Tag: Malware

CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software

This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]

Read More
Agonizing Serpens Attack Detection: Iran-Backed Hackers Target Israeli Tech Firms and Educational Institutions
Agonizing Serpens Attack Detection: Iran-Backed Hackers Target Israeli Tech Firms and Educational Institutions

The increasing menace posed by nation-state actors continuously increases with new sophisticated attack methods adopted by APT collectives and a massive shift towards stealthiness & operational security. Recently, security researchers revealed a destructive campaign against Israeli organizations launched by an Iran-affiliated hacker group dubbed Agonizing Serpens (aka Agrius, BlackShadow). The main objective of this offensive […]

Read More
China-Backed APT Attack Detection: Withstanding the Escalating Sophistication & Maturity of Chinese State-Sponsored Offensive Operations Based on the Recorded Future’s Insikt Group Research
China-Backed APT Attack Detection: Withstanding the Escalating Sophistication & Maturity of Chinese State-Sponsored Offensive Operations Based on the Recorded Future’s Insikt Group Research

In the last five years, Chinese nation-backed offensive campaigns have evolved into more sophisticated, stealthy, and well-coordinated threats as compared to previous years. This transformation is characterized by the extensive exploitation of zero-days and known vulnerabilities in publicly accessible security and network instances. Additionally, there is a stronger focus on operational security, aimed at reducing […]

Read More
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ

At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]

Read More
GraphRunner Activity Detection: Hackers Apply a Post-Exploitation Toolset to Abuse Microsoft 365 Default Configurations
GraphRunner Activity Detection: Hackers Apply a Post-Exploitation Toolset to Abuse Microsoft 365 Default Configurations

Microsoft 365 (M365) is leveraged by over a million global companies, which can pose severe threats to the customers relying on this popular software in case of compromise. Since it possesses a set of default configurations, adversaries can set their eyes on them and exploit the latter exposing affected users to significant security risks, which […]

Read More
Balada Injector Malware Campaign Detection: Hackers Exploit a tagDiv Composer Vulnerability Infecting Thousands of WordPress Sites
Balada Injector Malware Campaign Detection: Hackers Exploit a tagDiv Composer Vulnerability Infecting Thousands of WordPress Sites

Over a month ago, defenders warned the peer community of CVE-2023-4634, a critical WordPress vulnerability actively exploited in the wild and impacting an overwhelming number of WordPress sites across the globe. Following that campaign, another malicious operation comes to the forefront. A fresh surge in the long-lasting Balada Injector malware campaign has already impacted over […]

Read More
LostTrust Ransomware Detection: SFile and Mindware Advancement, Successor of MetaEncryptor Gang
LostTrust Ransomware Detection: SFile and Mindware Advancement, Successor of MetaEncryptor Gang

Novel LostTrust ransomware emerged in the cyber threatscape in early spring 2023. However, the adversary campaign hit the headlines only in September when ransomware operators were observed leveraging data leak sites and payloads quite similar to the offensive tools used by the MetaEncryptor gang. Defenders are raising concerns in response to the growing threats as […]

Read More
SmokeLoader Malware Detection: UAC-0006 Hackers Launch a Wave of Phishing Attacks Against Ukraine Targeting Accountants
SmokeLoader Malware Detection: UAC-0006 Hackers Launch a Wave of Phishing Attacks Against Ukraine Targeting Accountants

In early October 2023, the UAC-0006 group was observed behind a series of at least four cyber attacks targeting Ukraine, as CERT-UA researchers report. Attackers applied a similar adversary toolkit as in previous campaigns, leveraging SmokeLoader in the latest phishing operation.  SmokeLoader Delivery: UAC-0006 Attack Analysis  On October 6, 2023, CERT-UA released four alerts notifying […]

Read More
ShadowPad Trojan Detection: Redfly Hackers Apply a Nefarious RAT to Hit National Power Grid Organization in Asia
ShadowPad Trojan Detection: Redfly Hackers Apply a Nefarious RAT to Hit National Power Grid Organization in Asia

ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]

Read More
Strengthening Cybersecurity in the Finance Industry Equipped with SOC Prime’s Solutions
Strengthening Cybersecurity in the Finance Industry Equipped with SOC Prime’s Solutions

The financial sector, the keystone of the global economy, has become increasingly digitized in recent years. While this transformation brings efficiency and convenience, it also exposes financial institutions to many cybersecurity challenges. Threat actors, ranging from sophisticated hacker groups to opportunistic individuals, are constantly targeting the financial sector, seeking to exploit vulnerabilities for financial gain. […]

Read More