Novel LostTrust ransomware emerged in the cyber threatscape in early spring 2023. However, the adversary campaign hit the headlines only in September when ransomware operators were observed leveraging data leak sites and payloads quite similar to the offensive tools used by the MetaEncryptor gang. Defenders are raising concerns in response to the growing threats as […]
Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793Â allows adversaries to gain RCE on […]
ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]
Threat Bounty monthly digests cover what’s happening in the SOC Prime Threat Bounty community. Each month, we publish the Program news and updates and give recommendations on content improvement based on our observations and analysis during Threat Bounty content verification. Threat Bounty Content Submissions During the month of August, the members of the Threat Bounty […]
Security researchers have issued a stark warning about a critical vulnerability, designated as CVE-2023-4634, which is affecting an alarming number of over 70,000 WordPress sites globally. This vulnerability originates from a security flaw in the WordPress Media Library Assistant Plugin, an extremely popular and widely used plugin within the WordPress community. With this vulnerability already […]
In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]
Threat Bounty Publications In July, enthusiastic Threat Bounty Program members submitted 775 rules for a chance of publication to the SOC Prime Platform for monetization. Before publication for monetization, all the rules are thoroughly examined by the SOC Prime team, and the rules that do not satisfy the acceptance criteria and the submissions violating the […]
Threat Bounty Publications In June, the active members of the Threat Bounty Program submitted 568 Sigma rules for a chance of publication to the SOC Prime Platform for monetization. As a result of verification, 74 rules were approved and successfully published. Explore Detections Typically enough, the most frequent reasons for rejection of content publication were: […]
As we continue to tell about our keen members of SOC Prime’s Threat Bounty community sharing stories about their professional growth and extending their expertise to developing rules contributing to global cyber defense, today we introduce Mehmet Kadir CIRIK, who joined the program in January 2023 and has been actively contributing his detections since then. […]
It has already become a good tradition in SOC Prime when Threat Bounty members share stories about their professional paths and their experience and achievements with Threat Bounty. Today we are here with Aung Kyaw Min Naing, who joined the program in June 2022 and has already proven himself as an active contributor to the […]