Tag: Sigma

SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective
SOC Prime Drives Collective Cyber Defense Backed by Threat Detection Marketplace, Uncoder AI, and Attack Detective

Embrace Your Cyber Defense Arsenal: Choose a Tool Tailored for Your Unique Cyber Defense Journey SOC Prime equips every cyber defender with a global threat detection platform for collective cyber defense. To help cyber defenders drive immediate value from SOC Prime Platform based on their current security needs, SOC Prime has launched a new three-pronged […]

Read More
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations

Hot on the heels of the maximum severity flaw in GitLab software known as CVE-2023-2825, another critical vulnerability comes to the scene, creating a significant buzz in the cyber threat landscape. At the turn of June 2023, Progress Software uncovered a critical vulnerability in MOVEit Transfer that can lead to privilege escalation and instantly issued […]

Read More
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks

Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of  May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]

Read More
Interview with Threat Bounty Developer – Mustafa Gurkan Karakaya
Interview with Threat Bounty Developer – Mustafa Gurkan Karakaya

Today, we want to introduce to SOC Prime’s community one of the most active members of the Threat Bounty Program and the author of validated detections available on the SOC Prime Platform. Meet Mustafa Gürkan Karakaya, who has been demonstrating his expert cybersecurity knowledge and the potential for further development since he joined the Program […]

Read More
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw

GitLab has recently issued its latest critical security update v. 16.0.1, addressing a path traverse vulnerability tracked as CVE-2023-2825 with a CVSS score reaching the maximum limit of 10.0. The update affects installations running version 16.0.0., with earlier software versions being not impacted. The successful exploitation of a highly critical security bug enables unauthenticated adversaries […]

Read More
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure

For years, China has been launching offensive operations aimed at collecting intelligence and gathering sensitive data from U.S. and global organizations in multiple industries, with attacks frequently related to nation-backed APT groups, like Mustang Panda or APT41. On May 24, 2023, NSA, CISA, and FBA, in conjunction with other U.S. and international authoring agencies, issued […]

Read More
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop

We are delighted to announce that SOC Prime will be speaking at the Eleventh EU MITRE ATT&CK® Community Workshop, which takes place in Brussels on May 26, 2023. The upcoming event connects cybersecurity professionals from across the globe in a single venue fostering information exchange and enabling anyone to learn best industry practices from their […]

Read More
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]

Read More
Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia
Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia

A novel hacking collective tracked as Lacefly APT has been recently observed applying a custom Merdoor backdoor to attack organizations in the government, telecom, and aviation sectors across South and Southeastern Asia. According to the latest reports, these targeted intrusions point to a long-running adversary campaign leveraging Merdoor sample, with the first traces dating back […]

Read More
SOC Prime Threat Bounty —  April 2023 Results
SOC Prime Threat Bounty —  April 2023 Results

Threat Bounty Publications In April, the active members of the SOC Prime Threat Bounty community submitted 430 detection rules for review by the SOC Prime team for verification and to earn a chance to monetize their content. However, only 64 rules passed validation and were successfully published to the SOC Prime Platform. Explore Detections We […]

Read More