Hot on the heels of nasty JetBrains TeamCity vulnerabilities (CVE-2024-27198, CVE-2024-2719), security experts reveal a new RCE affecting Microsoft Outlook. Authenticated adversaries might leverage the security issue to execute malicious code on the impacted instance, achieving extensive control over it. Although the vulnerability was patched by Microsoft in February 2024, the vendor classifies it as […]
Threat Bounty Publications In February, the members of the Threat Bounty program submitted more than 350 detections for review by the SOC Prime Team. After the review by the content verification team, 70 rules were successfully published on the SOC Prime Platform. During the verification, the SOC Prime Team provided more than 400 content rejection […]
A new malware iteration dubbed TODDLERSHARK comes into the spotlight in the cyber threat arena, which bears a striking similarity with BABYSHARK or ReconShark malicious strains leveraged by the North Korean APT group known as Kimsuky APT. The infection chain is triggered by weaponizing a couple of critical ConnectWise ScreenConnect vulnerabilities tracked as CVE-2024-1708 and […]
A couple of months after the massive exploitation of CVE-2023-42793, novel critical vulnerabilities in JetBrains TeamCity came into the spotlight, exposing affected users to the risks of the complete compromise of the impacted systems. Tracked as CVE-2024-27198 and CVE-2024-27199, the discovered security flaws can give unauthenticated attackers the green light to gain administrative control of […]
The exponential rise and escalation in intrusion complexity of ransomware attacks fuel the need for proactive ransomware detection. FBI and CISA issue a joint cybersecurity heads-up notifying the global defender community of a dramatic increase in Phobos ransomware attacks targeting the U.S. state bodies and other critical infrastructure, resulting in successful ransom demands amounting to […]
Two days before the 2nd anniversary of russia’s full-scale invasion, CERT-UA researchers uncovered an ongoing phishing attack against the Armed Forces of Ukraine. The adversary campaign linked to the UAC-0149 group has leveraged COOKBOX malware to infect targeted systems. UAC-0149 Attack Analysis Using COOKBOX Malware CERT-UA in coordination with the Cybersecurity Center of the Information […]
Today, we want to introduce to the SOC Prime’s community a talented and devoted member of the Threat Bounty Program and detection content author – Phyo Paing Htun, who has been publishing detections to the SOC Prime Platform since December 2022. Rules by Phyo Paing Htun Tell us about yourself and why you decided to […]
The source code for Knight ransomware, a rebrand of Cyclops RaaS operation, is available for sale on a hacking forum. Researchers revealed a recent advertisement posted on the RAMP forum by an individual threat actor under the moniker Cyclops who belongs to the Knight ransomware gang. The source code for Knight ransomware version 3.0 is […]
Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces don’t fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]
The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]