A new critical vulnerability in Ivanti Virtual Traffic Manager (vTM) instances comes into the spotlight. Tracked as CVE-2024-7593, the critical authentication bypass vulnerability enables remote attackers to create rogue admin accounts. The public availability of the PoC exploit code increases the risk of CVE-2024-7593 exploitation in real-world attacks. Detect CVE-2024-7593 Exploitation Attempts In 2023, over […]

The post CVE-2024-7593 Detection: A Critical Vulnerability in Ivanti Virtual Traffic Manager Enables Unauthorized Admin Access appeared first on SOC Prime.

In today’s rapidly evolving cybersecurity landscape, organizations face numerous challenges in safeguarding their digital assets. SOC Prime offers a suite of solutions designed to address some of the most pressing cybersecurity problems. This blog explores how SOC Prime’s Threat Detection Marketplace (TDM), Uncoder AI, and Attack Detective can solve five common issues. Start Now Request […]

The post How SOC Prime Products Address 5 Cybersecurity Challenges appeared first on SOC Prime.

The increasing number of phishing attacks requires immediate attention from defenders, underscoring the need for increasing cybersecurity awareness and bolstering the organization’s cyber hygiene. Following the UAC-0102 attack targeting UKR.NET users, another hacking collective tracked as UAC-0198 leverages the phishing attack vector to target the Ukrainian state bodies and massively distribute ANONVNC (MESHAGENT) malware to […]

The post UAC-0198 Attack Detection: Adversaries Massively Distribute Phishing Emails Spreading ANONVNC (MESHAGENT) Malware to Target Ukrainian State Bodies appeared first on SOC Prime.

Defenders have discovered a novel APT group dubbed Actor240524, which applies an advanced adversary toolkit to evade detection and gain persistence. At the turn of July 2024, adversaries performed a spear-phishing campaign against diplomats from Azerbaijan and Israel. Attackers leveraged a malicious Word document featuring content in Azerbaijani and masquerading as official documentation designed to […]

The post Actor240524 Attack Detection: Novel APT Group Targets Israeli and Azerbaijani Diplomats Using ABCloader and ABCsync Malware appeared first on SOC Prime.

The ever-growing volumes of ransomware attacks, the increased number of financially motivated hacking collectives, and soaring global ransomware damage costs are shaking up the modern cyber threat arena. The FBI and CISA have recently issued a novel alert notifying defenders of the emergence of the BlackSuit ransomware, the evolution of Royal ransomware enriched with enhanced […]

The post BlackSuit (Royal) Ransomware Detection: The FBI and CISA Warn Defenders of Ransomware Rebranding with Enhanced Capabilities appeared first on SOC Prime.

Detection Content Creation, Submission & Release Members of the Threat Bounty community continue to explore and leverage the potential of Uncoder AI to develop their practical detection engineering skills and monetize their own detection rules with the SOC Prime Platform. In July, 37 new detections by Threat Bounty Program members were successfully released on the […]

The post Threat Bounty Program Digest — July 2024 Results appeared first on SOC Prime.

Following in-the-wild attacks exploiting CVE-2024-37085 by diverse ransomware gangs, defenders encounter a new variant of the nefarious Proton ransomware family dubbed Zola. Zola strain displays sophisticated capabilities as a result of the ransomware family’s multiple iterations and upgrades, incorporating privilege escalation, disk overwriting functionality, and a kill switch that terminates processes if a Persian keyboard […]

The post Zola Ransomware Detection: Proton Family Evolves with a New Ransomware Variant Featuring a Kill Switch appeared first on SOC Prime.

The nefarious russian state-sponsored APT28 hacking collective, also known as Fighting Ursa, is coming into the spotlight. Since early spring 2024, adversaries have been targeting diplomats in a long-term offensive campaign, leveraging a car for sale as a phishing lure to distribute HeadLace malware. Detect Fighting Ursa aka APT28 Attacks Spreading HeadLace Malware The continuously […]

The post Fighting Ursa (aka APT28) Attack Detection: Adversaries Target Diplomats Using a Car for Sale as a Phishing Lure to Spread HeadLace Malware appeared first on SOC Prime.

A couple of weeks after the disclosure of CVE-2024-38112, a critical vulnerability exploited by the Void Banshee group to deploy the Atlantida stealer, another security flaw came into the spotlight. Multiple ransomware groups have weaponized a recently patched vulnerability in VMware ESXi hypervisors tracked as CVE-2024-37085 to gain elevated privileges and distribute file-encrypting malicious samples. […]

The post CVE-2024-37085 Detection: Ransomware Groups Actively Exploit a Newly Patched Vulnerability in VMware ESXi Hypervisors to Gain Full Administrative Privileges appeared first on SOC Prime.

The FBI, CISA, and leading cybersecurity authorities have issued a warning over growing North Korean cyber-espionage operations linked to the nation-backed hacking group tracked as Andariel. The group’s cyber-espionage activity involves the collection of critical data and intellectual property, thereby advancing the regime’s military and nuclear objectives and aspirations. Detecting Andariel Attacks Described in CISA […]

The post Andariel Attack Detection: FBA, CISA, and Partners Warn of an Increasing Global Cyber-Espionage Campaign Linked to the North Korean State-Sponsored Group appeared first on SOC Prime.