Tag: Sigma

SOC Prime Threat Bounty — November 2021 Results
SOC Prime Threat Bounty — November 2021 Results

November ‘21 Results In November 2021, Threat Bounty Program developers contributed 243 new detections to the SOC Prime Platform. Moreover, 89 rules previously published by Threat Bounty authors to the Threat Detection Marketplace repository were improved and updated. As SOC Prime aims as delivering only the content of the highest standards, the total of 245 […]

Read More
The Future of Threat Detection is the Community
The Future of Threat Detection is the Community

Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]

Read More
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits

A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]

Read More
SOC Prime Threat Bounty — October 2021 Results
SOC Prime Threat Bounty — October 2021 Results

SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]

Read More
What Is BGP and How Its Failure Took Facebook Down?
What Is BGP and How Its Failure Took Facebook Down?

On October 4, 2021, Facebook – and all the major services Facebook owns – went down for approximately six hours. The social media “blackout” started at 11:40 Eastern Time (ET) right after Facebook Domain Name System (DNS) records had become unavailable. The incident analysis from Cloudflare details that DNS names for Facebook just stopped resolving, […]

Read More
CVE-2021-22937 Detection: Patch Bypass Vulnerability in Pulse Connect Secure
CVE-2021-22937 Detection: Patch Bypass Vulnerability in Pulse Connect Secure

Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]

Read More
SOC Prime Attends Seventh EU MITRE ATT&CK® Community Workshop
SOC Prime Attends Seventh EU MITRE ATT&CK® Community Workshop

SOC Prime is excited to announce our participation in the Seventh EU MITRE ATT&CK® Community Workshop taking place online on June 1-2, 2021. This workshop is supported by CERT-EU, CIRCL, and the MITRE Engenuity Center for Threat-Informed Defense to boost the experience exchange among security professionals interested in the use of the MITRE ATT&CK Framework […]

Read More
IBM QRadar Remote Code Execution Vulnerability (CVE-2020-4888) Detection
IBM QRadar Remote Code Execution Vulnerability (CVE-2020-4888) Detection

On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]

Read More
Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)
Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)

On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]

Read More
Detection for Sysmon with Threat Detection Marketplace
Detection for Sysmon with Threat Detection Marketplace

At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]

Read More