Part 1: Unintentional Escaped Wildcards Overview of Series This is part 1 of a multi-part series covering frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems and even some more obscure “gotchas” to think about. Some of these ideas will extend beyond SIGMA […]
The post Frequent SIGMA Mistakes Series appeared first on SOC Prime.
There are a lot of interesting cases that you can find while investigating anomalies in the traffic baselines, for example, in FTP, SSH, or HTTPS. This guide describes how to use the “Imperva WAF – Kibana Dashboard, Watchers and Machine Learning for ELK Stack” Content Pack to detect abnormal spikes of attacks identified by WAF […]
The post Detecting Network Spikes Identified by WAF for the Elastic Stack Platform appeared first on SOC Prime.
Security researchers have issued a stark warning about a critical vulnerability, designated as CVE-2023-4634, which is affecting an alarming number of over 70,000 WordPress sites globally. This vulnerability originates from a security flaw in the WordPress Media Library Assistant Plugin, an extremely popular and widely used plugin within the WordPress community. With this vulnerability already […]
The post CVE-2023-4634 Detection: Unauthenticated RCE Vulnerability in WordPress Media Library Assistant Plugin appeared first on SOC Prime.
CVE-2023-4634, which is affecting an alarming number of over 70,000 WordPress sites globally. This vulnerability originates from a security flaw in the WordPress Media Library Assistant Plugin, an extremely popular and widely used plugin within the WordPress community. With this vulnerability already being exploited in the wild and the ready availability of a proof-of-concept exploit, […]
The post CVE-2023-4634 Exploit Detection: Unauthenticated RCE Vulnerability in WordPress Media Library Assistant Plugin appeared first on SOC Prime.
The financial sector, the keystone of the global economy, has become increasingly digitized in recent years. While this transformation brings efficiency and convenience, it also exposes financial institutions to many cybersecurity challenges. Threat actors, ranging from sophisticated hacker groups to opportunistic individuals, are constantly targeting the financial sector, seeking to exploit vulnerabilities for financial gain. […]
The post Strengthening Cybersecurity in the Finance Industry Equipped with SOC Prime’s Solutions appeared first on SOC Prime.
At the turn of fall 2023, the russia-backed APT28 hacking group reemerges in the cyber threat arena, targeting the critical infrastructure of Ukrainian organizations in the power industry sector. CERT-UA has recently released a security notice covering a phishing attack from a fake sender email address containing a link to a malicious archive. Following this […]
The post APT28 Phishing Attack Detection: Hackers Target Ukrainian Energy Sector Using Microsoft Edge Downloader, TOR Software, and the Mockbin Service for Remote Management appeared first on SOC Prime.
This guide describes how to deploy Content Packs for QRadar based on the recommended example of the “SOC Prime – Sigma Custom Event Properties” content item available on the SOC Prime Platform. This recommended Content Pack contains extended Custom Event Properties used in Sigma translations. Note:SOC Prime recommends installing the Sigma Custom Event Properties Content […]
The post Installing and Configuring Content Packs for QRadar appeared first on SOC Prime.
The UAC-0057 hacking collective, aka GhostWriter, reemerges in the cyber threat arena by abusing a WinRAR zero-day tracked as CVE-2023-38831 that has been exploited in the wild since April through August 2023. The successful exploitation of CVE-2023-38831 enables attackers to infect the targeted systems with a PicassoLoader variant and Cobalt Strike Beacon malware. Notably, both […]
The post CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm appeared first on SOC Prime.
Adversaries weaponize four newly discovered RCE security flaws in the J-Web component of Junos OS tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-3684. The identified vulnerabilities can be chained together, enabling attackers to execute arbitrary code on the compromised instances. After the disclosure of a PoC exploit for chaining the Juniper JunOS flaws, cyber defenders are […]
The post Junos OS Vulnerabilities Exploit Detection: Hackers Leverage CVE-2023-36844 RCE Bug Chain Abusing Juniper Devices After PoC Release appeared first on SOC Prime.
Cybersecurity experts observe significantly growing volumes of malicious activity aimed at targeting Ukrainian public and private sectors, with offensive forces frequently relying on the phishing attack vector to proceed with the intrusion. CERT-UA notifies cyber defenders of the ongoing malicious campaign against judicial bodies and notaries in Ukraine, massively distributing emails with the lure subjects […]
The post UAC-0173 Attacks: Ukrainian Judicial Bodies and Notary Massively Targeted With AsyncRAT Malware appeared first on SOC Prime.
