In spring 2022, the notorious Russian nation-backed cyber espionage group Armageddon, also tracked as UAC-0010, launched a series of targeted phishing cyber-attacks against Ukrainian and European state bodies. On July 26, 2022, CERT-UA issued a series of new cybersecurity alerts warning the global cyber defender community of a wave of novel phishing campaigns by these […]
Information stealing attacks that leverage the phishing email attack vector against Ukrainian organizations are currently on the rise, such as the malicious campaign less than one week ago spreading AgentTesla spyware and targeting Ukrainian state bodies. On July 25, 2022, CERT-UA released a new heads-up warning the global cyber defender community of an ongoing email […]
Spyware dubbed DevilsTongue is causing a fair share of trouble for journalists and free speech advocates in the Middle East, especially those Lebanon-based. Adversaries exploit a Chrome zero-day assigned CVE-2022-2294 that Google patched earlier this month to achieve shellcode execution, elevate privileges, and gain file-system permissions on the breached device’s memory. Researchers discovered that the […]
Over the course of the past decade, we have field-tested the argument that manual threat detection processes can no longer keep up with the current security demands. It has already been adamantly established that an era of Everything as Code (EaC) is a new reality, and security teams seeking innovation are putting its novel approaches […]
Security experts have revealed a new variant of an information stealer and banking trojan known under the moniker QBot (aka QakBot, QuackBot, or Pinkslipbot). The trojan was first detected in the late 2000s, mostly used in financially motivated attacks aimed at stealing victimsā passwords. Its operators regularly resurface with new tricks up their sleeves, adopting […]
SOC Prime Threat Bounty Program has been connecting skilled freelance detection engineers for over three years and has undergone many changes and improvements. Today, the Program is a unique opportunity to improve Detection Engineering skills, monetize the created detections, and make a personal portfolio with the leading Detection as Code platform. Introduction to Threat Bounty […]
Due to the global cyber war fueled by Russia’s full-scale invasion of Ukraine, the attacks in the cyber domain against Ukrainian government entities are continuously on the rise. A week after the phishing campaign by the UAC-0056 group delivering Cobalt Strike Beacon, another cyber-attack targeting Ukrainian officials using information-stealing malware comes on the scene. On […]
According to the latest SOC Primeās Detection as Code Innovation report, proactive detection of vulnerability exploitation remains one of the top 3 security use cases throughout 2021-2022, which resonates with a growing number of revealed vulnerabilities affecting open-source products. The cybersecurity researcher has recently revealed a new vulnerability in Apache Spark, an open-source unified analytics […]
Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.Ā […]
New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC) Ā reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]