In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform. More than […]
On October 4, 2021, Facebook – and all the major services Facebook owns – went down for approximately six hours. The social media “blackout” started at 11:40 Eastern Time (ET) right after Facebook Domain Name System (DNS) records had become unavailable. The incident analysis from Cloudflare details that DNS names for Facebook just stopped resolving, […]
Microsoft has recently uncovered yet another piece of malware leveraged by the infamous NOBELIUM APT group since spring 2021. The new threat, dubbed FoggyWeb, acts as a post-exploitation backdoor able to exfiltrate information from Active Directory Federation Services (AD FS) servers. Malware has been used in targeted attacks against multiple organizations globally while staying unnoticed […]
Notorious Zloader banking Trojan is back with a brand new attack routine and evasive capabilities. Latest Zloader campaigns leverage a new infection vector switching from spam and phishing to malicious Google ads. Furthermore, a sophisticated mechanism to disable Microsoft Defender modules helps Zloader to fly under the radar. According to the researchers, the latest shift […]
Meet the latest newscast about the SOC Prime Developers community! Today we want to introduce Onur Atali, a keen developer contributing to our Threat Bounty Program since June 2021. Onur is an active content creator, concentrating his efforts on Sigma rules. You can refer to Onur’s detections of the highest quality and value in Threat […]
July continues to be an effortful month for Microsoft. After the critical PrintNightmare (CVE-2021-1675) and HiveNightmare (CVE-2021-36934) vulnerabilities, security researchers have identified a critical security gap that might result in a complete Windows domain compromise. The issue, dubbed PetitPotam, takes advantage of the Encrypting File System Remote Protocol (MS-EFSRPC) and allows attackers to proceed with […]
Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]
At SOC Prime, we are constantly expanding the list of supported SIEM, EDR, and NTDR solutions to add more flexibility to Threat Detection Marketplace and streamline the threat hunting experience for security performers regardless of their XDR stack. We are glad to announce our partnership with SentinelOne to deliver curated content for this prominent security […]
McAfee Advanced Threat Research (ATR) Strategic Intelligence team has uncovered a long-lasting cyber-espionage operation targeting major telecommunication providers worldwide. According to security researchers, Chinese nation-baked hackers have planted malware to the networks of multiple US, EU, and SouthEast Asian telecom firms to carry out reconnaissance and steal secret information linked to 5G technology. The malicious […]
We are happy to announce that we have hit another major milestone on the way to delivering continuous security intelligence to the worldwide community. In a strong collaboration between the SOC Prime Team and our Threat Bounty Developer Program members, at the beginning of March 2021, we reached the number of 100,000 Detection and Response […]