September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]
Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]
A community-driven approach based on Detection-as-Code principles and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® enables intelligent-driven threat detection, cost-efficient and cross-platform threat investigation, and instant access to detections for critical threats. SOC Prime’s platform aggregates over 200,000 pieces of detection content easily convertible to 25+ SIEM, EDR, and XDR formats and aligned with […]
BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]
Cybersecurity researchers have recently uncovered novel Cheerscrypt Linux-based ransomware. The delivery of ransomware strains has been linked to the China-backed group Emperor Dragonfly also tracked as Bronze Starlight. The hacking collective was also spotted in earlier cyber attacks spreading encrypted Cobalt Strike beacons after gaining initial access to VMware Horizon servers and exploiting the infamous […]
We are thrilled to announce SOC Prime’s participation in the Tenth EU MITRE ATT&CK® Community Workshop taking place in Brussels on 7 October 2022. The upcoming event will host cybersecurity professionals around the globe who will provide insights into best industry practices and share their unique use cases of leveraging the MITRE ATT&CK framework for […]
Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]
Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]
Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level. Earlier this year, Microsoft paid $13.7 million in bug […]