Zoho’s ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zoho’s products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products. On […]
Instantly Explore the Executable Binary References Linked to Sigma Rules for More Insightful Contextual Information SOC Prime has recently released integration for its cyber threats search engine with EchoTrail.io database. Now, SOC Prime users can streamline threat investigation with the comprehensive information about executable binaries (filenames or hashes) launched on Windows, accessible right from our […]
The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]
To enhance global collaborative cyber defense by enabling Detection as Code practices, SOC Prime continuously broadens the support for open-source cybersecurity solutions. We are thrilled to announce a new integration with OpenCTI, an open-source modular Cyber Threat Intelligence platform that aggregates and visualizes information on cyber threats. Through contribution to this CTI platform, SOC Prime […]
A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]
On June 20, 2022, CERT-UA issued two separate alerts that warn the global cybersecurity community of a new wave of cyber-attacks on Ukrainian organizations weaponizing the nefarious zero-day vulnerability actively exploited in the wild and tracked as CVE-2022-30190 aka Follina. In the CERT-UA#4842 alert, cybersecurity researchers unveiled the malicious activity by a hacking group identified […]
Cybersecurity researchers have recently shed light on a wave of new cyber attacks by the Iranian nation-backed APT group acting under the moniker “Lyceum” also known as HEXANE. Lyceum actors have been operating in the cyber threat arena since 2017 mainly targeting Middle East organizations in the energy and telecom industry sectors. In the latest […]
Cybersecurity researchers have observed the activity of a more advanced version of a fully-functional malware loader dubbed PureCrypter that has been actively distributing remote access Trojans (RATs) and information stealers since March 2021. Notorious malware samples delivered using PureCrypter include AsyncRAT, LokiBot, Remcos, Warzone RAT, NanoCore, Arkei Stealer, and RedLine Stealer. The updated features of […]
Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendor’s Control Center software that enabled unauthorized attackers to gain remote code […]