With a growing number of zero-day flaws affecting widely used software products, proactive detection of vulnerability exploitation has been among the most prevalent security use cases since 2021. Microsoft has recently issued a series of security updates relevant to critical flaws affecting its products, including a patch for a zero-day actively exploited in the wild […]
Threat Bounty Publications During March, our keen Threat Bounty content authors submitted 423 rules for verification by SOC Prime. However, all Threat Bounty detections undergo validation by our internal content verification team, who examine the rules one by one and make decisions on content publication to the SOC Prime Platform. Notwithstanding the persistence and objection […]
With a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the outbreak of the full-fledged war, cyber defenders are looking for ways to help Ukraine and its allies boost their cyber resilience. On April 3, 2023, CERT-UA issued a new alert covering the […]
Cybersecurity experts have uncovered an ongoing adversary campaign exploiting 3CXDesktopApp, a software application for business communication used by 12 million customers worldwide. According to the reports, threat actors gain initial access to the compromised environment, deploy payloads, and then attempt to drop info-stealing malware capable of hijacking login credentials at the final attack stage. Detecting […]
Stay alert! Adversaries set eyes on Aspena Faspex, an IBM file-exchange application frequently used by large enterprises to speed up file transfer procedures. Specifically, threat actors attempt to leverage a pre-authenticated remote code execution (RCE) vulnerability (CVE-2022-47986) affecting the app to proceed with ransomware attacks. At least two ransomware collectives were spotted exploiting CVE-2022-47986, including […]
Heads up! A novel infostealer is making a splash in the cyber threat arena targeting macOS users. Cybersecurity researchers have observed a novel MacStealer macOS malware that steals user credentials and other sensitive data stored in the iCloud KeyChain, web browsers, and crypto wallets. Detecting MacStealer MacOS Malware Being yet another infostealing malware surfacing in […]
The massive cyber incident at Ferrari that compromised some of the company customers’ personal data has recently hit the headlines. Ferrari, the Italian industry-leading car manufacturer, covered the company’s data breach after threat actors that gained access to part of the organization’s IT infrastructure demanded a ransom not to leak the stolen data. Ferrari uncovered […]
Threat Bounty Publications In February 2023, members of the Threat Bounty Program significantly contributed to the SOC Prime Platform. They provided detection rules that address the quality demands and security needs of hundreds of organizations that leverage the SOC Prime Platform for day-to-day operations. As all detections submitted via Threat Bounty Program are published for […]
Security heads-up for cyber defenders! Microsoft has recently fixed a critical elevation of privilege vulnerability (CVE-2023-23397) affecting Microsoft Outlook for Windows that allows adversaries to dump hash passwords from targeted instances. Notably, the flaw has been exploited in the wild as a zero-day since April 2022, being utilized in cyber-attacks against the government, military, and […]
Threat actors tracked as 8220 Gang have been observed leveraging a new crypter called ScrubCrypt, which targets Oracle WebLogic servers. According to cybersecurity researchers, the infection chain is triggered by the successful exploitation of compromised Oracle WebLogic servers and leads to spreading the ScrubCrypt by downloading a PowerShell script. Detect ScrubCrypt Attacks Targeting Oracle Weblogic […]