Tag: Sigma

ProxyNotShell: Detecting CVE-2022-41040 and CVE-2022-41082, Novel Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited in the Wild

Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]

Read More
NullMixer Dropper
NullMixer Malware Detection: Hackers Spread a Dropper Using SEO to Deploy Multiple Trojans at Once

Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]

Read More
CVE-2022-35405 Detection: CISA Warns of Adversaries Leveraging ManageEngine RCE Flaw

Shields up! On September 22, 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released a directive urging all FCEB agencies to fix a flaw affecting Zoho ManageEngine products by mid-October. Indexed as CVE-2022-35405, the security issue is a critical Java deserialization flaw and is currently actively exploited in the wild. The flaw was documented in […]

Read More
Top MSSP and MDR Challenges
Top Challenges for MSSPs and MDRs and How to Overcome Them

Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]

Read More
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001

What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level.  Earlier this year, Microsoft paid $13.7 million in bug […]

Read More
Uber Breach 2022: Detect the Destructive Cyber-Attack Causing the Complete Organization’s System Takeover

On September 15, Uber officially confirmed an attack resulting in an organization-wide cybersecurity breach. According to the security investigation, the organization’s system was severely hacked, with attackers moving laterally to gain access to the company’s critical infrastructure. The cybersecurity incident was brought to the limelight after a young hacker, who claimed to have breached Uber’s […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
Raspberry Robin Malware
Raspberry Robin Malware Detection: New Connections Revealed

In late July, Microsoft researchers released new evidence linking Raspberry Robin Windows worm to the activity of the russia-backed Evil Corp gang. Raspberry Robin, a USB-based worm designed as a malware loader, shows similar functionality and structural elements to those of Dridex malware, indicating that a notorious Evil Corp group may be behind the new […]

Read More
AgentTesla Mass Distribution
AgentTesla Spyware Massively Distributed in Phishing Campaigns Targeting Ukrainian, Austrian, and German Organizations

On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]

Read More
HYPERSCRAPE Detection: Iranian Cyberespionage Group APT35 Uses a Custom Tool to Steal User Data

The malicious campaigns of the Iran-backed APT34 hacking collective also tracked as Charming Kitten, have been causing a stir in the cyber threat arena in 2022, including the cyber-attacks exploiting Microsoft Exchange ProxyShell vulnerabilities. In late August 2022, cybersecurity researchers revealed the ongoing malicious activity posing a serious threat to Gmail, Yahoo!, and Microsoft Outlook […]

Read More