Attackers frequently launch high-profile attacks by exploiting RCE vulnerabilities in popular software products. Cybersecurity researchers have recently identified the widespread exploitation of FortiManager instances, with 50+ potentially compromised devices across multiple industry verticals. Defenders disclosed a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks by adversaries to execute arbitrary code […]

The post CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks appeared first on SOC Prime.

Hot on the heels of the “Rogue RDP” attacks exploiting the phishing attack vector and targeting Ukrainian state bodies and military units, CERT-UA researchers uncovered another wave of phishing attacks leveraging emails with invoice-related subject lures and weaponizing HOMESTEEL malware for file theft. The UAC-0218 group is believed to be behind the ongoing adversary operation. […]

The post UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware appeared first on SOC Prime.

Adversaries frequently exploit remote management tools in their offensive campaigns, like the Remote Utilities software, which has been leveraged in cyber attacks against Ukraine, including those linked to the nefarious UAC-0050 actors. CERT-UA has issued a new alert warning defenders about an ongoing phishing email campaign against government agencies and defense sector organizations, with malicious […]

The post “Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers appeared first on SOC Prime.

At the end of summer, 2024, the FBI, Department of Defense, and CISA issued a joint advisory warning cybersecurity experts of a rise in operations by Iran-affiliated adversaries known as Pioneer Kitten. The U.S. cybersecurity authoring agencies in collaboration with international partners have recently issued another advisory AA24-290A covering the increasing activity of Iranian threat […]

The post Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations appeared first on SOC Prime.

Hard on the heels of a new wave of cyber-attacks by UAC-0050 involving cyber espionage and financial thefts and relying on a diverse number of tools, including MEDUZASTEALER, another suspicious activity comes to the spotlight in the Ukrainian cyber threat arena. CERT-UA recently launched a new alert covering spoofed phishing attacks spreading MEDUZASTEALER via Telegram […]

The post MEDUZASTEALER Detection: Hackers Distribute Malware Masquerading the Sender as Reserve+ Technical Support via Telegram Messaging Service appeared first on SOC Prime.

In the face of increasingly sophisticated cyber threats, security service providers such as MSSPs and MDRs strive to enhance threat detection capabilities while scaling their businesses. Managing detection rules across multiple security solutions in the environments of current and potential clients poses a significant challenge to service providers as they must align their service capabilities […]

The post How MSSPs and MDRs Can Maximize Threat Detection Efficiency with Uncoder AI appeared first on SOC Prime.

The UAC-0050 hacking collective notorious for its long-standing offensive operations against Ukraine steps back into the cyber threat arena. CERT-UA researchers have long been investigating the group’s activity, which primarily focuses on three key directions, including cyber espionage and financial theft, along with information and psychological operations tracked under the “Fire Cells Group” brand. Financially […]

The post UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine appeared first on SOC Prime.

Amid a spike in cyber-espionage efforts by North Korean APT groups targeting Southeast Asia under the SHROUDED#SLEEP campaign, cybersecurity experts are raising alarms about a parallel wave of attacks orchestrated by Iran-affiliated hackers. This newly discovered campaign focuses on spying on organizations across the UAE and Gulf regions. Known as Earth Simnavaz APT (also referred […]

The post Earth Simnavaz (aka APT34) Attack Detection: Iranian Hackers Leverage Windows Kernel Vulnerability to Target UAE and Gulf Region appeared first on SOC Prime.

LemonDuck, a notorious crypto-mining malware, has been observed targeting Windows servers by exploiting known vulnerabilities in Microsoft’s Server Message Block (SMB) protocol, including the EternalBlue flaw tracked as CVE-2017-0144. The malware has evolved into a more advanced threat capable of credential theft, enriched with detection evasion techniques, and spreading through multiple attack vectors. Detect LemonDuck […]

The post LemonDuck Malware Detection: Exploits CVE-2017-0144 and Other Microsoft’s Server Message BlockSMB Vulnerabilities for Cryptocurrency Mining appeared first on SOC Prime.

North Korea-affiliated APT groups have consistently ranked among the most active adversaries over the past decade. This year, security experts have observed a significant uptick in their malicious operations, driven by enhanced toolsets and an expanded range of targets. In August 2024, North Korean hackers bolstered their arsenal with the MoonPeak Trojan. A month earlier, […]

The post Shrouded#Sleep Campaign Detection: North Korean Hackers Linked to the APT37 Group Use New VeilShell Malware Targeting Southeast Asia appeared first on SOC Prime.