Vulnerabilities affecting popular software expose thousands of organizations in diverse industry sectors to severe threats. October has been rich in uncovering critical security flaws in widely used software products, like CVE-2023-4966, a hazardous Citrix NetScaler vulnerability, and CVE-2023-20198 zero-day affecting Cisco IOS XE. In the last decade of October 2023, defenders warned the global community […]

The post CVE-2023-43208 Detection: NextGen’s Mirth Connect RCE Vulnerability Exposes Healthcare Data to Risks appeared first on SOC Prime.

Offensive forces continuously look for new ways to gain access to the domain environment and sustain their presence by leveraging multiple attack vectors and experimenting with diverse adversary tools and techniques. For instance, they can take advantage of revealed security flaws as in the case of adversary attempts to exploit the vulnerability in Microsoft’s Windows […]

The post Detection Content to Address Attacker Techniques Covered in the “Domain of Thrones: Part I” Research appeared first on SOC Prime.

Adding to the list of critical Citrix NetScaler zero-days, security researchers warn of a new dangerous vulnerability (CVE0-2023-4966) continuously exploited in the wild despite a patch issued in October. Marked as an information-disclosure flaw, CVE-2023-4966 enables threat actors to hijack existing authenticated sessions and potentially result in a multifactor authentication (MFA) bypass. According to security […]

The post CVE-2023-4966 Detection: Critical Citrix NetScaler Vulnerability Actively Exploited In the Wild appeared first on SOC Prime.

Microsoft 365 (M365) is leveraged by over a million global companies, which can pose severe threats to the customers relying on this popular software in case of compromise. Since it possesses a set of default configurations, adversaries can set their eyes on them and exploit the latter exposing affected users to significant security risks, which […]

The post GraphRunner Activity Detection: Hackers Apply a Post-Exploitation Toolset to Abuse Microsoft 365 Default Configurations appeared first on SOC Prime.

Hard on the heels of a new surge in the long-running Balada Injector campaign exploiting CVE-2023-3169, another critical security bug in popular software products comes to the spotlight. A new privilege escalation vulnerability affecting Cisco IOS XE software is actively exploited in the wild to help install implants on the impacted devices. The uncovered zero-day […]

The post CVE-2023-20198 Detection: Cisco IOS XE Zero-Day Vulnerability Actively Exploited to Install Implants appeared first on SOC Prime.

Meet the new Threat Bounty Program digest that covers the recent news and updates of SOC Prime’s crowdsourced detection engineering initiative. Threat Bounty Content Submissions In September, the members of the Threat Bounty Program submitted 629 rules for review by the SOC Prime team before the publication for monetization. After the review and quality assessment, […]

The post SOC Prime Threat Bounty Digest — September 2023 Results appeared first on SOC Prime.

CERT-UA researchers notify defenders of the persistent malicious campaign impacting more than 11 telecom providers. The UAC-0165 group behind these destructive attacks has been targeting the Ukrainian telecom sector for a period of over 5 months aiming to cripple the critical infrastructure, which fuels the need for thorough research among defenders to preempt potential threats. […]

The post UAC-0165 Activity Detection: Destructive Cyber Attacks Targeting Ukrainian Telecom Providers  appeared first on SOC Prime.

Over a month ago, defenders warned the peer community of CVE-2023-4634, a critical WordPress vulnerability actively exploited in the wild and impacting an overwhelming number of WordPress sites across the globe. Following that campaign, another malicious operation comes to the forefront. A fresh surge in the long-lasting Balada Injector malware campaign has already impacted over […]

The post Balada Injector Malware Campaign Detection: Hackers Exploit a tagDiv Composer Vulnerability Infecting Thousands of WordPress Sites appeared first on SOC Prime.

How Automation Technology is Reshaping Stress Management in Security Operations Before getting into cybersecurity, did you think of yourself as a stress-resilient individual and now you realize that you are pushed to your limits? Well, it might not be just your problem. Recent research among 1,027 members of security teams in the U.S. and Europe […]

The post The Human Side of Cybersecurity: Unmasking the Alarming Stress & Burnout appeared first on SOC Prime.

Novel LostTrust ransomware emerged in the cyber threatscape in early spring 2023. However, the adversary campaign hit the headlines only in September when ransomware operators were observed leveraging data leak sites and payloads quite similar to the offensive tools used by the MetaEncryptor gang. Defenders are raising concerns in response to the growing threats as […]

The post LostTrust Ransomware Detection: SFile and Mindware Advancement, Successor of MetaEncryptor Gang appeared first on SOC Prime.