The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]

The post TellYouThePass Ransomware Attack Detection: Hackers Exploit CVE-2024-4577 to Install Web Shells and Drop Malware  appeared first on SOC Prime.

Hot on the heels of the disclosure of CVE-2024-29849 and its PoC release, another security flaw is creating a buzz in the cyber threat landscape. Successful exploitation of CVE-2024-4577, which affects Windows-based PHP servers, could lead to RCE. The security bug is a CGI argument injection vulnerability that impacts all versions of PHP on the […]

The post CVE-2024-4577 Detection: A New Easy-to-Exploit PHP Vulnerability Could Lead to RCE appeared first on SOC Prime.

Another day, another threat on the radar challenging cyber defenders. This time, cybersecurity heads-up refers to a nefarious flaw identified across Veem Backup Enterprise Manager (VBEM) enabling adversaries to bypass authentication and obtain full access to the platform’s web interface. Tracked as CVE-2024-29849, the bug achieved a 9.8 CVSS score, posing an increasing menace with […]

The post CVE-2024-29849 Detection: A Critical Auth Bypass In Veeam Backup Enterprise Manager appeared first on SOC Prime.

Make the Most of Advanced Threat Detection at No Extra Cost In today’s rapidly evolving cybersecurity landscape, where both rogue actors and well-funded state-sponsored entities continuously devise sophisticated attacks, maintaining relevant and up-to-date detection capabilities is more critical than ever. In Q1 2024, APT groups from various global regions, such as China, North Korea, Iran, […]

The post SOC Prime Introduces a Fair Usage Policy appeared first on SOC Prime.

Publications In May, our content verification team received more than 300 submissions for review. After the review, and in some cases, repeated revisions with minor corrections to the code, 59 new unique threat detection rules by Threat Bounty Program content authors were successfully published on the Threat Detection Marketplace.  Explore Detections The submissions that were […]

The post Threat Bounty Program Digest — May 2024 Results appeared first on SOC Prime.

The Vermin hacking group, also known as UAC-0020, resurfaces, targeting the Armed Forces of Ukraine. In the latest “SickSync” campaign uncovered by CERT-UA in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine, adversaries once again employ SPECTR malware, which has been part of their adversary toolkit since 2019.  SickSync Campaign Targeting the […]

The post UAC-0020 aka Vermin Attack Detection: SickSync Campaign Using SPECTR Malware and SyncThing Utility to Target the Armed Forces of Ukraine appeared first on SOC Prime.

Since the onset of the Russia-Ukraine war in 2022, there has been a significant rise in offensive operations, highlighting the profound impact of geopolitical tensions on global enterprises. Multiple hacking groups continue to use Ukraine as a testing ground to extend their attack surface into European and U.S. political arenas. CERT-UA has been lately reported […]

The post UAC-0200 Attack Detection: Adversaries Launch Targeted Phishing Attacks Against Ukrainian Public Sector Leveraging DarkCrystal RAT Spread via Signal  appeared first on SOC Prime.

In mid-April 2024, CERT-UA warned defenders of repeated adversary attempts to compromise Ukrainian organizations using COOKBOX malware. Defenders observed the ongoing phishing campaign targeting Ukraine and took measures to disrupt the offensive attempts. The identified russia-linked malicious activity is tracked under the moniker FlyingYeti and overlaps with the UAC-0149 operation covered in the CERT-UA#9522 alert. […]

The post FlyingYeti Campaign Detection: russian Hackers Exploit CVE-2023-38831 to Deliver COOKBOX Malware in Ongoing Attacks Against Ukraine appeared first on SOC Prime.

There is a growing interest among hacking collectives in exploiting remote-access VPN environments by commony abusing zero-day vulnerabilities as entry points and attack vectors into enterprises. A novel critical zero-day vulnerability in Check Point Network Security gateway products tracked as CVE-2024-24919 has hit the headlines. Since April 2024, the flaw has been exploited in in-the-wild […]

The post CVE-2024-24919 Detection: Zero-Day Vulnerability Actively Exploited for In-the-Wild Attacks Against Check Point’s VPN Gateway Products appeared first on SOC Prime.

Threat actors frequently leverage remote management tools in cyber attacks via the phishing attack vector. For instance, the Remote Utilities software has been largely exploited in offensive campaigns against Ukraine. CERT-UA, in conjunction with CSIRT-NB, has recently identified a targeted cyber attack attributed to the UAC-0188 employing remote management software. Adversaries were observed gaining unauthorized […]

The post UAC-0188 Attack Detection: Hackers Launch Targeted Attacks Against Ukraine Exploiting SuperOps RMM appeared first on SOC Prime.