A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]
Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]
SOC Prime’s Detection as Code platform for collaborative cyber defense, threat hunting, and discovery continuously evolves to empower the global community with more accessible and efficient cyber defense capabilities. Striving to unlock threat hunting to a wider cybersecurity audience, SOC Prime introduced Quick Hunt, a new cutting-edge module, enabling both newcomers and seasoned experts alike […]
The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro According to the research by ESET, […]
SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]
To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]
BlackMatter ransomware is on the rise, hitting high-profile targets across the US, Europe, and Asia. Being an off-spring of the infamous DarkSide hacking collective, BlackMatter adopted the most prolific tactics from its predecessor to crash into the big ransomware game during July 2021. The joint advisory by CISA, FBI, and NSA attributes multiple attacks against […]
Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]
Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]
Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]