Security experts warn of the notorious stealthy malware dubbed BatLoader, which has been increasingly infecting instances worldwide over the last few months. The notorious threat acts as a malware downloader dropping a variety of malicious payloads on the victims’ systems. During the latest campaigns, BatLoader has been observed delivering banking Trojans, ransomware samples, information stealers, […]
The infamous China-linked Earth Preta (aka Mustang Panda, Bronze President, TA416) APT group has been attributed to a wave of spear-phishing attacks against global organizations in multiple industry sectors, including government institutions, primarily in Asia Pacific regions. Cybersecurity researchers have observed that threat actors abused fake Google accounts to spread different strains of malware, including […]
October ‘22 Publications In October, the members of Threat Bounty Program actively contributed detections for critical emerging threats. After the SOC Prime validation, 256 detections were successfully released on the Platform and thus were included into monetization based on the client’s activities. Read Blog Explore Detections However, 375 rules were rejected to be published. SOC […]
The Black Basta ransomware group emerged in the cyber threat arena in April 2022. Although the hacking collective can be considered relatively new to the cyber offensive domain, they have already gained a notorious reputation for rapidly evolving its adversary toolkit and adapting more sophisticated tools. Cybersecurity researchers tie the latest activity of Black Basta […]
Another day, another exploit emerges in the wild to cause a headache for security practitioners. VMware warns of a public exploit code available for a recently-patched critical remote code execution (RCE) vulnerability (CVE-2021-39144) in VMware Cloud Foundation and NSX Manager. Leveraging this flaw, unauthenticated threat actors might execute the malicious code with the highest system […]
With crypto mining attacks significantly increasing over the past couple of years, increasing awareness of cryptojacking is of paramount importance. Cybersecurity researchers have recently uncovered a massive cryptojacking campaign abusing free CI/CD service providers, with over 30 GitHub, 2,000 Heroku, and 900 Buddy accounts compromised. Dubbed PURPLEURCHIN, the malicious operation applies sophisticated obfuscation techniques and […]
SOC Prime Threat Bounty Program keeps uniting enthusiastic and keen detection content developers who joined the community to contribute to collective cyber defense and monetize their exclusive detections on the SOC Prime Platform. Please meet Wirapong Petshagun who joined the Threat Bounty community in June 2022 and has been regularly publishing high-quality rules to help […]
Throughout 2021-2022, ransomware continues to be one of the dominant trends in the cyber threat landscape, illustrated by the increasing sophistication of intrusions and a rapidly growing number of ransomware affiliates. Cybersecurity researchers warn of the ongoing malicious campaigns, which target Windows users and distribute Magniber ransomware disguised as software updates. Detect Magniber Ransomware Magniber […]
September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]
Heads up! A new critical vulnerability is on the radar. Fortinet has recently disclosed an authentication bypass vulnerability in its FortiOS, FortiProxy, and FortiSwitchManager appliances. The security flaw tracked as CVE-2022-40684 is actively exploited in the wild, posing a serious risk to Fortinet’s customers leveraging vulnerable product instances. Detect CVE-2022-40684 Exploitation Attempts In view of […]