Detection Content Creation, Submission & Release In September, the Threat Bounty Program experienced significant growth, with more submissions of detection rules for verification and a higher number of successful releases of the Threat Bounty rules to the SOC Prime Platform. We remain committed to ensuring that all members of the Threat Bounty Program make the […]

The post SOC Prime Threat Bounty Digest — September 2024 Results appeared first on SOC Prime.

Efficiency and collaboration are essential in cybersecurity. As part of the SOC Prime Platform, Uncoder AI is a a professional IDE & co-pilot for detection engiennering to streamline content creation and threat detection rule contribution. For those participating in the Threat Bounty Program, this tool makes it easier to contribute detection rules, collaborate with experts, […]

The post Uncoder AI: A Guide on Contributing Detection Rules to SOC Prime Platform via Threat Bounty Program appeared first on SOC Prime.

Another day, another challenge for cyber defenders. Recently, researchers revealed a series of critical security gaps in the OpenPrinting Common Unix Printing System (CUPS), a widely used printing service in Linux environments. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code remotely, potentially giving them control over affected systems. The discovery highlights a […]

The post Detecting CUPS Exploits: Critical Security Vulnerabilities in Linux and Unix Systems Allow Remote Code Execution appeared first on SOC Prime.

In today’s threat landscape, when the number and sophistication of cyber attacks are constantly rising, threat actors are targeting the most secure and critical systems across continents and industries. Organizations are continually improving their cyber defense posture, migrating to cloud-based security solutions that reportedly enhance real-time threat detection capabilities. Yet, as adversaries adopt new approaches, […]

The post Uncoder for Flexible Threat Detection: From Cloud to Air-Gapped Networks appeared first on SOC Prime.

The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022.  ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]

The post Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT  appeared first on SOC Prime.

A novel iteration of the RomCom malware family emerges in the cyber threat arena. The new malware, dubbed SnipBot, uses tricky anti-analysis techniques and a custom code obfuscation method to move laterally within the victim’s network and perform data exfiltration. Detect SnipBot Malware The notorious RomCom malware has resurfaced with a new SnipBot variant, actively […]

The post SnipBot Detection: A New RomCom Malware Variant Leverages a Custom Code Obfuscation Method and Sophisticated Evasion Techniques appeared first on SOC Prime.

In today’s fast-moving technological landscape, organizations face unprecedented challenges in managing their security operations. When both threats and technologies change rapidly, organizations need the agility to adapt, migrate, and use multiple security solutions without being tied down by proprietary formats. Also, as the SIEM market evolves, vendors merge or pivot their offerings, and the organizations […]

The post Vendor-Agnostic Cybersecurity: Adapting to the Future of Threat Detection appeared first on SOC Prime.

In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]

The post Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC appeared first on SOC Prime.

Hackers are weaponizing PoC exploits for newly identified vulnerabilities in Progress Software WhatsUp Gold for in-the-wild attacks. Defenders have recently uncovered RCE attacks exploiting the critical SQL injection flaws tracked as CVE-2024-6670 and CVE-2024-6671. Notably, CVE-2024-6670 has been added to CISA’s Known Exploited Vulnerabilities Catalog. Detect CVE-2024-6670, CVE-2024-6671 Progress WhatsUp Gold Exploits  In 2024, nearly […]

The post CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold  appeared first on SOC Prime.

SOC Prime Recognizes Top Threat Bounty Researchers Mastering Uncoder AI SOC Prime continues to fuel the professional development of cybersecurity experts by recognizing and celebrating individual contributions to global cyber defense. Through the Threat Bounty Program, SOC Prime empowers skilled threat researchers and detection engineers to enhance their impact on collective cybersecurity efforts. Earlier this […]

The post Celebrating Detection Engineering Excellence appeared first on SOC Prime.