New cybercriminals called Exotic Lily were recently analyzed by Google’s Threat Analysis Group (TAG). The activity of this financially motivated group has been observed since at least September 2021. After thorough investigation, it is fair to suggest that Exotic Lily cybercrime group is an Initial Access Broker (IAB) that is interested in obtaining unlawful access […]
A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]
A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]
Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]
Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]
A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]
Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]
To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]
Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]
Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]