Tag: SOC

Cyber Insights 2025: Cyber Threat Intelligence
Summary: SecurityWeekโ€™s Cyber Insights 2025 explores expert predictions on the evolution of Cyber Threat Intelligence (CTI) over the next year, emphasizing its critical role in proactive cybersecurity strategies. The report highlights the need for accurate, actionable intelligence to combat increasingly sophisticated cyber threats.

Threat Actor: Various | threat actors Victim: Organizations globally | organizations globally

Key Point :

CTI is essential for understanding the nature of cyber threats and enabling proactive defense strategies.…
Read More

โžก๏ธ ๐๐ซ๐ž-๐ซ๐ž๐ช๐ฎ๐ข๐ฌ๐ข๐ญ๐ž๐ฌโญ Introduction to Malware Analysis https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Introduction-to-Malware-Analysis.mdโญ Malware Analyst Guide 2024 https://youtu.be/tUsx0I0TK54โžก๏ธ ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐๐ซ๐จ๐ฃ๐ž๐œ๐ญ๐ฌโญ Static Analysis of a Simple Malware Sample https://github.com/0xrajneesh/Malware-Analysis-Projects-for-Beginners/blob/main/Project Static Analysis of a Simple Malware Sample.mdโญ Analyzing FTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%232-analyzing-ftp-logs-using-splunk-siem.mdโญ Analyzing HTTP Log Files Using Splunk SIEM https://github.com/0xrajneesh/Splunk-Projects-For-Beginners/blob/main/project%233-analyzing-http-logs-using-splunk-siem.mdโญ…

Read More
Hunt for RedCurl | Huntress
Huntress discovered ongoing cyberespionage activities linked to the APT group RedCurl, targeting various organizations in Canada since late 2023. The group employs unique tactics involving scheduled tasks and PowerShell scripts to exfiltrate data without detection. Their methods include using legitimate Windows binaries for malicious purposes, making detection challenging.…
Read More
On the CaseDetecting and mitigating adversary-in-the-middle phishing attacks with Darktrace ServicesbyJustin Torres
Adversary-in-the-Middle (AiTM) phishing kits, particularly the Mamba 2FA, represent a significant evolution in phishing tactics, enabling attackers to intercept and manipulate communications in real-time. These kits create convincing decoy pages that mimic legitimate services, allowing for the harvesting of sensitive information, including multi-factor authentication tokens. The rise of Phishing-as-a-Service (PhaaS) platforms has made these sophisticated attacks more accessible to cybercriminals.…
Read More
EAGERBEE Malware Detection New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East SOC Prime
The Eagerbee backdoor, a new malware variant, poses a significant threat to organizations in the Middle East, especially targeting ISPs and state agencies. This malware has advanced capabilities, including payload deployment and command execution. The rise in cyberattacks globally highlights the need for proactive detection methods to combat evolving threats.…
Read More
CryptBot: Hunting for initial access vector –
Summary: CryptBot, an infostealer malware, continues to proliferate primarily through fake cracked software and Pay-Per-Install services, posing significant threats to users’ sensitive information. Despite legal actions by Google, new domains for CryptBot’s command-and-control infrastructure have emerged, indicating ongoing challenges in combating this malware.

Threat Actor: CryptBot Operators | CryptBot Operators Victim: Users of Cracked Software | users of cracked software

Key Point :

CryptBot is primarily distributed through fake cracked software and Pay-Per-Install solutions like PrivateLoader.…
Read More
Eagerbee Malware Updates Its Arsenal to Attack ISPs and Government Entities
The Kaspersky investigation into the EAGERBEE backdoor highlights its deployment in Middle Eastern ISPs and government entities, utilizing a service injector to compromise systems. The backdoor operates through a plugin architecture, enabling remote control and various malicious functionalities. Its exploitation of vulnerabilities and stealthy techniques poses significant risks.…
Read More
The cyber threat landscape in 2025 is expected to be influenced by technological advancements, evolving cybercriminal tactics, and geopolitical tensions. Organizations need to enhance their cybersecurity measures to address these emerging challenges effectively. Affected Platform: Cybersecurity, Operational Technology, AI, IoT, Supply Chain

