Tag: SOC Prime Platform

Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine

CERT-UA researchers have recently published a novel heads-up that covers ongoing phishing attacks against Ukraine involving distribution of Remcos RAT. The group in charge of this offensive campaign, which involves massively distributing spoofing emails with a false sender identity masquerading as the Security Service of Ukraine, is tracked as UAC-0050. UAC-0050 Attack Analysis Covered in […]

Read More
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software
CVE-2023-47246 Detection: Lace Tempest Hackers Actively Exploit a Zero-Day Vulnerability in SysAid IT Software

This November, a set of new zero-days in the popular software products are emerging in the cyber domain, like CVE-2023-22518 affecting all versions of Confluence Data Center and Server. Shortly after its disclosure, another zero-day flaw in SysAid IT software tracked under CVE-2023-47246 comes to the scene. Microsoft revealed traces of vulnerability exploitation, with the […]

Read More
What Is Threat-Informed Defense?
What Is Threat-Informed Defense?

Organizations have to constantly struggle with an avalanche of threats while relying on a straightforward and proactive method to dynamically assess the performance of their security programs. Introducing a threat-informed defense strategy empowers organizations to focus on known threats and dynamically test defenses by equipping teams with better data and insights into their security program […]

Read More
China-Backed APT Attack Detection: Withstanding the Escalating Sophistication & Maturity of Chinese State-Sponsored Offensive Operations Based on the Recorded Future’s Insikt Group Research
China-Backed APT Attack Detection: Withstanding the Escalating Sophistication & Maturity of Chinese State-Sponsored Offensive Operations Based on the Recorded Future’s Insikt Group Research

In the last five years, Chinese nation-backed offensive campaigns have evolved into more sophisticated, stealthy, and well-coordinated threats as compared to previous years. This transformation is characterized by the extensive exploitation of zero-days and known vulnerabilities in publicly accessible security and network instances. Additionally, there is a stronger focus on operational security, aimed at reducing […]

Read More
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 
CVE-2023-22518 Detection: Exploitation of a New Critical Vulnerability in Atlassian Confluence Leads to Cerber Ransomware Deployment 

Just over a month after the disclosure of a critical Confluence zero-day tracked as CVE-2023-22515, a novel vulnerability emerges in the cyber threat arena impacting Atlassian products. Adversaries are setting eyes on a recently fixed and maximum severity vulnerability known as CVE-2023-22518 in all versions of Confluence Data Center and Confluence Server, which enables them […]

Read More
The Prime Hunt Version 1.3.1 Is Out
The Prime Hunt Version 1.3.1 Is Out

On November 1, 2023, SOC Prime Team released a new version of The Prime Hunt, an open-source LGPL browser add-on acting as a single UI for platform-agnostic threat hunting. The tool enables cyber defenders to seamlessly convert, apply, and customize Sigma rules directly within Chrome, Firefox, or Edge browser — regardless of the SIEM, EDR, […]

Read More
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ
CVE-2023-46604 Detection: HelloKitty Ransomware Maintainers Exploits RCE Vulnerability in Apache ActiveMQ

At the turn of November, hot over the heels of disclosing CVE-2023-43208, the Mirth Connect vulnerability, another security bug comes to the scene. Defenders notify the global community of a newly uncovered the highest severity RCE bug that affects Apache ActiveMQ products. Detect CVE-2023-46604 With emerging vulnerabilities being a juicy target for adversaries seeking to […]

Read More
CVE-2023-43208 Detection: NextGen’s Mirth Connect RCE Vulnerability Exposes Healthcare Data to Risks
CVE-2023-43208 Detection: NextGen’s Mirth Connect RCE Vulnerability Exposes Healthcare Data to Risks

Vulnerabilities affecting popular software expose thousands of organizations in diverse industry sectors to severe threats. October has been rich in uncovering critical security flaws in widely used software products, like CVE-2023-4966, a hazardous Citrix NetScaler vulnerability, and CVE-2023-20198 zero-day affecting Cisco IOS XE. In the last decade of October 2023, defenders warned the global community […]

Read More
Detection Content to Address Attacker Techniques Covered in the “Domain of Thrones: Part I” Research
Detection Content to Address Attacker Techniques Covered in the “Domain of Thrones: Part I” Research

Offensive forces continuously look for new ways to gain access to the domain environment and sustain their presence by leveraging multiple attack vectors and experimenting with diverse adversary tools and techniques. For instance, they can take advantage of revealed security flaws as in the case of adversary attempts to exploit the vulnerability in Microsoft’s Windows […]

Read More
CVE-2023-4966 Detection: Critical Citrix NetScaler Vulnerability Actively Exploited In the Wild
CVE-2023-4966 Detection: Critical Citrix NetScaler Vulnerability Actively Exploited In the Wild

Adding to the list of critical Citrix NetScaler zero-days, security researchers warn of a new dangerous vulnerability (CVE-2023-4966) continuously exploited in the wild despite a patch issued in October. Marked as an information-disclosure flaw, CVE-2023-4966 enables threat actors to hijack existing authenticated sessions and potentially result in a multifactor authentication (MFA) bypass. According to security […]

Read More