Security experts have shed light on a novel malicious sample hiding in the malicious arena, an evasive stealer dubbed Rhadamanthys. The malware is commonly distributed via Google ads redirecting compromised users to phishing webpages disguised as widely-used legitimate software. Detect Rhadamanthys Malware In view of the increasing popularity of Rhadamanthys stealer being broadly distributed in […]
Insights into How SOC Prime Achieved 100% YoY Growth While Withstanding the Challenges of War and Economic Recession Since russia’s full-scale invasion of Ukraine, SOC Prime has been on the frontline of war helping Ukraine and our customers defend themselves from the aggressor’s malicious activity in the cyber domain. Regardless of the challenges, we keep […]
Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe. Detect CVE-2022-42475: […]
No matter the holiday season, adversaries have no vacation inventing new malicious tricks to target unsuspecting victims. Last week, security researchers uncovered an enhanced variant of the worm-like Raspberry Robin malware dropper leveraged to target financial and insurance companies across European countries. Experts specifically note that Rasperry Robin received a significant upgrade, including complex obfuscation […]
With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]
Simplify Threat Investigation with a Single UI for All Threat Hunters, Right Within Your Browser The Prime Hunt is an open-source browser extension that acts as the industry-first platform-agnostic UI for all threat hunters, no matter what SIEM or EDR they use. The tool enables security engineers to quickly convert, apply, and customize detection code […]
BlueNoroff, which is part of the larger Lazarus Group, is a financially-motivated hacking collective striving to gain financial benefits from its offensive capabilities. The group, known for stealing cryptocurrency and commonly applying Word documents and LNK files for initial intrusion, has currently been leveraging new adversary methods. In the latest attacks, BlueNoroff experiments with new […]
In late December 2022, cybersecurity researchers observed a new burst of malicious activity distributing the noteworthy IcedID botnet. In this ongoing adversary campaign, threat actors abuse Google pay-per-click (PPC) ads to spread the novel variant of malware tracked as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Detecting IcedID Botnet Infections Through Malvertising In view that the IcedID botnet is constantly evolving, […]
On December 20, 2022, cybersecurity researchers uncovered a novel exploit method dubbed OWASSRF that involves chaining CVE-2022-41080 and CVE-2022-41082 vulnerabilities to gain RCE through privilege escalation via Outlook Web Access (OWA). OWASSRF is capable of bypassing ProxyNotShell mitigations. Cyber defenders highlight that these ongoing attacks pose a threat to an increasing number of Microsoft Exchange […]
Since russia’s full-scale invasion of Ukraine in February 2022, the infamous Trident Ursa russia-affiliated hacking group also tracked as Armageddon APT aka Gamaredon or UAC-0010 has been launching its offensive operations targeting Ukraine and its allies. For over ten months, the hacking collective has performed a series of phishing cyber attacks covered in the corresponding […]