Efficiency and collaboration are essential in cybersecurity. As part of the SOC Prime Platform, Uncoder AI is a a professional IDE & co-pilot for detection engiennering to streamline content creation and threat detection rule contribution. For those participating in the Threat Bounty Program, this tool makes it easier to contribute detection rules, collaborate with experts, […]
The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022. ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]
In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]
Hackers are weaponizing PoC exploits for newly identified vulnerabilities in Progress Software WhatsUp Gold for in-the-wild attacks. Defenders have recently uncovered RCE attacks exploiting the critical SQL injection flaws tracked as CVE-2024-6670 and CVE-2024-6671. Notably, CVE-2024-6670 has been added to CISA’s Known Exploited Vulnerabilities Catalog. Detect CVE-2024-6670, CVE-2024-6671 Progress WhatsUp Gold Exploits In 2024, nearly […]
SOC Prime Recognizes Top Threat Bounty Researchers Mastering Uncoder AI SOC Prime continues to fuel the professional development of cybersecurity experts by recognizing and celebrating individual contributions to global cyber defense. Through the Threat Bounty Program, SOC Prime empowers skilled threat researchers and SIEM rules engineers to enhance their impact on collective cybersecurity efforts. Earlier […]
Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]
The latest stats highlight that in 2023, adversaries deployed an average of 200,454 unique malware scripts per day, equating to roughly 1.5 new samples per minute. To proceed with successful malware attacks, threat actors are juggling with different malicious methods in an attempt to overcome security protections. The latest malicious campaign in the spotlight spoofs […]
Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]
New day, new malware causing menace for cyber defenders. Hot on the heels of the novel MoonPeak Trojan, security experts have uncovered yet another malicious sample actively used in the ongoing attacks. Dubbed PEAKLIGHT, the novel memory-only threat applies a sophisticated, multi-stage attack chain to infect Windows instances with a variety of infostealers and loaders. […]
In the first half of 2024, North Korea-affiliated adversaries have significantly ramped up their activities, broadening both their malicious toolsets and range of targets. Security experts have observed a notable uptick in supply-chain attacks and trojanized software installers, underscoring a growing trend among North Korean state-sponsored groups. Recently, security professionals discovered a brand new malware […]