In February 2023, SOC Prime launched its Discord server community connecting aspiring cybersecurity enthusiasts and seasoned experts in a single place. The community serves as the world’s largest open-source hub for Threat Hunters, CTI and SOC Analysts, and Detection Engineers — anyone having a genuine passion for cybersecurity. Currently, our Discord server hosts over 1,500 […]

The post SOC Prime on Discord: Join a Single Community for All Cyber Defenders to Benefit from Shared Expertise appeared first on SOC Prime.

Being active since 2019, Cuba ransomware operators constantly evolve their attack methods and seem not to stop that. The most recent malicious operations against organizations in the U.S. and Latin America rely on the combination of novel and older tooling. Particularly, Cuba maintainers added a Veeam exploit (CVE-2023-27532) to their offensive toolkit to obtain sensitive […]

The post Detect Cuba Ransomware Threat Group Infections: New Tooling Applied in Attacks Against Critical Infrastructure Organizations in the U.S. appeared first on SOC Prime.

Heads up! Cybersecurity experts notify defenders of a zero-day flaw compromising Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances. The flaw tracked as CVE-2023-3519 can lead to RCE and is observed to be actively leveraged by adversaries in the wild with the PoC exploit released to GitHub. Detect CVE-2023-3519 Exploitation Attempts The growing […]

The post CVE-2023-3519 Detection: RCE Zero-Day in Citrix NetScaler ADC and NetScaler Gateway Exploited in the Wild appeared first on SOC Prime.

Cybersecurity researchers have observed a new malicious campaign targeting Ministries of Foreign Affairs of NATO-related countries. Adversaries distribute PDF documents used as lures and masquerading the sender as the German embassy. One of the PDF files contains Duke malware attributed to the nefarious russian nation-backed hacking collective tracked as APT29 aka NOBELIUM, Cozy Bear, or […]

The post Adversaries Use Weaponized PDFs Disguised as German Embassy Lures to Spread Duke Malware Variant in Attacks Against Ministries of Foreign Affairs of NATO-Aligned Countries  appeared first on SOC Prime.

In today’s world of rapidly evolving technologies, organizations are facing two huge challenges “how to handle” and “how to protect a vast amount of data.” This is where Splunk comes in handy. This SIEM helps businesses collect, analyze, and monitor log files. It has become a necessity now as it gives credible information to companies. […]

The post Okta & Splunk Integration Guide appeared first on SOC Prime.

Cyber defenders observe growing volumes of cyber attacks against Ukraine and its allies launched by the russian offensive forces, with the aggressor frequently leveraging the phishing attack vector and the public sector serving as the primary target.  CERT-UA notifies cyber defenders of the ongoing phishing campaign against Ukrainian state bodies massively distributing emails with the […]

The post New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies appeared first on SOC Prime.

Phishing remains one of the most prevalent attacker techniques as a response to a continuous surge in phishing campaigns across the globe, which creates a growing demand for detection content against related threats. Cyber defenders have observed the latest malicious campaigns leveraging the phishing attack vector, in which hackers exploit Google Accelerated Mobile Pages (AMP) […]

The post Google AMP Exploited in Phishing Attacks Targeting Enterprise Users appeared first on SOC Prime.

Cybersecurity heads up! After a series of security holes in Pulse Connect Secure SSL VPN appliance affected multiple organizations back in 2021, a new critical zero-day has been recently revealed in Ivanti products. The novel security issue impacting Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated API access to specific paths. By exploiting the flaw, […]

The post Detect CVE-2023-35078 Exploitation: Critical Authentication Bypass Zero-Day in Ivanti Endpoint Manager Mobile (EPMM) appeared first on SOC Prime.

UAC-0006 hacking collective is on the rise, actively targeting Ukrainian organizations with SmokeLoader malware in a long-lasting campaign aimed at financial profits. The latest CERT-UA cybersecurity alert details that the hacking group has launched a third massive cyber-attack in a row, severely threatening the banking systems across the country.  Analyzing UAC-0006 Phishing Campaign Aimed at […]

The post Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks appeared first on SOC Prime.

Cyber defenders have observed a recent surge in cyber attacks spreading Mallox ransomware. For a period of two years, ransomware operators have been abusing MS-SQL servers as the initial access vector to spread the infection further. Detect Mallox Ransomware With the growing activity of the Mallox ransomware gang and their ambitions to expand the impact […]

The post Mallox Ransomware Detection: Increasing Attacks Abusing MS-SQL Servers appeared first on SOC Prime.