Tag: Threat Bounty Program

Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware
Phemedrone Stealer Detection: Threat Actors Exploit CVE-2023-36025 Vulnerability in Windows SmartScreen to Deploy Malware

This time security researchers report a malicious campaign leveraging a now-patched Windows SmartScreen flaw (CVE-2023-36025) to drop the Phemedrone payload. Phemedrone is an open-source information stealer capable of siphoning data from crypto wallets, chatting apps, popular software, and more. Detect Phemedrom Stealer  With over 1 billion malware samples circulating in the cyber domain, security professionals […]

Read More
SOC Prime Threat Bounty Digest — November 2023 Results
SOC Prime Threat Bounty Digest — November 2023 Results

Threat Bounty Content We continue aligning the efforts with Threat Bounty Program members in enriching the SOC Prime Platform with actionable detection content for behavior detection rules. In today’s rapidly changing threat landscape, security professionals leveraging the SOC Prime Platform to defend their corporate environments rely upon SIEM content that is capable of detecting behavioral […]

Read More
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 
CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz 

Сritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]

Read More
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains
Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains

Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]

Read More
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks
CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks

Hot on the heels of the Zimbra zero-day vulnerability, another critical security flaw affecting popular software comes to the scene. The open-source file-sharing software ownCloud has recently disclosed a trio of disturbing security holes in its products. Among them, the max severity vulnerability tracked as CVE-2023-49103 gained the CVSS score of 10 due to the […]

Read More
Konni Group Attack Detection: North Korean Hackers Leverage russian-Language Weaponized Word Document to Spread RAT Malware
Konni Group Attack Detection: North Korean Hackers Leverage russian-Language Weaponized Word Document to Spread RAT Malware

Defenders observe a new phishing attack, in which adversaries weaponize a russian-language Microsoft Word document to distribute malware that can extract sensitive data from targeted Windows instances. Hackers behind this offensive campaign belong to a North Korean group dubbed Konni, which shares similarities with a cyber-espionage cluster tracked as Kimsuky APT.  Detect Konni Group Attacks […]

Read More
CVE-2023-37580 Detection: Four Hacking Groups Exploit a Zimbra Zero-Day Vulnerability Targeting State Bodies
CVE-2023-37580 Detection: Four Hacking Groups Exploit a Zimbra Zero-Day Vulnerability Targeting State Bodies

Vulnerabilities affecting popular software products, like Zimbra Collaboration Suite (ZCS), continuously expose organizations in multiple industry vectors, including the public sector, to increasing risks. Defenders exposed a minimum of four offensive operations employing a Zimbra zero-day vulnerability tracked as CVE-2023-37580, specifically designed to extract sensitive data from government entities across multiple countries. Detect CVE-2023-37580 Exploitation […]

Read More
SOC Prime Threat Bounty Digest — October 2023 Results
SOC Prime Threat Bounty Digest — October 2023 Results

Discover what’s new in SOC Prime’s Threat Bounty program and the October results.  Threat Bounty Content Submissions We are happy that the authors of the Threat Bounty rules invest their time in validating their detections with Warden and researching for existing detections, which helps them avoid duplicates while creating and submitting rules for monetization. In […]

Read More
SOC Prime Threat Bounty Digest — September 2023 Results
SOC Prime Threat Bounty Digest — September 2023 Results

Meet the new Threat Bounty Program digest that covers the recent news and updates of SOC Prime’s crowdsourced detection engineering initiative. Threat Bounty Content Submissions In September, the members of the Threat Bounty Program submitted 629 rules for review by the SOC Prime team before the publication for monetization. After the review and quality assessment, […]

Read More
Balada Injector Malware Campaign Detection: Hackers Exploit a tagDiv Composer Vulnerability Infecting Thousands of WordPress Sites
Balada Injector Malware Campaign Detection: Hackers Exploit a tagDiv Composer Vulnerability Infecting Thousands of WordPress Sites

Over a month ago, defenders warned the peer community of CVE-2023-4634, a critical WordPress vulnerability actively exploited in the wild and impacting an overwhelming number of WordPress sites across the globe. Following that campaign, another malicious operation comes to the forefront. A fresh surge in the long-lasting Balada Injector malware campaign has already impacted over […]

Read More