Tag: SOC Prime Platform

BatLoader Malware Detection
BatLoader Malware Detection: Evasive Downloader on the Rise

Security experts warn of the notorious stealthy malware dubbed BatLoader, which has been increasingly infecting instances worldwide over the last few months. The notorious threat acts as a malware downloader dropping a variety of malicious payloads on the victims’ systems. During the latest campaigns, BatLoader has been observed delivering banking Trojans, ransomware samples, information stealers, […]

Read More
Detect Mustang Panda aka Earth Preta APT Activity
Earth Preta aka Mustang Panda Attack Detection: Abused Fake Google Accounts in Spear-Phishing Campaigns Targeting Governments Worldwide 

The infamous China-linked Earth Preta (aka Mustang Panda, Bronze President, TA416) APT group has been attributed to a wave of spear-phishing attacks against global organizations in multiple industry sectors, including government institutions, primarily in Asia Pacific regions. Cybersecurity researchers have observed that threat actors abused fake Google accounts to spread different strains of malware, including […]

Read More
Cyber Monday Promo 2022
SOC Prime’s Cyber Monday Deal 2022: Get Bonus Sigma Rules of Your Choice & Unlimited Hunting Capabilities 

We are thrilled to announce our Cyber Monday promotion to help our committed SOC Prime users enhance their cyber defense capabilities. As part of this special offer, each SOC Prime user who purchases our On Demand subscription gains a brilliant opportunity to receive an exclusive Cyber Monday offer for 20% more premium detection content on […]

Read More
Somnia Malware Detection
Somnia Malware Detection: UAC-0118 aka FRwL Launches Cyber Attacks Against Organizations in Ukraine Using Enhanced Malware Strains

Since the outbreak of the global cyber war, cyber attacks against Ukraine and its allies leveraging info-stealers and malicious payloads have been causing a stir in the cyber threat arena. In the latest cyber attack on the Ukrainian organization, threat actors have applied a diverse offensive toolkit, including the Vidar info-stealer and the notorious Cobalt […]

Read More
Armageddon APT aka UAC-0010 Reemerges
Armageddon APT Hacker Group aka UAC-0010 Spreads Phishing Emails Masquerading as the State Special Communications Service of Ukraine

The russia-linked Armageddon APT aka Gamaredon or UAC-0010 has been launching a series of cyber attacks on Ukraine since the outbreak of the global cyber war. On November 8, 2022, CERT-UA released the latest alert detailing the ongoing spearphishing campaign of this russia-backed cyber-espionage hacking collective, in which adversaries massively distribute spoofed emails masquerading as […]

Read More
Black Basta Ransomware Attack Detection
Black Basta Ransomware Attack Detection: Recent Malicious Campaigns Using New Custom Tools Attributed to the FIN7 Group

The Black Basta ransomware group emerged in the cyber threat arena in April 2022. Although the hacking collective can be considered relatively new to the cyber offensive domain, they have already gained a notorious reputation for rapidly evolving its adversary toolkit and adapting more sophisticated tools. Cybersecurity researchers tie the latest activity of Black Basta […]

Read More
CVE-2022-3602 & CVE-2022-3786
CVE-2022-3602 & CVE-2022-3786: New High-Severity OpenSSL Vulnerabilities 

Due to a constantly evolving number of vulnerabilities affecting open-source software products, proactive detection of vulnerability exploitation remains one of the most common security use cases according to the latest SOC Prime’s Detection as Code Innovation report. At the turn of November 2022, a couple of new vulnerabilities in the OpenSSL software library identified as […]

Read More
Detect CVE-2021-39144: Critical Remote Code Execution Vulnerability in VMware Cloud Foundation via XStream Open Source Library

Another day, another exploit emerges in the wild to cause a headache for security practitioners. VMware warns of a public exploit code available for a recently-patched critical remote code execution (RCE) vulnerability (CVE-2021-39144) in VMware Cloud Foundation and NSX Manager. Leveraging this flaw, unauthenticated threat actors might execute the malicious code with the highest system […]

Read More
PURPLEURCHIN Campaign Detection
PURPLEURCHIN Campaign Detection: A New Crypto Mining Operation Massively Abuses GitHub Actions and Other Popular Free CI/CD Service Accounts  

With crypto mining attacks significantly increasing over the past couple of years, increasing awareness of cryptojacking is of paramount importance. Cybersecurity researchers have recently uncovered a massive cryptojacking campaign abusing free CI/CD service providers, with over 30 GitHub, 2,000 Heroku, and 900 Buddy accounts compromised. Dubbed PURPLEURCHIN, the malicious operation applies sophisticated obfuscation techniques and […]

Read More
SOC Prime Completes SOC 2 Type II Audit
SOC Prime Achieves SOC 2 Type II Compliance for the Second Year in a Row

Independent Audit Once Again Verifies SOC Prime’s Compliance with the SOC 2® Requirements  We are thrilled to announce that SOC Prime has once again successfully completed the SOC 2 Type II audit conducted by I.S. Partners, LLC, one of the industry-leading internal controls attestation firms certified by the PCI Council as a Qualified Security Assessor. […]

Read More