Detection Content Creation, Submission & Release In September, the Threat Bounty Program experienced significant growth, with more submissions of detection rules for verification and a higher number of successful releases of the Threat Bounty rules to the SOC Prime Platform. We remain committed to ensuring that all members of the Threat Bounty Program make the […]
In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]
Hackers are weaponizing PoC exploits for newly identified vulnerabilities in Progress Software WhatsUp Gold for in-the-wild attacks. Defenders have recently uncovered RCE attacks exploiting the critical SQL injection flaws tracked as CVE-2024-6670 and CVE-2024-6671. Notably, CVE-2024-6670 has been added to CISA’s Known Exploited Vulnerabilities Catalog. Detect CVE-2024-6670, CVE-2024-6671 Progress WhatsUp Gold Exploits In 2024, nearly […]
SOC Prime Recognizes Top Threat Bounty Researchers Mastering Uncoder AI SOC Prime continues to fuel the professional development of cybersecurity experts by recognizing and celebrating individual contributions to global cyber defense. Through the Threat Bounty Program, SOC Prime empowers skilled threat researchers and SIEM rules engineers to enhance their impact on collective cybersecurity efforts. Earlier […]
Right after the joint advisory by FBI, CISA, and partners warning of a significant shift in the RansomHub RaaS group activity, security researchers have spotted the novel trick by adversaries misusing Kaspersky’s legitimate TDSSKiller software to disable Endpoint Detection and Response (EDR) systems. Once they’ve bypassed defenses, attackers turn to the LaZagne tool, siphoning login […]
Detection Content Creation, Submission & Release August 2024 was challenging for the global cyber community, but it was also full of opportunities for SOC Prime’s Threat Bounty members to gain personal recognition and cash for their contributions. During August, 22 detections were successfully released to the SOC Prime Platform, and twice as many detections were […]
Ransomware continues to be a leading global threat to organizations, with attacks becoming more frequent and increasingly sophisticated. Recently, a new Ransomware-as-a-Service (RaaS) group, Repellent Scorpius, has emerged, intensifying the challenge for cyber defenders. This novel actor drives the distribution of the Cicada3301 ransomware, employing a double-extortion tactic to maximize profits while expanding their affiliate […]
The latest stats highlight that in 2023, adversaries deployed an average of 200,454 unique malware scripts per day, equating to roughly 1.5 new samples per minute. To proceed with successful malware attacks, threat actors are juggling with different malicious methods in an attempt to overcome security protections. The latest malicious campaign in the spotlight spoofs […]
Hot on the heels of the joint cybersecurity advisory warning defenders of the Iran-backed Pioneer Kitten’s collaboration with multiple ransomware groups, another spike in ransomware activity is causing a stir in the cyber threat landscape. The FBI, CISA, and partners recently issued a joint alert covering the increased offensive activity of the RansomHub RaaS operators, […]
New day, new malware causing menace for cyber defenders. Hot on the heels of the novel MoonPeak Trojan, security experts have uncovered yet another malicious sample actively used in the ongoing attacks. Dubbed PEAKLIGHT, the novel memory-only threat applies a sophisticated, multi-stage attack chain to infect Windows instances with a variety of infostealers and loaders. […]