Tag: SOC Prime Platform

LockBit Ransomware Detection: Cybercriminal Gang Evil Corp Affiliates, aka UNC2165, Attempt to Evade U.S. Sanctions
LockBit Ransomware Detection: Cybercriminal Gang Evil Corp Affiliates, aka UNC2165, Attempt to Evade U.S. Sanctions

In December 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-linked cybercriminal gang tracked as Evil Corp (aka Dridex, INDRIK SPIDER) that stood behind the deployment and distribution of the notorious Dridex malware targeting banks and financial institutions for nearly a decade. In an attempt to evade sanctions, threat actors […]

Read More
CVE-2022-26134 Detection: Atlassian Confluence Zero-Day Vulnerability
CVE-2022-26134 Detection: Atlassian Confluence Zero-Day Vulnerability

Adversaries launch headline-making attacks against vulnerable Confluence Servers worldwide. Atlassian alerts their users to the security risks associated with an RCE flaw detected in all supported versions of Confluence (Server and Data Center). The bug is tracked as CVE-2022-26134, with the vendor rating it to be of the highest severity level. As of the 3d […]

Read More
CVE-2021-40444 and CVE-2022-30190 Exploit Detection: Cobalt Strike Beacon Delivered in a Cyber-Attack on Ukrainian State Bodies
CVE-2021-40444 and CVE-2022-30190 Exploit Detection: Cobalt Strike Beacon Delivered in a Cyber-Attack on Ukrainian State Bodies

Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]

Read More
CVE-2022-30190 Detection: Updates on Microsoft Windows RCE Vulnerability
CVE-2022-30190 Detection: Updates on Microsoft Windows RCE Vulnerability

Let’s start with a short rundown of developments regarding Windows zero-day vulnerability (CVE-2022-30190), aka Follina. Back in April 2022, a research team known under the moniker CrazymanArmy warned Microsoft of a new zero-day RCE vulnerability in one of their products. The tech corporation opted not to address the issue at that point. On May 27, […]

Read More
SOC Prime Cyber Threats Search Engine Now Includes Comprehensive MITRE ATT&CK® Visualization
SOC Prime Cyber Threats Search Engine Now Includes Comprehensive MITRE ATT&CK® Visualization

Instantly Explore the Latest Trends and Adjust Search Results to Illustrate ATT&CK Tactics and Techniques Most Relevant to Your Threat Profile SOC Prime recently released the industry-first search engine for Threat Hunting, Threat Detection, and Cyber Threat Intelligence allowing InfoSec professionals to discover comprehensive cyber threat information including relevant Sigma rules instantly convertible to 25+ […]

Read More
SOC PRIME TO PRESENT AT NINTH EU MITRE ATT&CK® COMMUNITY WORKSHOP
SOC PRIME TO PRESENT AT NINTH EU MITRE ATT&CK® COMMUNITY WORKSHOP

SOC Prime is thrilled to participate in the Ninth EU MITRE ATT&CK® Community Workshop taking place in Brussels, June 2, 2022. The upcoming event will host security practitioners and offer insights into the latest updates to the MITRE ATT&CK framework for enhanced cyber defense. The program includes a series of peer sessions and informative presentations […]

Read More
Follina Vulnerability Detection: New Microsoft Office Zero-Day Exploited in the Wild
Follina Vulnerability Detection: New Microsoft Office Zero-Day Exploited in the Wild

Cybersecurity researchers turn the spotlight on a novel zero-day vulnerability in Microsoft Office seen in the wild. On May, 27, Follina zero-day flaw was first documented and reported to have been submitted from Belarus. According to the research, the newly discovered Microsoft Office zero-day vulnerability can lead to arbitrary code execution on compromised Windows devices.  […]

Read More
Fake Proof of Concept (POC) Detection: Cyber-Attacks Targeting the InfoSec Community Exploiting Windows CVE-2022-26809 Flaw to Deliver Cobalt Strike Beacon
Fake Proof of Concept (POC) Detection: Cyber-Attacks Targeting the InfoSec Community Exploiting Windows CVE-2022-26809 Flaw to Deliver Cobalt Strike Beacon

Researchers warn the global InfoSec community of a new malware campaign aimed to spread the infamous Cobalt Strike Beacon malware via fake Proof of Concept (POC) exploits of the newly patched Windows vulnerabilities, including the critical RCE flaw tracked as CVE-2022-26809. The public availability of fake exploits in GitHub raises the stakes exposing millions of […]

Read More
XorDdos Malware Detection: Microsoft Warns of an Alarming Surge of DDoS Attacks Targeting Linux
XorDdos Malware Detection: Microsoft Warns of an Alarming Surge of DDoS Attacks Targeting Linux

In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]

Read More
CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities
CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities

On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]

Read More