SOC Prime Threat Bounty Digest — April 2024 Results
Threat Bounty Publications Enthusiastic members of the Threat Bounty Program submitted more than 250 detections for review and a chance…
Threats
Black Basta Activity Detection: FBI, CISA & Partners Warn of Increasing Ransomware Attacks Targeting Critical Infrastructure Sectors, Including Healthcare
As of May 2024, the nefarious Black Basta ransomware operators have breached over 500 global organizations. In response to the…
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise
Defenders have disclosed critical cybersecurity issues in F5’s Next Central Manager, which are tracked as CVE-2024-21793 and CVE-2024-26026, giving potential…
Cuckoo Malware Detection: New macOS Spyware & Infostealer Targeting Intel and ARM-Based Macs
Cybersecurity researchers have recently uncovered a novel malicious strain dubbed Cuckoo malware, which mimics the capabilities of spyware and an…
SOC Prime’s Integration Highlights with Amazon Security Lake
Insights into Proactive Threat Detection & Automated Threat Hunting in the Era of Security Data Lakes On May 30, 2023,…
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations
While CVE-2024-21111 exploitation risks have been a serious concern for organizations leveraging Oracle Virtualbox software, another critical vulnerability has been…
CVE-2024-21111 Detection: A New Critical Local Privilege Escalation Vulnerability in Oracle VirtualBox with the PoC Exploit Released
A new vulnerability assigned CVE-2024-21111 was recently discovered in Oracle Virtualbox, a widespread open-source virtualization software. The uncovered critical Oracle…
Forest Blizzard aka Fancy Bear Attack Detection: russian-backed Hackers Apply a Custom GooseEgg Tool to Exploit CVE-2022-38028 in Attacks Against Ukraine, Western Europe, and North America
The nefarious cyber-espionage hacking collective tracked as Forest Blizzard (aka Fancy Bear, STRONTIUM, or APT28) has been experimenting with a…
AI SIEM Migration: Simplify, Optimize, Innovate
Breaking Down Complexities for Smooth Adoption of Your Next-Scale SIEM According to Gartner, “cloud is the enabler of digital business”,…
UAC-0133 (Sandworm) Attack Detection: russia-Linked Hackers Aim to Cripple the Information and Communication Systems of 20 Critical Infrastructure Organizations Across Ukraine
For over a decade, the nefarious russia-backed Sandworm APT group (aka UAC-0133, UAC-0002, APT44, or FROZENBARENTS) has been consistently targeting…