Meet the latest newscast about the SOC Prime Developers community! Today we want to introduce Onur Atali, a keen developer contributing to our Threat Bounty Program since June 2021. Onur is an active content creator, concentrating his efforts on Sigma rules. You can refer to Onur’s detections of the highest quality and value in Threat […]
July continues to be an effortful month for Microsoft. After the critical PrintNightmare (CVE-2021-1675) and HiveNightmare (CVE-2021-36934) vulnerabilities, security researchers have identified a critical security gap that might result in a complete Windows domain compromise. The issue, dubbed PetitPotam, takes advantage of the Encrypting File System Remote Protocol (MS-EFSRPC) and allows attackers to proceed with […]
Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]
At SOC Prime, we are constantly expanding the list of supported SIEM, EDR, and NTDR solutions to add more flexibility to Threat Detection Marketplace and streamline the threat hunting experience for security performers regardless of their XDR stack. We are glad to announce our partnership with SentinelOne to deliver curated content for this prominent security […]
McAfee Advanced Threat Research (ATR) Strategic Intelligence team has uncovered a long-lasting cyber-espionage operation targeting major telecommunication providers worldwide. According to security researchers, Chinese nation-baked hackers have planted malware to the networks of multiple US, EU, and SouthEast Asian telecom firms to carry out reconnaissance and steal secret information linked to 5G technology. The malicious […]
We are happy to announce that we have hit another major milestone on the way to delivering continuous security intelligence to the worldwide community. In a strong collaboration between the SOC Prime Team and our Threat Bounty Developer Program members, at the beginning of March 2021, we reached the number of 100,000 Detection and Response […]
Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]
New details related to epoch-making SolarWinds supply-chain attack came into light. Research from Microsoft indicates that another stand-alone APT actor might have a hand in SolarWinds Orion compromise. Particularly, cyber-criminals utilized a newly discovered zero-day bug to infect targeted instances with SUPERNOVA backdoor. New ZeroDay Vulnerability in SolarWinds Orion Software (CVE-2020-10148) The vulnerability was disclosed […]
Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]
This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]