FBI and CISA, in conjunction with U.S. and international cybersecurity authorities, warn the global cyber defender community about large-scale exploitation of CVE-2023-42793, a critical JetBrains TeamCity CVE potentially leading to RCE on the vulnerable instances. The related cybersecurity alert AA23-347A attributes the ongoing cyber-offensive operations to the russian Foreign Intelligence Service (SVR) represented by the […]

The post CVE-2023-42793 Detection: Large-Scale Exploitation of the JetBrains TeamCity Vulnerability by the russian Foreign Intelligence Service appeared first on SOC Prime.

Сritical vulnerabilities in popular open-source software solutions pose severe threats to global businesses that rely on the impacted products. Recently, another critical security flaw was identified in Apache OFBiz, an open-source enterprise resource planning system mainly used by large-scale businesses with over 10,000 of employees. The uncovered flaw is a pre-auth vulnerability tracked as CVE-2023-49070 […]

The post CVE-2023-49070 Exploit Detection: A Critical Pre-Auth RCE Vulnerability in Apache OFBiz  appeared first on SOC Prime.

Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]

The post Operation Blacksmith Detection: Lazarus APT Uses a CVE-2021-44228 Exploit to Deploy New DLang-Based Malware Strains appeared first on SOC Prime.

Less than a week after a phishing campaign by UAC-0050 spreading Remcos RAT, the group attempted to launch another offensive operation. In the newly uncovered massive email distribution campaign, UAC-0050 hackers target the Ukrainian and Polish public sectors, leveraging the nefarious Remcos RAT and another malware strain dubbed Meduza Stealer. UAC-0050 Attack Description: Activity Covered […]

The post Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland appeared first on SOC Prime.

Heads up! Recent Cactus ransomware attacks are getting into the spotlight. Hackers exploit critical Qlik Sense vulnerabilities to further deliver Cactus ransomware. In other ransomware campaigns, they leverage malvertising lures to spread DanaBot malware for initial access to compromised systems.  Detecting Cactus Ransomware Infections Ransomware operators are constantly seeking new ways to proceed with payload […]

The post Cactus Ransomware Detection: Attackers Launch Targeted Attacks to Spread Ransomware Strains appeared first on SOC Prime.

The infamous hacking group known as UAC-0006 has been launching offensive operations against Ukraine since 2013 primarily driven by financial gain. CERT-UA researchers recently issued a compiled overview of the group’s adversary activity aimed at raising cybersecurity awareness and minimizing risks. The group is notorious for committing financial theft by leveraging malware like SmokeLoader to […]

The post UAC-0006 Attack Detection: Overview of the Financially Motivated Group’s Campaigns Based on CERT-UA Research appeared first on SOC Prime.

Hard on the heels of the phishing attack impersonating the Security Service of Ukraine and using Remcos RAT, the hacking collective identified as UAC-0050 launched another adversary campaign against Ukraine leveraging the phishing attack vector. In these attacks targeting 15,000+ users hackers massively send emails with a subject and attachment lures related to a summons […]

The post UAC-0050 Attack Detection: Hackers Launch Another Targeted Campaign Spreading Remcos RAT  appeared first on SOC Prime.

Hot on the heels of the Zimbra zero-day vulnerability, another critical security flaw affecting popular software comes to the scene. The open-source file-sharing software ownCloud has recently disclosed a trio of disturbing security holes in its products. Among them, the max severity vulnerability tracked as CVE-2023-49103 gained the CVSS score of 10 due to the […]

The post CVE-2023-49103 Detection: A Critical Vulnerability in OwnCloud’s Graph API App Leveraged for in-the-Wild Attacks appeared first on SOC Prime.

Defenders observe a new phishing attack, in which adversaries weaponize a russian-language Microsoft Word document to distribute malware that can extract sensitive data from targeted Windows instances. Hackers behind this offensive campaign belong to a North Korean group dubbed Konni, which shares similarities with a cyber-espionage cluster tracked as Kimsuky APT.  Detect Konni Group Attacks […]

The post Konni Group Attack Detection: North Korean Hackers Leverage russian-Language Weaponized Word Document to Spread RAT Malware appeared first on SOC Prime.

Managed Detection and Response (MDR) providers operate in a realm where maintaining the integrity of client security is paramount despite the constantly evolving threat landscape and 24/7 attack risk. Always fighting on the frontline, the majority of MDR providers are seeking innovative ways to address ever-growing technical debt, overcome the risks of client SLA breach, […]

The post Accelerate Your MDR Excellence with SOC Prime appeared first on SOC Prime.