Tag: Latest threats

SOC Prime on Discord: Join a Single Community for All Cyber Defenders to Benefit from Shared Expertise
SOC Prime on Discord: Join a Single Community for All Cyber Defenders to Benefit from Shared Expertise

In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]

Read More
CVE-2022-29108 Detection: Newly Discovered Flaw in Microsoft SharePoint Server
CVE-2022-29108 Detection: Newly Discovered Flaw in Microsoft SharePoint Server

Microsoft Patch Tuesday for May 2022 brought to the daylight 74 flaws in Microsoft products, among them critical vulnerabilities, such as a CVE-2022–26923, along with the necessary fixes to mitigate them. The new SharePoint Server remote code execution (RCE) vulnerability is similar to another Microsoft SharePoint RCE tagged CVE-2022-22005 that was discovered in February this […]

Read More
The Future of Threat Detection is the Community
The Future of Threat Detection is the Community

Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]

Read More
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits

A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]

Read More
SquirrelWaffle Malware Detection
SquirrelWaffle Malware Detection

The throne is never vacant! Meet SquirrelWaffle, a new malicious loader in town striving to replace the infamous Emotet. Since the beginning of autumn 2021, SquirrelWaffle has been massively compromising hosts via spam campaigns to provide adversaries the ability to drop second-stage payloads, including such samples as Qakbot and Cobalt Strike. Attack Kill Chain SquirrelWaffle […]

Read More
Defending Against Ransomware Attacks in 2021
Defending Against Ransomware Attacks in 2021

The cybersecurity community is facing a crisis caused by the escalating threat of high-profile ransomware attacks. Advancing the trend of 2020, ransomware continues to be the number one problem in 2021, with the increasing sophistication of intrusions and a constantly growing number of malicious affiliates.  Big enterprises remain to be the primary target. Yet, the […]

Read More
High Severity Bug in Linux Enables Privilege Escalation to Root
High Severity Bug in Linux Enables Privilege Escalation to Root

A notorious security hole in the polkit authentication system service exposes the majority of modern Linux distributions to the risk of privilege escalation attacks. A high-severity issue (CVE-2021-3560) allows a hacker to obtain root rights via a set of simple commands in the terminal. The bug has been confirmed in Red Hat Enterprise Linux, Fedora, […]

Read More
Prometei Botnet Exploits Unpatched Microsoft Exchange Vulnerabilities for Propagation
Prometei Botnet Exploits Unpatched Microsoft Exchange Vulnerabilities for Propagation

Security researchers reveal a significant shift in malicious tactics of the Prometei botnet, which is now capable of leveraging the “ProxyLogon” exploit for Windows Exchange servers to penetrate the targeted network and drop cryptojacking malware onto users’ machines. Although the main objective is to mine Monero by exploiting the processing powers of the infected instances, […]

Read More
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets
REvil Ransomware Evolution: New Tactics, Impressive Gains, and High-Profile Targets

The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]

Read More
New Hades Ransomware Hits Leading US Vendors
New Hades Ransomware Hits Leading US Vendors

Security researchers uncovered an ongoing malicious campaign targeting big-name US companies with Hades ransomware. At least three US vendors have been hit by an unknown financially-motivated actor since December 2020.  What Is Hades Ransomware? First discovered in late 2020, Hades ransomware is a brand new player in the threat arena. The malware was named after […]

Read More