November ā21 Results In November 2021, Threat Bounty Program developers contributed 243 new detections to the SOC Prime Platform. Moreover, 89 rules previously published by Threat Bounty authors to the Threat Detection Marketplace repository were improved and updated. As SOC Prime aims as delivering only the content of the highest standards, the total of 245 […]
Relying on Public Sources of Information Think about it ā every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, ā doesnāt it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]
A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]
SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]
On October 4, 2021, Facebook – and all the major services Facebook owns – went down for approximately six hours. The social media āblackoutā started at 11:40 Eastern Time (ET) right after Facebook Domain Name System (DNS) records had become unavailable. The incident analysis from Cloudflare details that DNS names for Facebook just stopped resolving, […]
Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]
SOC Prime is excited to announce our participation in the Seventh EU MITRE ATT&CKĀ® Community Workshop taking place online on June 1-2, 2021. This workshop is supported by CERT-EU, CIRCL, and the MITRE Engenuity Center for Threat-Informed Defense to boost the experience exchange among security professionals interested in the use of the MITRE ATT&CK Framework […]
On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]
On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]
At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Primeās Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]