Tag: Vulnerability

CVE-2022-21907
Detect CVE-2022-21907: A Wormable RCE in Windows Server

Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]

Read More
The Future of Threat Detection is the Community

Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]

Read More
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits

A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]

Read More
ProxyShell Vulnerabilities
Detecting New ProxyShell Exploitation Flow

Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]

Read More
CISA’s Binding Operational Directive 22-01
Detecting Vulnerabilities Prioritized in CISA’s Binding Operational Directive 22-01

To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]

Read More
MysterySnail Attack Detection

Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]

Read More
Atom Silo Ransomware
Detecting Atom Silo Ransomware Infections

Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]

Read More
CVE-2021-22005
Detect Critical VMware vCenter Vulnerability (CVE-2021-22005) Exploitation Attempts

On September 24, 2021, CISA issued an alert warning about multiple exploitation attempts for а critical vulnerability (CVE-2021-22005) in VMware vCenter Server. A heavy number of scans for the vulnerable servers broke forth after the Vietnamese security researcher Jang published an incomplete exploit for CVE-2021-2205. Jang’s technical notes were enough for experienced hackers to produce […]

Read More
Microsoft Exchange ProxyShell Attack
Microsoft Exchange ProxyShell Attack Detection

Thousands of Microsoft Exchange servers remain vulnerable to ProxyShell remote code execution vulnerabilities despite the patches issued in April-May. To make things even worse, security researchers are observing a significant spike in scans for vulnerable Exchange servers, after the technical overview of the ProxyShell attack was revealed at the Black Hat conference on August 4-5, […]

Read More
Pulse Connect Secure Patch Bypass
CVE-2021-22937 Detection: Patch Bypass Vulnerability in Pulse Connect Secure

Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]

Read More