Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]
Today, we want to introduce to SOC Primeās community one of the most active members of the Threat Bounty Program and the author of validated detections available on the SOC Prime Platform. Meet Mustafa GĆ¼rkan Karakaya, who has been demonstrating his expert cybersecurity knowledge and the potential for further development since he joined the Program […]
GitLab has recently issued its latest critical security update v. 16.0.1, addressing a path traverse vulnerability tracked as CVE-2023-2825 with a CVSS score reaching the maximum limit of 10.0. The update affects installations running version 16.0.0., with earlier software versions being not impacted. The successful exploitation of a highly critical security bug enables unauthenticated adversaries […]
For years, China has been launching offensive operations aimed at collecting intelligence and gathering sensitive data from U.S. and global organizations in multiple industries, with attacks frequently related to nation-backed APT groups, like Mustang Panda or APT41. On May 24, 2023, NSA, CISA, and FBA, in conjunction with other U.S. and international authoring agencies, issued […]
We are delighted to announce that SOC Prime will be speaking at the Eleventh EU MITRE ATT&CKĀ® Community Workshop, which takes place in Brussels on May 26, 2023. The upcoming event connects cybersecurity professionals from across the globe in a single venue fostering information exchange and enabling anyone to learn best industry practices from their […]
Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]
A novel hacking collective tracked as Lacefly APT has been recently observed applying a custom Merdoor backdoor to attack organizations in the government, telecom, and aviation sectors across South and Southeastern Asia. According to the latest reports, these targeted intrusions point to a long-running adversary campaign leveraging Merdoor sample, with the first traces dating back […]
Threat Bounty Publications In April, the active members of the SOC Prime Threat Bounty community submitted 430 detection rules for review by the SOC Prime team for verification and to earn a chance to monetize their content. However, only 64 rules passed validation and were successfully published to the SOC Prime Platform. Explore Detections We […]
A new DDoS botnet dubbed AndoryuBot poses a threat to Ruckus Wireless Admin panels by exploiting a newly patched critical severity flaw tracked as CVE-2023-25717 with the CVSS base score reaching 9.8. The vulnerability exploitation can potentially lead to remote code execution (RCE) and a full compromise of wireless Access Point (AP) equipment. Detecting CVE-2023-25717 […]
With the constantly changing cyber threat landscape and the increasing sophistication of the adversary toolkit, information exchange between cybersecurity experts is of paramount value. On January 25 and 26, 2023, the global cyber defender community welcomed the sixth JSAC2023 conference for security analysts aimed to boost their expertise in the field. This annual cybersecurity event […]