New details related to epoch-making SolarWinds supply-chain attack came into light. Research from Microsoft indicates that another stand-alone APT actor might have a hand in SolarWinds Orion compromise. Particularly, cyber-criminals utilized a newly discovered zero-day bug to infect targeted instances with SUPERNOVA backdoor. New ZeroDay Vulnerability in SolarWinds Orion Software (CVE-2020-10148) The vulnerability was disclosed […]
IceRAT is a relatively new tool in the malicious arena, being a unique strain in regard to its features and unprecedented evasion tactics. Remarkably, the threat has very low detection rates, acting as a stealth malware able to steal sensitive data and financial assets from the targeted machines. What is IceRAT malware? Despite its name, […]
The infamous Lazarus APT group (aka HiddenCobra, APT37) was yet again spotted agitating the world of cyber. This time security analysts revealed a highly targeted cyber-espionage campaign aimed at major manufacturing and electrical industry enterprises across Europe. Lazarus Toolset and Attack Scenario The initial attack vector used by Lazarus hackers was similar to that leveraged […]
Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]
This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]
Boston, MA, November 25, 2020 (GLOBE NEWSWIRE) — SOC Prime, the leader in Continuous Security Intelligence, today has made generally available the Hyperdrive add-on for its Threat Detection Marketplace, the world’s largest platform for SOC content. This newly released add-on helps companies to rapidly build up cyber defense capabilities in the specific threat area relevant […]
It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]
In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale. CVE-2020-14882 Overview […]
Last week the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a joint security advisory related to recently discovered cyberattacks of Russian state-sponsored cyber-espionage unit. Energetic Bear (also known as Dragonfly, Crouching Yeti, TEMP.Isotope, TeamSpy, Berserk Bear, Havex, and Koala) is actively interested in the US elections this time around. Over […]
Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]