red Team members. Reportedly, a North Korean nation-backed actor stands behind this operation, leveraging novel social engineering methods to approach individual security practitioners via bogus social media profiles. Attack Against Security Researchers The campaign overview from the Google Threat Analysis […]
A new sophisticated APT group, dubbed Dark Halo (UNC2452, SolarStrom), has recently emerged in the cyber-security arena, gathering top press headlines during the last months. Researchers believe this advanced actor might stand behind the historical SolarWinds hack as well as the attack against Malwarebytes security vendor. Who is Dark Halo? Security experts from Volexity estimate […]
Data theft malware continues to get the ride of popularity among financially-motivated hackers. Increased interest boosts the development of new sophisticated strains promoted on the underground market. Obviously, the cheapest and simultaneously functional offerings grab attention first. This is where Oski stealer comes to the spotlight as highly dangerous and relatively low-priced malware. Oski Stealer […]