Tag: SOC Prime Platform

Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More
SOC Prime Now Supports OpenCTI Integration

To enhance global collaborative cyber defense by enabling Detection as Code practices, SOC Prime continuously broadens the support for open-source cybersecurity solutions. We are thrilled to announce a new integration with OpenCTI, an open-source modular Cyber Threat Intelligence platform that aggregates and visualizes information on cyber threats. Through contribution to this CTI platform, SOC Prime […]

Read More
CVE-2022-1040
CVE-2022-1040 Detection: DriftingCloud APT Group Exploits RCE Flaw in Sophos Firewall

A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]

Read More
DFSCoerce Detection: New NTLM Relay Attack Enabling Windows Domain Takeover

Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]

Read More
CredoMap and Cobalt Strike Beacon Malware
CredoMap and Cobalt Strike Beacon Detection: APT28 Group and UAC-0098 Threat Actors Once Again Attack Ukrainian Organizations

On June 20, 2022, CERT-UA issued two separate alerts that warn the global cybersecurity community of a new wave of cyber-attacks on Ukrainian organizations weaponizing the nefarious zero-day vulnerability actively exploited in the wild and tracked as CVE-2022-30190 aka Folina. In the CERT-UA#4842 alert, cybersecurity researchers unveiled the malicious activity by a hacking group identified […]

Read More
Lyceum .NET DNS Backdoor
Lyceum .NET DNS Backdoor Detection: Iranian Nation-Backed APT Group Leverages New Hijacking Malware

Cybersecurity researchers have recently shed light on a wave of new cyber attacks by the Iranian nation-backed APT group acting under the moniker “Lyceum” also known as HEXANE. Lyceum actors have been operating in the cyber threat arena since 2017 mainly targeting Middle East organizations in the energy and telecom industry sectors. In the latest […]

Read More
PureCrypter Loader Detection: Now Upgraded to Boost Malicious Activity; Spreads Remote Access Trojans and Infostealers

Cybersecurity researchers have observed the activity of a more advanced version of a fully-functional malware loader dubbed PureCrypter that has been actively distributing remote access Trojans (RATs) and information stealers since March 2021. Notorious malware samples delivered using PureCrypter include AsyncRAT, LokiBot, Remcos, Warzone RAT, NanoCore, Arkei Stealer, and RedLine Stealer. The updated features of […]

Read More
Flaws in FUJITSU CentricStor Control Center
Fujitsu Cloud Storage Vulnerabilities Detection

Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendor’s Control Center software that enabled unauthorized attackers to gain remote code […]

Read More
Threat Bounty Program May
SOC Prime Threat Bounty — May 2022 Results

In May 2022, the members of SOC Prime Threat Bounty Program contributed 184 unique detections to the Detection as Code platform. The published detections help the global cyber community timely detect emerging threats such as the APT29 phishing campaign, BlackByte Ransomware attack, Microsoft SharePoint RCE (CVE-2022-29108), and many others. The information about the recent detections […]

Read More
CrescentImp Malware Detection: Russia-Linked Sandworm APT Targets Ukrainian Media Organizations

The notorious Microsoft Office zero-day vulnerability tracked as CVE-2022-30190 aka Follina is still being actively exploited by multiple hacking organizations across the world. On June 10, 2022, CERT-UA released a new alert warning of ongoing cyber-attacks targeting Ukrainian media organizations. Threat actors continue to leverage the CVE-2022-30190 vulnerability in the latest malicious email campaign aimed […]

Read More