In early October 2023, the UAC-0006 group was observed behind a series of at least four cyber attacks targeting Ukraine, as CERT-UA researchers report. Attackers applied a similar adversary toolkit as in July 2034, leveraging SmokeLoader in the latest phishing campaign.  SmokeLoader Delivery: UAC-0006 Attack Analysis  On October 6, 2023, CERT-UA released four alerts notifying […]

The post SmokeLoader Malware Detection: UAC-0006 Hackers Launch a Wave of Phishing Attacks Against Ukraine Targeting Accountants appeared first on SOC Prime.

Atlassian has recently notified defenders of a critical privilege escalation vulnerability in its Confluence software. The uncovered issue identified as CVE-2023-22515 poses severe risks to impacted Confluence installations as it is actively weaponized by attackers. Detect CVE-2023-22515 Exploits With the ever-increasing numbers of CVEs leveraged in real-world attacks, proactive detection of vulnerability exploitation remains one […]

The post CVE-2023-22515 Detection: A Critical Zero-Day in Confluence Data Center & Server Under Active Exploitation appeared first on SOC Prime.

Fortifying Your Defense with SOC Prime Platform Financial organizations have always been a juicy target for nation-backed adversaries since they are constantly seeking additional profit streams. Advanced Persistent Threats (APTs) targeting the financial sector can have devastating consequences, as they aim to compromise financial institutions, steal sensitive data, and disrupt financial systems. APTs run sustained […]

The post Unmasking the Most Dangerous APTs Targeting the Financial Sector appeared first on SOC Prime.

Hot on the heels of the adversary campaigns abusing the CVE-2023-29357 vulnerability in Microsoft SharePoint Server causing a pre-auth RCE chain, another security flaw that can enable attackers to perform RCE causes a stir in the cyber threatscape. A critical vulnerability in the JetBrains TeamCity CI/CD server tracked as CVE-2023-42793 allows adversaries to gain RCE on […]

The post CVE-2023-42793 Detection: An Authentication Bypass Vulnerability Leading to RCE on JetBrains TeamCity Server appeared first on SOC Prime.

Threat actors frequently set eyes on Microsoft SharePoint Server products by weaponizing a set of RCE vulnerabilities, such as CVE-2022-29108 and CVE-2022-26923. In the early summer of 2023, Microsoft issued a patch for the newly discovered SharePoint Server elevation of privilege vulnerability known as CVE-2023-29357 and considered critical. With the CVE-2023-29357 PoC exploit recently released, […]

The post CVE-2023-29357 Detection: Microsoft SharePoint Server Elevation of Privilege Vulnerability Exploitation Can Lead to Pre-Auth RCE Chain appeared first on SOC Prime.

Balance Your Cybersecurity Journey with a Single Community for Collective Cyber Defense In the ever-evolving landscape of technology, finding a welcoming and vibrant peer-driven community has never been more critical. Discord servers have emerged as digital hubs where tech enthusiasts, professionals, and learners unite. These dynamic virtual spaces transcend geographical boundaries, making it possible for […]

The post Engage, Empower, and Enjoy SOC Prime’s Community on Discord appeared first on SOC Prime.

Proactive ransomware detection remains one of the top priorities for defenders, marked by a rise in intrusion complexity and continuously increasing high-profile ransomware attacks. FBI and CISA notify defenders of the growing volumes of cyber attacks spreading Snatch ransomware. Snatch ransomware operators have been in the limelight in the cyber threat landscape for about five […]

The post Snatch Ransomware Detection: FBI & CISA Issue a Joint Alert Warning of Growing Attacks by Snatch RaaS Operators appeared first on SOC Prime.

The new Microsoft Windows Themes security bug tracked as CVE-2023-38146, which enables attackers to perform RCE, emerges in the cyber threat arena. The proof-of-concept (PoC) exploit for this vulnerability, also known as “ThemeBleed,” has recently been released on GitHub, posing a threat to potentially infected Windows instances and arresting the attention of defenders. CVE-2023-38146 Detection […]

The post CVE-2023-38146 Detection: Windows “ThemeBleed” RCE Bug Poses Growing Risks with the PoC Exploit Release appeared first on SOC Prime.

ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]

The post ShadowPad Trojan Detection: Redfly Hackers Apply a Nefarious RAT to Hit National Power Grid Organization in Asia appeared first on SOC Prime.

Threat Bounty monthly digests cover what’s happening in the SOC Prime Threat Bounty community. Each month, we publish the Program news and updates and give recommendations on content improvement based on our observations and analysis during Threat Bounty content verification. Threat Bounty Content Submissions During the month of August, the members of the Threat Bounty […]

The post SOC Prime Threat Bounty Digest — August 2023 Results appeared first on SOC Prime.