Tag: SOC

Practical Application of the MITRE ATT&CK Framework for SOC/Cybersecurity Analysts: Mapping Techniques to Real-World Threats
This article highlights a significant gap in threat detection capabilities within SIEM technologies, which reportedly only cover 19% of the MITRE ATT&CK techniques. Focusing on the MOVEit Transfer attack in 2023, it illustrates the importance of the MITRE ATT&CK framework for cybersecurity analysts in mapping real-world threats, enhancing detection rules, and improving incident response strategies.…
Read More
Cyber Insights 2025: Social Engineering Gets AI Wings
Summary: Cyber Insights 2025 highlights the evolution of social engineering as a significant cybersecurity threat, particularly with the rise of generative AI. Experts predict that AI will enhance social engineering tactics, making them more sophisticated and widespread, thereby increasing the risk of cyberattacks. The article emphasizes the inherent human nature of social engineering and the challenges in mitigating its effects on individuals and organizations.…
Read More
From Noise to Clarity: The Value of MalOp™ Technology in Modern Cyber Defense
This article discusses the latest MITRE ATT&CK® Evaluations for 2024, focusing on advanced threats such as ransomware and macOS attacks. It highlights Cybereason’s MalOp™ technology, which offers a comprehensive view of attacker activities, enhancing security operations by reducing alert fatigue and improving incident response. Affected: Windows, macOS

Keypoints :

The MITRE ATT&CK® Evaluations assess how well security vendors combat advanced threats.…
Read More
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities – SOC Prime
Recent vulnerabilities in Ivanti Cloud Service Appliances (CSA) pose significant risks, allowing adversaries to exploit them through various chains. The CISA and FBI alert highlights the need for immediate action, as attackers have been able to gain access, execute remote code, and compromise sensitive networks. Affected: Ivanti Cloud Service Appliances, Enterprise Security

Keypoints :

Ivanti Cloud Service Appliances (CSAs) face critical vulnerabilities tracked as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.…
Read More
From SIEM to Ticketing: Streamlining Security Operations with Cado’s Export Capabilities
Cado’s export capabilities enhance security operations by streamlining data flow between SIEMs, ticketing systems, and forensic platforms. This integration reduces manual errors, improves efficiency, and ensures timely incident resolution. Affected: Cado platform, SIEMs, ticketing systems

Keypoints :

Modern SOCs face challenges with manual data transfers and incompatible formats.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More
Automating Threat Data Retrieval: How ThreatConnect, Polarity, and the TQL Generator are Changing the Game | ThreatConnect
This article discusses the challenges faced by CTI Analysts in investigating phishing campaigns and how tools like ThreatConnect, Polarity, and the TQL Generator can streamline workflows by automating data retrieval, enriching threat intelligence, and improving real-time collaboration. Affected: organizations, cybersecurity analysts

Keypoints :

CTI Analysts often struggle with slow manual processes when investigating threats.…
Read More
Supercharge Your CTI: AI-Powered IOC Collection with ChatGPT, Inoreader and Google Drive
This article outlines a proof-of-concept for automating the collection and processing of Indicators of Compromise (IOCs) using Inoreader, Google Drive, and OpenAI’s GPT-4. The workflow aims to enhance the efficiency of Cyber Threat Intelligence (CTI), Incident Response (IR), and Security Operations Center (SOC) teams by transforming raw data into actionable insights.…
Read More
CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution
The article discusses the critical Microsoft Outlook vulnerability CVE-2025-21298, which allows remote code execution (RCE) through specially crafted emails. This zero-click flaw has a CVSS score of 9.8 and poses significant risks to email security. Immediate action is recommended, including applying patches and utilizing detection tools.…
Read More
MintsLoader: StealC and BOINC Delivery
eSentire’s Threat Response Unit (TRU) has identified a campaign involving MintsLoader malware, which delivers payloads like Stealc through spam emails. This campaign primarily affects organizations in the Electricity, Oil & Gas, and Legal Services sectors in the US and Europe. The malware employs various evasion techniques and utilizes a Domain Generation Algorithm (DGA) to communicate with its command and control servers.…
Read More

Summary: The video discusses how to become one of the top 1% of cyber security candidates by emphasizing the importance of hands-on technical projects, networking on LinkedIn, having tailored resumes, and effective interview preparation.

Keypoints:

Obtain hands-on technical cyber security projects to enhance your resume, as they make you a stronger candidate compared to just having certifications.…
Read More
Microsoft January Security Update for High-Risk Vulnerabilities in Multiple Products
Microsoft has released a security update patch addressing 159 vulnerabilities across various products, including critical remote code execution and privilege escalation vulnerabilities. Users are urged to apply these patches promptly to mitigate risks. Affected: Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, Microsoft Edge

Keypoints :

Microsoft released a security update on January 14, fixing 159 vulnerabilities.…
Read More
CISA shares guidance for Microsoft expanded logging capabilities
Summary: CISA has released guidance for government agencies and enterprises on utilizing expanded cloud logs in Microsoft 365 for forensic and compliance investigations. The new Microsoft Purview Audit (Standard) logging capabilities enhance threat-hunting efforts, particularly in response to a significant Exchange Online breach attributed to the threat actor Storm-0558.…
Read More
Understanding the Technology that Powers the Cado Platform
The Cado platform revolutionizes cloud forensics and incident response by leveraging cloud-native architecture, integrating threat intelligence, and utilizing AI for faster investigations. This approach significantly reduces the time needed to respond to security incidents, enhances the context of alerts, and improves overall security readiness. Affected: AWS, Azure, GCP

Keypoints :

Cado platform is designed for multi-cloud environments, specifically AWS, Azure, and GCP.…
Read More
Campaign TrailRansomHub Ransomware: Darktrace’s Investigation of the Newest Tool in ShadowSyndicate’s ArsenalbyQing Hong Kwa
Darktrace’s investigation into RansomHub attacks revealed connections to the ShadowSyndicate threat group, which has been active since July 2022. ShadowSyndicate has adopted RansomHub’s ransomware services, leading to a surge in attacks across various sectors in late 2024. The attacks involved complex tactics, including data exfiltration and file encryption, with ransom notes threatening data leaks.…
Read More