Continuously Stream Selected Detection Content from the SOC Prime Platform to Your GitHub Repository SOC Prime launches integration with GitHub, enabling security engineers to automatically push prioritized detection content directly to a private GitHub repository. By enabling this capability, teams can stream detection algorithms that match predefined criteria and their current security needs to the […]

The post SOC Prime Platform Integration with GitHub appeared first on SOC Prime.

The financially motivated group identified as UAC-0006 has been actively launching phishing attacks targeting Ukraine throughout 2023. CERT-UA team reports the reemergence of UAC-0006 in the cyber threat landscape in spring 2024. In the ongoing campaigns, hackers attempt to distribute SMOKELOADER, the common malicious sample from the group’s adversary toolkit. UAC-0006 Latest Activity Analysis Spreading […]

The post UAC-0006 Attack Detection: Financially Motivated Group Actively Launches Phishing Attacks Against Ukraine Delivering SMOKELOADER Malware appeared first on SOC Prime.

Defenders have uncovered the increasing malicious activity of the Void Manticore group linked to Iran’s Ministry of Intelligence and Security (MOIS). Adversaries, also known as Storm-842, are behind a series of destructive cyber attacks against Israel. Void Manticore is also tracked under the monikers Homeland Justice and Karma, expanding the scope of its intrusions beyond […]

The post Void Manticore Attack Detection: Iranian Hackers Launch Destructive Cyber Attacks Against Israel appeared first on SOC Prime.

Heads up! The nefarious cyber-espionage group Kimsuky APT, aka Springtail, enriches its offensive toolkit with a novel malware variant dubbed Linux.Gomir. The novel backdoor, which is considered to be a Linux iteration of the GoBear malware, is leveraged by adversaries in the ongoing cyber attacks against South Korean organizations. Detect Gomir Backdoor Delivered by Kimsuky […]

The post Linux Backdoor Gomir Detection: North Korean Kimsuky APT aka Springtail Spreads New Malware Variant Targeting South Korean Organizations appeared first on SOC Prime.

With the global digitalization of the financial sector, organizations are exposed to escalating risks in numerous sophisticated financially-motivated cyber attacks. Throughout April, cybersecurity researchers have identified a surge in malicious operations attributed to the nefarious russia’s hacking collective known as FIN7 massively targeting organizations worldwide for financial gain. Adversaries have been observed abusing weaponized Google […]

The post FIN7 Attack Detection: russia-linked Financially-Motivated Group Exploits Google Ads to Drop NetSupport RAT via MSIX App Installer Files appeared first on SOC Prime.

Threat Bounty Publications Enthusiastic members of the Threat Bounty Program submitted more than 250 detections for review and a chance to have their detections published on the SOC Prime Platform and rating-based rewards. All the rules were carefully reviewed by our team of distinguished detection engineers, and as a result, 59 of the submitted rules […]

The post SOC Prime Threat Bounty Digest — April 2024 Results appeared first on SOC Prime.

As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the escalating threats, the U.S.’s leading and global cybersecurity agencies have issued a joint cybersecurity advisory warning defenders of the group’s increasing activity, which has already affected dozens of critical infrastructure organizations, including the healthcare sector. […]

The post Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare appeared first on SOC Prime.

Defenders have disclosed critical cybersecurity issues in F5’s Next Central Manager, which are tracked as CVE-2024-21793 and CVE-2024-26026, giving potential adversaries the green light to seize control over the impacted installation. Upon successful exploitation, hackers can create accounts on any F5 assets to establish persistence and perform further malicious activities. Detecting CVE-2024-21793 & CVE-2024-26026 Exploits […]

The post CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise appeared first on SOC Prime.

Cybersecurity researchers have recently uncovered a novel malicious strain dubbed Cuckoo malware, which mimics the capabilities of spyware and an infostealer and can run on both Intel and Arm-based Mac computers. Detect Cuckoo Malware The surge in ongoing infostealing attacks using macOS malware fuels the need for strengthening defenses. SOC Prime Platform curates a set […]

The post Cuckoo Malware Detection: New macOS Spyware & Infostealer Targeting Intel and ARM-Based Macs  appeared first on SOC Prime.

Insights into Proactive Threat Detection & Automated Threat Hunting in the Era of Security Data Lakes On May 30, 2023, SOC Prime, provider of the foremost platform for collective cyber defense, announced its support for Amazon Security Lake. For a one-year period since the integration release, SOC Prime has helped organizations supercharge threat detection and […]

The post SOC Prime’s Integration Highlights with Amazon Security Lake appeared first on SOC Prime.