LockBit operators are accelerating rapidly. The gang has been on cybersecurity professionalsā radar since 2019, revamping with the launch of a LockBit ransomware version 2.0 in June 2021. On February 07, 2022, The Federal Bureau of Investigations (FBI) released IOCs, warning about LockBit 2.0 ransomware attacks. The current data suggest that the novel campaign is […]
One month into 2022, there is no foreseeable slump in attacks; on the contrary, the cybersecurity field is bustling. The landscape is familiar: lurking hackers and security practitioners working doggedly to ensure no rest for the former. Late January, a new attack campaign, launched by a North Korea-linked APT, was discovered by the Malwarebytes Threat […]
Adversaries are searching for new means of turning up the heat, this time bringing new, Rust-written ransomware to attack organizations in the U.S., Europe, Australia, India, and the Philippines. ALPHV BlackCat ransomware developers target Windows and Linux OSs through 3rd party framework/toolset (e.g., Cobalt Strike) or by exploiting vulnerable applications. The BlackCat gang is now […]
What goes on in the dark must come out in the light. Security experts have revealed an especially dangerous 12-year-old bug affecting nearly all Linux hosts. The flaw enables full root access on literally any Linux machine for a local, unprivileged threat actor if successfully exploited. CVE-2021-4034 (PwnKit) Description While the cyber domain is still […]
Catch the latest newscast about SOC Prime’s community! Today we want to introduce Nattatorn Chuensangarun, a prolific detection content author contributing to our Threat Bounty Program since August 2021. Nattatorn is an active content developer, concentrating his efforts on Sigma rules. You can refer to Nattatorn’s detections of the highest quality and value in the […]
A newly minted UEFI firmware malicious implant dubbed āMoonBounceā is ravaging in the wild. The threat is believed to be the handiwork of a Chinese-speaking APT41 hacking gang, aka Double Dragon or Winnti. This UEFI rootkit is set out to cause a stir, having already obtained the title of the most stealthy of all the […]
December ā21 Results In December 2021, Threat Bounty Program developers contributed 219 new detections to the SOC Prime Platform. To ensure the continuous quality enhancement of the published content, 231 rules earlier released by Threat Bounty authors were improved and updated.Ā SOC Prime Threat Bounty results for the previous month are available in NOVEMBER ā21 […]
November ā21 Results In November 2021, Threat Bounty Program developers contributed 243 new detections to the SOC Prime Platform. Moreover, 89 rules previously published by Threat Bounty authors to the Threat Detection Marketplace repository were improved and updated. As SOC Prime aims as delivering only the content of the highest standards, the total of 245 […]
Meet Babadeda, a new notorious crypter in the arsenal of threat actors. The malware has been actively leveraged by adversaries since May 2021 to bypass security protections and covertly deliver a variety of threats to unsuspecting victims. Multiple infostealers and remote access Trojans (RATs) have been deployed with the help of Babadeda. Moreover, LockBit maintainers […]
SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]