This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom StealerĀ With over 1 billion malware samples circulating in the cyber domain, security professionals […]
Threat Bounty Content We continue aligning the efforts with Threat Bounty Program members in enriching the SOC Prime Platform with actionable detection content for behavior detection rules. In todayās rapidly changing threat landscape, security professionals leveraging the SOC Prime Platform to defend their corporate environments rely upon SIEM content that is capable of detecting behavioral […]
Š”ritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]
Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.Ā Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]
Hot on the heels of the Zimbra zero-day vulnerability, another critical security flaw affecting popular software comes to the scene. The open-source file-sharing software ownCloud has recently disclosed a trio of disturbing security holes in its products. Among them, the max severity vulnerability tracked as CVE-2023-49103 gained the CVSS score of 10 due to the […]
Defenders observe a new phishing attack, in which adversaries weaponize a russian-language Microsoft Word document to distribute malware that can extract sensitive data from targeted Windows instances. Hackers behind this offensive campaign belong to a North Korean group dubbed Konni, which shares similarities with a cyber-espionage cluster tracked as Kimsuky APT. Detect Konni Group Attacks […]
Vulnerabilities affecting popular software products, like Zimbra Collaboration Suite (ZCS), continuously expose organizations in multiple industry vectors, including the public sector, to increasing risks. Defenders exposed a minimum of four offensive operations employing a Zimbra zero-day vulnerability tracked as CVE-2023-37580, specifically designed to extract sensitive data from government entities across multiple countries. Detect CVE-2023-37580 Exploitation […]
Discover whatās new in SOC Primeās Threat Bounty program and the October results.Ā Threat Bounty Content Submissions We are happy that the authors of the Threat Bounty rules invest their time in validating their detections with Warden and researching for existing detections, which helps them avoid duplicates while creating and submitting rules for monetization. In […]
Meet the new Threat Bounty Program digest that covers the recent news and updates of SOC Primeās crowdsourced detection engineering initiative. Threat Bounty Content Submissions In September, the members of the Threat Bounty Program submitted 629 rules for review by the SOC Prime team before the publication for monetization. After the review and quality assessment, […]
Over a month ago, defenders warned the peer community of CVE-2023-4634, a critical WordPress vulnerability actively exploited in the wild and impacting an overwhelming number of WordPress sites across the globe. Following that campaign, another malicious operation comes to the forefront. A fresh surge in the long-lasting Balada Injector malware campaign has already impacted over […]