Tag: Threat Bounty Program

Adversaries Hack Microsoft SQL Servers to Install Proxyware and Steal Bandwidth
Adversaries Hack Microsoft SQL Servers to Install Proxyware and Steal Bandwidth

Security analysts report an increasing number of cases of adversarial abuse of software called ‘proxyware’. Users can install proxyware (operated via the client application) and become bandwidth donors by sharing their internet connection via services like Peer2Profit and IPRoyal. The hosts, incentivized with monetary rewards, enable other users to access the web from their location […]

Read More
Ducktail Infostealer Detection: Criminal Hackers Hijack Business Accounts With New Malware
Ducktail Infostealer Detection: Criminal Hackers Hijack Business Accounts With New Malware

Financially motivated criminal hackers leverage a new infostealer dubbed Ducktail to exfiltrate browser cookies and take over victims’ Facebook Business accounts. The evidence suggests that the adversaries behind the campaign are Vietnam-based, primarily targeting professionals working in HR, management, and marketing. The beginning of the active development of the Ducktail campaign can be traced back […]

Read More
Luca Malware Detection: Novel Infostealer Grabs The Headlines
Luca Malware Detection: Novel Infostealer Grabs The Headlines

A new infostealer is getting traction after its source code was shared earlier this month on cybercrime forums. Researchers suggest that the malware developers took this step as a marketing ploy to build a reputation and increase future sales. The malware developer has also included instructions on how to edit this Rust-based stealer and compile […]

Read More
Detection as Code Benefits: On Embracing The Future of Cyber Defense to Fuel Your Next-Gen SOC
Detection as Code Benefits: On Embracing The Future of Cyber Defense to Fuel Your Next-Gen SOC

Over the course of the past decade, we have field-tested the argument that manual threat detection processes can no longer keep up with the current security demands. It has already been adamantly established that an era of Everything as Code (EaC) is a new reality, and security teams seeking innovation are putting its novel approaches […]

Read More
Threat Bounty Program: First Steps to Monetizing Your Detection Engineering Skills
Threat Bounty Program: First Steps to Monetizing Your Detection Engineering Skills

SOC Prime Threat Bounty Program has been connecting skilled freelance detection engineers for over three years and has undergone many changes and improvements. Today, the Program is a unique opportunity to improve Detection Engineering skills, monetize the created detections, and make a personal portfolio with the leading Detection as Code platform. Introduction to Threat Bounty […]

Read More
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions

Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.  […]

Read More
H0lyGh0st Detection: New Ransomware Tied to North Korean APT
H0lyGh0st Detection: New Ransomware Tied to North Korean APT

New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC)  reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]

Read More
CVE-2022-32223 Detection: New Vulnerability in Node.js
CVE-2022-32223 Detection: New Vulnerability in Node.js

Researchers discovered that Node.js, an open source server environment, is susceptible to dynamic link library (DLL) hijacking if OpenSSL is installed on the target. The affected versions include all of the 16.x, and 14.x releases lines. Detect CVE-2022-32223 To timely identify possible system breaches through the exploitation of the CVE-2022-32223 flaw, download a Sigma rule […]

Read More
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining

With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victims’ devices and leveraging them for crypto mining. CISA […]

Read More
Maui Ransomware Detection: Novel Threat Targeting U.S. Healthcare and Public Health Sector
Maui Ransomware Detection: Novel Threat Targeting U.S. Healthcare and Public Health Sector

Brace yourself for the new ransomware threat! On July 6, 2022, the FBI, CISA, and the Department of Treasury issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware actively leveraged by the North Korean APT group to target organizations in the U.S. healthcare and public health sectors. The attacks have been observed since […]

Read More