Detection Content Creation, Submission & Release December was another impressive month for the Threat Bounty Program, with the community showcasing a collaborative spirit and detection engineering skills. Despite the end-of-year hustle, Program members continued actively submitting detections to address emerging threats. In total, 33 new detection rules were successfully released to the SOC Prime Platform […]

The post SOC Prime Threat Bounty Digest — December 2024 Results appeared first on SOC Prime.

This week, over 700 new vulnerabilities have been identified, continuing the trend of rising security risks for organizations worldwide. Among the most disturbing is CVE-2024-55591, an authentication bypass vulnerability affecting FortiOS and FortiProxy. This critical zero-day flaw exposes FortiGate firewall devices to potential compromise, allowing remote attackers to gain super-admin privileges on the affected systems. […]

The post CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild appeared first on SOC Prime.

New year, new menaces for cyber defenders. Cybersecurity researchers have uncovered a novel variant of the notorious Banshee Stealer, which is increasingly targeting Apple users worldwide. This stealthy infostealer malware employs advanced evasion techniques, successfully slipping past detection by leveraging string encryption from Apple’s XProtect antivirus engine. Going exclusively after macOS users, Banshee is capable […]

The post Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption appeared first on SOC Prime.

Hot on the heels of the re-emergence of a more advanced NonEuclid RAT variant in the cyber threat arena, a novel malware iteration known as the Eagerbee backdoor poses an increasing threat to organizations in the Middle East, primarily targeting Internet Service Providers (ISPs) and state agencies. The enhanced EAGERBEE backdoor variant can deploy payloads, […]

The post EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East appeared first on SOC Prime.

In the world of data processing and messaging systems, terms like “queue” and “streaming” often come up. While they may sound similar, they serve distinct purposes and can significantly impact how systems handle data. Let’s break down their differences in a straightforward way. What Are Message Queues? Imagine a coffee shop where customers place orders […]

The post Message Queues vs. Streaming Systems: Key Differences and Use Cases appeared first on SOC Prime.

Event streaming is a powerful data processing paradigm where events—small, immutable pieces of data—are continuously produced, captured, and processed in real time. Apache Kafka, an open-source distributed event streaming platform, has become the go-to solution for implementing event streaming in modern systems. Understanding Events and Streams An event is a record of an occurrence, such as a […]

The post What is Event Streaming in Apache Kafka? appeared first on SOC Prime.

The modern-day cyber threat landscape is marked by the rise in malware variants that give attackers the green light to gain complete remote control over targeted systems, such as a nefarious Remcos RAT spread via a phishing attack vector. At the turn of January 2025, defenders unveiled an emerging stealthy malware dubbed NonEuclid RAT, which […]

The post NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System appeared first on SOC Prime.

It happens very rarely, but sometimes your cluster gets red status. Red status means that not only has the primary shard been lost but also that the replica has not been upgraded to primary in its place. However, as in the case of yellow status, you should not panic and start firing commands without finding […]

The post Elasticsearch: Cluster Status is RED appeared first on SOC Prime.

Sometimes when working with fields in SPL, it can be useful to search for and replace parts of text found in the field. Some reasons for doing this might be:– removing white space to reduce the size of the field– replacing field separators with characters that look nicer– rearranging values in a field in an […]

The post Search and Replace Text in SPL Fields with rex appeared first on SOC Prime.

In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory […]

The post CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers appeared first on SOC Prime.