While CVE-2024-21111 exploitation risks have been a serious concern for organizations leveraging Oracle Virtualbox software, another critical vulnerability has been hitting the headlines. CrushFTP has recently reported a novel largely exploited zero-day vulnerability impacting the servers. The maximum severity flaw tracked as CVE-2024-4040 can be weaponized in a series of in-the-wild attacks against organizations in […]

The post CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations appeared first on SOC Prime.

A new vulnerability assigned CVE-2024-21111 was recently discovered in Oracle Virtualbox, a widespread open-source virtualization software. The uncovered critical Oracle VirtualBox vulnerability enables adversaries to escalate privileges to NT AUTHORITYSYSTEM via Symbolic Link, with its exploitation potentially leading to either arbitrary file deletion or arbitrary file movement. Detect CVE-2024-21111 Exploitation Attempts With the exponential rise […]

The post CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released appeared first on SOC Prime.

The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a novel custom tool dubbed GooseEgg malware to weaponize the critical CVE-2022-38028 vulnerability in Windows Print Spooler. Adversaries are launching multiple intelligence-gathering attacks targeting organizations across the globe in diverse industry sectors. Successful privilege escalation and […]

The post Forest Blizzard aka Fancy Bear Attack Detection: russian-backed Hackers Apply a Custom GooseEgg Tool to Exploit CVE-2022-38028 in Attacks Against Ukraine, Western Europe, and North America appeared first on SOC Prime.

Breaking Down Complexities for Smooth Adoption of Your Next-Scale SIEM According to Gartner, “cloud is the enabler of digital business”, which drives mission-critical organizations to consider cloud adoption and migration. SIEM migration to the cloud facilitates addressing common IT constraints, like slow time to value, limited resources, and incompatible systems. However, it is not a […]

The post AI SIEM Migration: Simplify, Optimize, Innovate appeared first on SOC Prime.

For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting Ukrainian organizations with a prime focus on the public sector and critical infrastructure. CERT-UA has recently unveiled the group’s malicious intentions to disrupt the information and communication systems of about 20 critical infrastructure organizations.  UAC-0133 […]

The post UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine appeared first on SOC Prime.

The post UAC-0149 Attacks Ukrainian Defense Forces Using Signal, CVE-2023-38831 Exploits, and COOKBOX Malware appeared first on SOC Prime.

FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware […]

The post Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia appeared first on SOC Prime.

The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the […]

The post UAC-0184 Abuses Messengers and Dating Websites to Proceed with Attacks Against Ukrainian Government and Military appeared first on SOC Prime.

A novel command injection zero-day vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software hits the headlines. The highly critical flaw, identified as CVE-2024-3400, has been already exploited in a series of attacks in the wild. Detect CVE-2024-3400 Exploitation Attempts The number of vulnerabilities weaponized for in-the-wild attacks increases tremendously on a yearly […]

The post CVE-2024-3400 Detection: A Maximum Severity Command Injection PAN-OS Zero-Day Vulnerability in GlobalProtect Software appeared first on SOC Prime.

A new maximum severity vulnerability has been discovered in the Rust standard library. This vulnerability poses a serious threat to Windows users by enabling potential command injection attacks. The flaw tracked as CVE-2024-24576 specifically affects situations where batch files on Windows are executed with untrusted arguments. With the PoC code already publicly released, successful exploitation […]

The post CVE-2024-24576 Detection: Hackers Exploit a  Maxim Severity “BatBadBut” Rust Vulnerability to Target Windows Users appeared first on SOC Prime.