Tag: Threat Hunting Content

Dirty Pipe Disclosure: Gives Root Privileges, Impacts the Latest Versions of Linux
Dirty Pipe Disclosure: Gives Root Privileges, Impacts the Latest Versions of Linux

A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]

Read More
ContiLeaks: Conti Ransomware Group’s Chat and Source Code Leaked by Ukrainian Cybersecurity Researcher
ContiLeaks: Conti Ransomware Group’s Chat and Source Code Leaked by Ukrainian Cybersecurity Researcher

One of the fiercest Russia-backed ransomware actors, Conti Group, has become a victim of a data breach. On February 27, 2022, a mysterious Twitter member @ContiLeaks started publishing a series of posts linking to archives with private messages and the source code of Conti. Other posts of a whistleblower make it quite obvious that he […]

Read More
Withstanding Russian Military Aggression Together
Withstanding Russian Military Aggression Together

On Feb 24, 2022, Ukraine woke up to multiple shelling attacks across the country as Russia aggressively invaded its neighbor, violating all current international agreements. Russian troops and tanks attacked Ukrainian borders on the East, West, and North, sent by the Kremlin as a next savage step in the continuous violation of territorial integrity of […]

Read More
Stop Russia’s DDoS Protection: SOC Prime Appeals to US Tech Leaders to Prevent Aggressors From Spreading Misinformation
Stop Russia’s DDoS Protection: SOC Prime Appeals to US Tech Leaders to Prevent Aggressors From Spreading Misinformation

On February 24, 2022, Russia launched a full-scale invasion of Ukraine. Russia has called this a “Special Military Operation” for peacekeeping aimed at the “Liberation of Ukraine”. The facts illustrate something altogether different as destruction has been massive and civilian populations have suffered greatly. The war has cost the lives of 2,000 civilians, and the […]

Read More
FoxBlade Trojan Detection: Microsoft Reveals New Destructive Malware Targeting Ukrainian Infrastructure
FoxBlade Trojan Detection: Microsoft Reveals New Destructive Malware Targeting Ukrainian Infrastructure

On February 23, 2022, prior to Russia’s offensive invasion of Ukraine, a new surge of digital threats hit Ukraine just a short period after an avalanche of cyber-attacks involving data-wiping WhisperGate and HermeticWiper malware strains targeted at Ukrainian entities. Microsoft Security Intelligence Center discovered a series of attacks leveraging a novel FoxBlade malware targeting multiple […]

Read More
The World Joins the Full-Scale Cyber War as Russia Invades Ukraine
The World Joins the Full-Scale Cyber War as Russia Invades Ukraine

Collaborative Cyber Defense: Fueling the Fight to Combat Threats of Any Scale As we all now know, on February 24, 2022, the Russian Federation started an offensive invasion of Ukraine by land, air, and sea. The hostilities have now been ongoing for almost a week with Russian tanks rolling into Ukrainian territory and its missiles […]

Read More
HermeticWiper Malware Detection: CISA and FBI Advisory Warns of New Destructive Cyber-Attacks Targeting Ukrainian Organizations
HermeticWiper Malware Detection: CISA and FBI Advisory Warns of New Destructive Cyber-Attacks Targeting Ukrainian Organizations

On January 13, 2022, a devastating cyber-attack hit Ukraine, taking down online assets of the country’s government, in which attackers took advantage of a new data-wiping malware known as WhisperGate. Hard on the heels of this impactful incident, on February 23, cybersecurity analysts revealed another destructive malware targeting Ukrainian organizations dubbed HermeticWiper. This newly discovered […]

Read More
Cyclops Blink Malware Used by Sandworm APT Group Replaces VPNFilter As Reported by CISA
Cyclops Blink Malware Used by Sandworm APT Group Replaces VPNFilter As Reported by CISA

On February 23, 2022, CISA launched an alert stating that the UK National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have detected the use of a novel malicious strain known as Cyclops Blink. As a replacement of the […]

Read More
BlackByte Ransomware Detection: New Wake-Up Call
BlackByte Ransomware Detection: New Wake-Up Call

The Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) released a joint cybersecurity advisory in regards to the activities of the BlackByte Ransomware-as-a-Service (RaaS) gang. BlackByte ransomware has been used against the businesses located in the USA as the primary targets. The greatest costs fall heavily on the critical infrastructure sectors such […]

Read More
TunnelVision APT Group Exploits the Log4j
TunnelVision APT Group Exploits the Log4j

One of the most notorious exploits of 2021 made its loud entrance in the cybersecurity world in December, and now Log4Shell is back on the radar: Iran-linked TunnelVision APT did not let it rest in peace, striking with profiteering from VMware Horizon Log4j vulnerabilities, along with large-scale exploitation of Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange […]

Read More