Tag: SOC Prime Platform

CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations
CVE-2023-34362 Detection: Critical MOVEit Transfer Zero-Day Flaw Actively Exploited By Threat Actors to Steal Data from Organizations

Hot on the heels of the maximum severity flaw in GitLab software known as CVE-2023-2825, another critical vulnerability comes to the scene, creating a significant buzz in the cyber threat landscape. At the turn of June 2023, Progress Software uncovered a critical vulnerability in MOVEit Transfer that can lead to privilege escalation and instantly issued […]

Read More
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations

Driving Cost-Efficient, Zero-Trust, and Multi-Cloud Security Backed by Collective Expertise SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic […]

Read More
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks
Detect SmokeLoader Malware: UAC-0006 Strikes Again to Target Ukraine in a Series of Phishing Attacks

Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of  May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]

Read More
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw
CVE-2023-2825 Exploit Detection: GitLab Urges Users to Promptly Patch a Maximum Severity Flaw

GitLab has recently issued its latest critical security update v. 16.0.1, addressing a path traverse vulnerability tracked as CVE-2023-2825 with a CVSS score reaching the maximum limit of 10.0. The update affects installations running version 16.0.0., with earlier software versions being not impacted. The successful exploitation of a highly critical security bug enables unauthenticated adversaries […]

Read More
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop
SOC Prime to Present at the 11th EU MITRE ATT&CK® Community Workshop

We are delighted to announce that SOC Prime will be speaking at the Eleventh EU MITRE ATT&CK® Community Workshop, which takes place in Brussels on May 26, 2023. The upcoming event connects cybersecurity professionals from across the globe in a single venue fostering information exchange and enabling anyone to learn best industry practices from their […]

Read More
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence
UAC-0063 Cyber-Espionage Activity Detection: Hackers Target Organizations in Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Izrael, and India to Gather Intelligence

Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]

Read More
Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia
Merdoor Malware Detection: Lancefly APT Uses a Stealthy Backdoor in Long-Running Attacks Against Organizations in South and Southeast Asia

A novel hacking collective tracked as Lacefly APT has been recently observed applying a custom Merdoor backdoor to attack organizations in the government, telecom, and aviation sectors across South and Southeastern Asia. According to the latest reports, these targeted intrusions point to a long-running adversary campaign leveraging Merdoor sample, with the first traces dating back […]

Read More
CVE-2023-25717 Detection: New Malware Botnet AndoryuBot Exploits RCE Flaw in the Ruckus Wireless Admin Panel
CVE-2023-25717 Detection: New Malware Botnet AndoryuBot Exploits RCE Flaw in the Ruckus Wireless Admin Panel

A new DDoS botnet dubbed AndoryuBot poses a threat to Ruckus Wireless Admin panels by exploiting a newly patched critical severity flaw tracked as CVE-2023-25717 with the CVSS base score reaching 9.8. The vulnerability exploitation can potentially lead to remote code execution (RCE) and a full compromise of wireless Access Point (AP) equipment. Detecting CVE-2023-25717 […]

Read More
Snake Malware Detection: Cyber-Espionage Implant Leveraged by russia-Affiliated Turla APT in a Long-Lasting Campaign Against NATO Countries
Snake Malware Detection: Cyber-Espionage Implant Leveraged by russia-Affiliated Turla APT in a Long-Lasting Campaign Against NATO Countries

On May 9, 2023, the U.S. Department of Justice revealed the details of a joint operation dubbed MEDUSA that resulted in the disruption of the Snake cyber-espionage implant infrastructure actively leveraged to target 50+ countries in North America, Europe, and Africa.  First emerging in 2003, the malicious tool has been used by the Turla group, […]

Read More
Detecting Abused Legitimate Tools Applied by Hackers in the Human-Operated Ransomware Attacks
Detecting Abused Legitimate Tools Applied by Hackers in the Human-Operated Ransomware Attacks

With the constantly changing cyber threat landscape and the increasing sophistication of the adversary toolkit, information exchange between cybersecurity experts is of paramount value.  On January 25 and 26, 2023, the global cyber defender community welcomed the sixth JSAC2023 conference for security analysts aimed to boost their expertise in the field. This annual cybersecurity event […]

Read More