Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793 allows adversaries to gain RCE on […]
Part 2: Environment-Dependent Terms Overview of Series This is part 2 of a multi-part series that will cover frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems, and even some more obscure “gotchas” to think about. Some of these ideas will extend beyond […]
Threat actors frequently set eyes on Microsoft SharePoint Server products by weaponizing a set of RCE vulnerabilities, such as CVE-2022-29108 and CVE-2022-26923. In the early summer of 2023, Microsoft issued a patch for the newly discovered SharePoint Server elevation of privilege vulnerability known as CVE-2023-29357 and considered critical. With the CVE-2023-29357 PoC exploit recently released, […]
Balance Your Cybersecurity Journey with a Single Community for Collective Cyber Defense In the ever-evolving landscape of technology, finding a welcoming and vibrant peer-driven community has never been more critical. Discord servers have emerged as digital hubs where tech enthusiasts, professionals, and learners unite. These dynamic virtual spaces transcend geographical boundaries, making it possible for […]
Proactive ransomware detection remains one of the top priorities for defenders, marked by a rise in intrusion complexity and continuously increasing high-profile ransomware attacks. FBI and CISA notify defenders of the growing volumes of cyber attacks spreading Snatch ransomware. Snatch ransomware operators have been in the limelight in the cyber threat landscape for about five […]
The new Microsoft Windows Themes security bug tracked as CVE-2023-38146, which enables attackers to perform RCE, emerges in the cyber threat arena. The proof-of-concept (PoC) exploit for this vulnerability, also known as “ThemeBleed,” has recently been released on GitHub, posing a threat to potentially infected Windows instances and arresting the attention of defenders. CVE-2023-38146 Detection […]
Part 1: Unintentional Escaped Wildcards Overview of Series This is part 1 of a multi-part series covering frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems and even some more obscure “gotchas” to think about. Some of these ideas will extend beyond SIGMA […]
There are a lot of interesting cases that you can find while investigating anomalies in the traffic baselines, for example, in FTP, SSH, or HTTPS. This guide describes how to use the “Imperva WAF – Kibana Dashboard, Watchers and Machine Learning for ELK Stack” Content Pack to detect abnormal spikes of attacks identified by WAF […]
The financial sector, the keystone of the global economy, has become increasingly digitized in recent years. While this transformation brings efficiency and convenience, it also exposes financial institutions to many cybersecurity challenges. Threat actors, ranging from sophisticated hacker groups to opportunistic individuals, are constantly targeting the financial sector, seeking to exploit vulnerabilities for financial gain. […]
At the turn of fall 2023, the russia-backed APT28 hacking group reemerges in the cyber threat arena, targeting the critical infrastructure of Ukrainian organizations in the power industry sector. CERT-UA has recently released a security notice covering a phishing attack from a fake sender email address containing a link to a malicious archive. Following this […]