Tag: Threat Detection Marketplace

FlyingYeti Campaign Detection: russian Hackers Exploit CVE-2023-38831 to Deliver COOKBOX Malware in Ongoing Attacks Against Ukraine
FlyingYeti Campaign Detection: russian Hackers Exploit CVE-2023-38831 to Deliver COOKBOX Malware in Ongoing Attacks Against Ukraine

In mid-April 2024, CERT-UA warned defenders of repeated adversary attempts to compromise Ukrainian organizations using COOKBOX malware. Defenders observed the ongoing phishing campaign targeting Ukraine and took measures to disrupt the offensive attempts. The identified russia-linked malicious activity is tracked under the moniker FlyingYeti and overlaps with the UAC-0149 operation covered in the CERT-UA#9522 alert. […]

Read More
SOC Prime Platform Integration with GitHub
SOC Prime Platform Integration with GitHub

Continuously Stream Selected Detection Content from the SOC Prime Platform to Your GitHub Repository SOC Prime launches integration with GitHub, enabling security engineers to automatically push prioritized detection content directly to a private GitHub repository. By enabling this capability, teams can stream detection algorithms that match predefined criteria and their current security needs to the […]

Read More
Linux Backdoor Gomir Detection: North Korean Kimsuky APT aka Springtail Spreads New Malware Variant Targeting South Korean Organizations
Linux Backdoor Gomir Detection: North Korean Kimsuky APT aka Springtail Spreads New Malware Variant Targeting South Korean Organizations

Heads up! The nefarious cyber-espionage group Kimsuky APT, aka Springtail, enriches its offensive toolkit with a novel malware variant dubbed Linux.Gomir. The novel backdoor, which is considered to be a Linux iteration of the GoBear malware, is leveraged by adversaries in the ongoing cyber attacks against South Korean organizations. Detect Gomir Backdoor Delivered by Kimsuky […]

Read More
FIN7 Attack Detection: russia-linked Financially-Motivated Group Exploits Google Ads to Drop NetSupport RAT via MSIX App Installer Files
FIN7 Attack Detection: russia-linked Financially-Motivated Group Exploits Google Ads to Drop NetSupport RAT via MSIX App Installer Files

With the global digitalization of the financial sector, organizations are exposed to escalating risks in numerous sophisticated financially-motivated cyber attacks. Throughout April, cybersecurity researchers have identified a surge in malicious operations attributed to the nefarious russia’s hacking collective known as FIN7 massively targeting organizations worldwide for financial gain. Adversaries have been observed abusing weaponized Google […]

Read More
SOC Prime Threat Bounty Digest — April 2024 Results
SOC Prime Threat Bounty Digest — April 2024 Results

Threat Bounty Publications Enthusiastic members of the Threat Bounty Program submitted more than 250 detections for review and a chance to have their detections published on the SOC Prime Platform and rating-based rewards. All the rules were carefully reviewed by our team of distinguished detection engineers, and as a result, 59 of the submitted rules […]

Read More
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise

Defenders have disclosed critical cybersecurity issues in F5’s Next Central Manager, which are tracked as CVE-2024-21793 and CVE-2024-26026, giving potential adversaries the green light to seize control over the impacted installation. Upon successful exploitation, hackers can create accounts on any F5 assets to establish persistence and perform further malicious activities. Detecting CVE-2024-21793 & CVE-2024-26026 Exploits […]

Read More
Cuckoo Malware Detection: New macOS Spyware & Infostealer Targeting Intel and ARM-Based Macs 
Cuckoo Malware Detection: New macOS Spyware & Infostealer Targeting Intel and ARM-Based Macs 

Cybersecurity researchers have recently uncovered a novel malicious strain dubbed Cuckoo malware, which mimics the capabilities of spyware and an infostealer and can run on both Intel and Arm-based Mac computers. Detect Cuckoo Malware The surge in ongoing infostealing attacks using macOS malware fuels the need for strengthening defenses. SOC Prime Platform curates a set […]

Read More
SOC Prime’s Integration Highlights with Amazon Security Lake
SOC Prime’s Integration Highlights with Amazon Security Lake

Insights into Proactive Threat Detection & Automated Threat Hunting in the Era of Security Data Lakes On May 30, 2023, SOC Prime, provider of the foremost platform for collective cyber defense, announced its support for Amazon Security Lake. For a one-year period since the integration release, SOC Prime has helped organizations supercharge threat detection and […]

Read More
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations

While CVE-2024-21111 exploitation risks have been a serious concern for organizations leveraging Oracle Virtualbox software, another critical vulnerability has been hitting the headlines. CrushFTP has recently reported a novel largely exploited zero-day vulnerability impacting the servers. The maximum severity flaw tracked as CVE-2024-4040 can be weaponized in a series of in-the-wild attacks against organizations in […]

Read More
CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released
CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released

A new vulnerability assigned CVE-2024-21111 was recently discovered in Oracle Virtualbox, a widespread open-source virtualization software. The uncovered critical Oracle VirtualBox vulnerability enables adversaries to escalate privileges to NT AUTHORITY\SYSTEM via Symbolic Link, with its exploitation potentially leading to either arbitrary file deletion or arbitrary file movement. Detect CVE-2024-21111 Exploitation Attempts With the exponential rise […]

Read More