Keypoints :

The cyber threat landscape is becoming increasingly sophisticated and hazardous.…
Read More
A series of recent security vulnerabilities and incidents have been reported, including a new “DoubleClickjacking” flaw that bypasses clickjacking protections, an open-source project One-API infected with mining software, and a significant data leak affecting residents in Rhode Island. Other issues include vulnerabilities in D-Link routers and Palo Alto firewalls, as well as risks associated with the emerging low-altitude economy.…
Read More

The video discusses the future of cyber security and features insights from a special guest, Unix Guy, who shares his perspective on the current job market, valuable areas to focus on, and tips for future-proofing a cyber security career.

Keypoints:

Optimal areas for cyber security careers in 2025 include blue team roles, particularly SOC Analysts and Cyber Analysts, due to high demand.…
Read More

This article highlights the silent threat of info stealers and emphasizes the importance of visibility and proactive measures for organizations to mitigate risks associated with leaked credentials. It provides strategic insights for decision-makers on how to address these threats effectively. #InfoStealers #Cybersecurity #CredentialManagement

Keypoints :

Info stealers are subtle but dangerous threats in the cybersecurity landscape.…
Read More

The Digital Operational Resilience Act (DORA) is a crucial regulation set to take effect in 2025, aimed at enhancing operational resilience across the EU financial sector. It imposes significant penalties for non-compliance, emphasizing the need for organizations to proactively manage digital risks and third-party relationships. #DORA #OperationalResilience #Cybersecurity

Keypoints :

DORA will be enforced starting January 2025, targeting organizations with a daily turnover exceeding โ‚ฌ50 million.…
Read More

Adversary-in-the-Middle (AiTM) phishing kits, particularly the Mamba 2FA, represent a significant evolution in phishing tactics, enabling attackers to intercept communications and bypass multi-factor authentication. These sophisticated tools are part of the Phishing-as-a-Service (PhaaS) landscape, posing serious challenges to cybersecurity. #Phishing #Cybersecurity #MFA

Keypoints :

AiTM phishing kits enhance traditional phishing by allowing real-time interception of communications.…
Read More

In September 2023, a successful disinfection campaign against the PlugX worm was conducted, involving collaboration with multiple countries to remotely clean infected systems. The campaign utilized innovative methods to ensure effective disinfection while addressing legal frameworks. #CyberSecurity #PlugX #MalwareDisinfection

Keypoints :

Ownership of an IP address associated with the PlugX worm was successfully taken in September 2023.…
Read More

As Xiaomi emerges as a leader in consumer electronics and smart devices, it faces a growing array of cybersecurity challenges that impact the security and privacy of its users. Recent reports have shed light on significant vulnerabilities that could expose sensitive user information, necessitating a deeper investigation into the inherent risks associated with using Xiaomi products.…

Read More

Summary :

Huntress has analyzed a new malware family named Malichus, exploiting a 0-day vulnerability in Cleo software. The malware employs a multi-stage attack involving PowerShell and Java components to establish a backdoor for further exploitation. #Malichus #CleoSoftware #CyberSecurity

Keypoints :

Malichus is a new malware family targeting Cleo software through a 0-day vulnerability.…
Read More

Summary :

eSentire’s Threat Response Unit (TRU) has identified a new malware campaign named “CleverSoar” that targets Chinese and Vietnamese-speaking users through malicious installer packages. The malware utilizes the Winos4.0 framework and poses significant risks to Windows users. #CleverSoar #Winos4 #CyberThreats

Keypoints :

eSentire operates 24/7 SOCs with elite threat hunters and cyber analysts.…
Read More

Summary :

YARA is a powerful tool for malware detection and classification, extensively used by Sekoia.io’s Threat Detection and Research team. The integration of YARA into their workflows enhances threat hunting and malware analysis, and the release of their YARA rules on GitHub fosters community collaboration.…

Read More