Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793Ā allows adversaries to gain RCE on […]
Part 2: Environment-Dependent Terms Overview of Series This is part 2 of a multi-part series that will cover frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems, and even some more obscure āgotchasā to think about. Some of these ideas will extend beyond […]
Threat actors frequently set eyes on Microsoft SharePoint Server products by weaponizing a set of RCE vulnerabilities, such as CVE-2022-29108 and CVE-2022-26923. In the early summer of 2023, Microsoft issued a patch for the newly discovered SharePoint Server elevation of privilege vulnerability known as CVE-2023-29357 and considered critical. With the CVE-2023-29357 PoC exploit recently released, […]
Balance Your Cybersecurity Journey with a Single Community for Collective Cyber Defense In the ever-evolving landscape of technology, finding a welcoming and vibrant peer-driven community has never been more critical. Discord servers have emerged as digital hubs where tech enthusiasts, professionals, and learners unite. These dynamic virtual spaces transcend geographical boundaries, making it possible for […]
Proactive ransomware detection remains one of the top priorities for defenders, marked by a rise in intrusion complexity and continuously increasing high-profile ransomware attacks. FBI and CISA notify defenders of the growing volumes of cyber attacks spreading Snatch ransomware. Snatch ransomware operators have been in the limelight in the cyber threat landscape for about five […]
The new Microsoft Windows Themes security bug tracked as CVE-2023-38146, which enables attackers to perform RCE, emerges in the cyber threat arena. The proof-of-concept (PoC) exploit for this vulnerability, also known as “ThemeBleed,” has recently been released on GitHub, posing a threat to potentially infected Windows instances and arresting the attention of defenders. CVE-2023-38146 Detection […]
ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]
Threat Bounty monthly digests cover whatās happening in the SOC Prime Threat Bounty community. Each month, we publish the Program news and updates and give recommendations on content improvement based on our observations and analysis during Threat Bounty content verification. Threat Bounty Content Submissions During the month of August, the members of the Threat Bounty […]
Part 1: Unintentional Escaped Wildcards Overview of Series This is part 1 of a multi-part series covering frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems and even some more obscure āgotchasā to think about. Some of these ideas will extend beyond SIGMA […]
There are a lot of interesting cases that you can find while investigating anomalies in the traffic baselines, for example, in FTP, SSH, or HTTPS. This guide describes how to use the “Imperva WAF – Kibana Dashboard, Watchers and Machine Learning for ELK Stack” Content Pack to detect abnormal spikes of attacks identified by WAF […]