Cybersecurity awards play a much more profound role than simply giving out yearly titles to companies and products. They support the industry’s evolution by acknowledging the most promising and effective solutions. Besides, events like this unite influential people in the industry, inspiring even more ideas. One of them is the Cybersecurity World Awards®, initiated by […]

The post What Are the Cybersecurity World Awards? appeared first on SOC Prime.

In the dynamic and ever-changing realm of cybersecurity, attackers demonstrate unwavering determination as they continuously come up with innovative techniques to circumvent security measures and infiltrate systems that cannot be easily deemed vulnerable. One such technique that has gained prominence is the Squiblydoo attack. This attack specifically targets the exploitation of legitimate applications or files […]

The post Squiblydoo Attack Analysis, Detection, and Mitigation appeared first on SOC Prime.

Cybersecurity researchers warn defenders of yet another phishing campaign dubbed MULTI#STORM, in which hackers abuse JavaScript files to drop RAT malware onto the targeted systems. The MULTI#STORM attack chain contains multiple stages with the final one spreading Quasar RAT and Warzone RAT samples. According to the investigation, in this campaign threat actors have set eyes […]

The post MULTI#STORM Attack Detection: A New Phishing Campaign Spreading Multiple Remote Access Trojans and Targeting U.S. and India appeared first on SOC Prime.

CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook with a CVSS base score of 9.8. It was first disclosed on March 14, 2023, and attributed to APT28, also known as Fancy Bear or Strontium – a threat actor associated with the Russian General Staff Main Intelligence Directorate (GRU). The vulnerability is […]

The post Microsoft Outlook Vulnerability CVE-2023-23397 Detection appeared first on SOC Prime.

With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene.  […]

The post CVE-2020-35730, CVE-2021-44026, CVE-2020-12641 Exploit Detection: APT28 Group Abuses Roundcube Flaws In Spearphishing Espionage Attacks appeared first on SOC Prime.

On June 16, 2023, CERT-UA researchers issued a new alert covering the recently discovered malicious activity targeting the National Defense University of Ukraine, named after Ivan Cherniakhovskyi, the country’s leading military educational institution. In this ongoing campaign, threat actors spread PicassoLoader and Cobalt Strike Beacon on the compromised systems via a malicious file containing a […]

The post PicassoLoader and Cobalt Strike Beacon Detection: UAC-0057 aka GhostWriter Hacking Group Attacks the Ukrainian Leading Military Educational Institution appeared first on SOC Prime.

Since russia’s full-scale invasion of Ukraine, the aggressor’s offensive forces have launched an avalanche of cyber-espionage campaigns against Ukraine and its allies, mainly targeting government agencies and frequently leveraging the phishing attack vector. The infamous hacking collective dubbed Shuckworm (Armageddon, Gamaredon), which is known to have links with russia’s FSB, has been observed behind a […]

The post Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations appeared first on SOC Prime.

Since the outbreak of russia’s full-scale invasion of Ukraine, the aggressor has been targeting multiple cyber attacks against Ukraine and its allies, with a growing number of state-sponsored hacking collectives emerging and resurfacing in the cyber threat arena. During the conflict, russia’s offensive forces have launched over 2,100 attacks with disparate levels of sophistication and […]

The post Cadet Blizzard’s Activity Detection: Novel russia-Linked Nation-Backed Threat Actor Tracked as DEV-0586 Comes to the Scene appeared first on SOC Prime.

As we continue to tell about our keen members of SOC Prime’s Threat Bounty community sharing stories about their professional growth and extending their expertise to developing rules contributing to global cyber defense, today we introduce Mehmet Kadir CIRIK, who joined the program in January 2023 and has been actively contributing his detections since then. […]

The post Interview with Threat Bounty Developer – Mehmet Kadir CIRIK appeared first on SOC Prime.

On February 24, 2022, a little more than a year ago, the russian federation started an offensive invasion of Ukraine by land, air, and sea. The war escalated in cyberspace as well. As a result, we are now witnessing the first-ever full-fledged cyber war in human history, with multiple offensive counterparts engaged in attacks against […]

The post Asylum Ambuscade Attack Detection: Hacking Collective Engaged in Multiple Cyber-Espionage and Financially-Motivated Cybercrime Campaigns appeared first on SOC Prime.