FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware threats continuously challenge cyber defenders with novel attack methods and malicious tricks, shaping the demand for advanced threat detection and hunting tools to proactively withs ..read more

The UAC-0184 hacking collective is back, once again setting its eyes on the Armed Forces of Ukraine. Adversaries attempt to gain access to the targeted computers to steal files and messaging data, according to the latest CERT-UA research. UAC-0184 Latest Attack Description Defenders have been observing a significant surge in the malicious activity of the UAC-0184 group throughout 2024. At the turn of the year, hackers launched a phishing campaign against Ukraine, using military-related phishing lures and Remcos RAT malware as part of their offensive toolkit.  On April 16, CERT-UA release ..read more

A novel command injection zero-day vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software hits the headlines. The highly critical flaw, identified as CVE-2024-3400, has been already exploited in a series of attacks in the wild. Detect CVE-2024-3400 Exploitation Attempts The number of vulnerabilities weaponized for in-the-wild attacks increases tremendously on a yearly basis, with over 30K new flaws being discovered solely in 2023. This makes the Detection of Vulnerability Exploitation one of the most trending cybersecurity use cases. To help cyber defenders address e ..read more

A new maximum severity vulnerability has been discovered in the Rust standard library. This vulnerability poses a serious threat to Windows users by enabling potential command injection attacks. The flaw tracked as CVE-2024-24576 specifically affects situations where batch files on Windows are executed with untrusted arguments. With the PoC code already publicly released, successful exploitation of the identified vulnerability increases the risks of in-the-wild attacks. Detect CVE-2024-24576 Exploitation Attempts Detection of Vulnerability Exploitation has remained among the top cybersecurity ..read more

Threat Bounty Publications In March 2024, 40 threat detection rules were successfully published to SOC Prime’s Platform via the Threat Bounty Program after the review of our Content Team. Although we observe an overall improvement in the quality of submissions, there are also some typical misconceptions that can be recognized in the approaches to content publication by many authors. Today, we would like to share this information with you, hoping that it will help the Threat Bounty content contributors gain more successful publications. Detection rules specifically based on the IOCs provided i ..read more

The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered adversary approach for rapidly deploying multiple independent malware branches. Detecting Hive0051 (aka UAC-0010, Gamaredon APT) Latest Attacks Hive0051, aka Gamaredon, also identified as UAC-0010, rem ..read more

Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt  With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require advanced solutions to bolster their cyber defense capabilities at scale. SOC Prime Platform for collective cyber defense offers cutting-edge t ..read more

As it was announced earlier, SOC Prime introduced digital badge recognition for Threat Bounty members.  As the first stage of the initiative, the badges were issued to Threat Bounty Program members who demonstrated outstanding results in the number of publications and whose Threat Bounty detection rules, categorized according to parameters mentioned further in this article, gained exceptional interest from the users and customers of the SOC Prime Platform. The following SOC Prime badges were issued for the publications and achievements since the launch of the Threat Bounty Program in May ..read more

Cybersecurity experts remain vigilant amidst an ongoing supply chain attack that has cast a shadow over the most widely-used Linux distributions. With its scale and sophistication reminiscent of infamous incidents like Log4j and SolarWinds, this new threat emanates from a backdoored XZ Utils (formerly LZMA Utils)—an essential data compression utility found in virtually all major Linux distros. To drive attention to this groundbreaking threat, the sneaky backdoor has been assigned a vulnerability identifier of CVE-2024-3094 with a severity rating of 10.0. XZ Utils Backdoor: Linux Supply Chain ..read more

Security researchers warn of a critical privilege escalation vulnerability in multiple macOS versions that enables unauthorized users, including those with guest rights, to gain full root access to the affected instance. Detect CVE-2023-42931 Exploitation Attempts With an exponential rise in attack volumes and sophistication, the threat landscape of 2024 is assumed to be even more challenging than last year. The cost of cyber attacks on the global economy is estimated to top US$10.5 trillion by the end of 2024. Taking into account 29K+ new CVEs discovered in 2023, with a 14,5% surge predicted ..read more