Blog

Latest articles from SOCRadar

Turla's Reconnaissance Campaign Targets Eastern Europe
May 24, 2022

Turla Reconnaissance Campaign Targets Eastern Europe

The reconnaissance and espionage campaign of the Russia-linked Turla hacker group against the Austrian Economic Chamber, Baltic Defense College, and NATO's Joint Advanced Distributed Learning (JDAL) platform has emerged. Experts think that the recent economic… Continue Reading

Deep Web Profile: Karakurt Extortion Group
May 20, 2022

Deep Web Profile: Karakurt Extortion Group

Karakurt has extorted sensitive data from nearly 40 different organizations within a year, a Russian-originated cybercriminal organization. So what is the cause of the group's "success," and who are they? Karakurt: A Ransomware Gang or… Continue Reading

Conti Ransomware Ended: They Operate With Other Groups Now
May 20, 2022

Conti Ransomware Ended: They Operate With Other Groups Now

The Conti ransomware gang had taken its infrastructure offline and ceased operations. According to the news of Advanced Intel's Yelisey Boguslavskiy, the Tor admin panel, where Conti held the ransom negotiations and published new data leak… Continue Reading

Attack Surface Management (ASM) in 10 Questions
May 19, 2022

Attack Surface Management (ASM) in 10 Questions

The rise of working from home and access to cloud services and the expansion of businesses have increased attack surfaces. The attack surface is all hardware, software, and cloud assets that process or store information with access… Continue Reading

Top 10 Twitter Accounts to Follow for Threat Intelligence
May 18, 2022

Top 10 Twitter Accounts to Follow for Threat Intelligence

Threat intelligence feeds on such a broad spectrum that sometimes you'd be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the… Continue Reading

New Botnet Discovered Exploiting Critical VMware Vulnerability
May 18, 2022

New Botnet Discovered Exploiting Critical VMware Vulnerability

The critical VMware vulnerability with code CVE-2022-22954 was discovered to be used by threat actors for remote code execution in botnet and Log4Shell-driven attacks. Although VMware has announced that the vulnerability has been fixed, cyber-attacks continue… Continue Reading

New Playground for Fraudsters: How Do I Get WhatsApp Scam IoCs?
May 16, 2022

New Playground for Fraudsters: How Do I Get WhatsApp Scam IoCs?

SOCRadar analysts, while investigating phishing attacks via WhatsApp, recently found a significant increase in an attack with the same type of content. One of the most notable features of the attack was that it quickly… Continue Reading

Critical Vulnerability in Zyxel Firewall and VPN Products Exploited
May 16, 2022

Critical Vulnerability in Zyxel Firewall and VPN Products Exploited

Threat actors exploit the critical vulnerability affecting Zyxel's firewall and VPN devices. The vulnerability allows attackers to inject arbitrary commands without authentication remotely. Zyxel has recently released patches for it. The vulnerability, code CVE-2022-30525, is… Continue Reading

Common IoT Attacks that Compromise Security
May 13, 2022

Common IoT Attacks that Compromise Security

With the development of technology, nowadays, we can connect various everyday devices, such as cars, kitchen appliances, TV, to the internet, or other wireless communication networks, via embedded devices. This technology is called, simply the… Continue Reading

BPFdoor Malware Targets Linux Systems Unnoticed for Five Years
May 13, 2022

BPFdoor Malware Targets Linux Systems Unnoticed for Five Years

It turned out that the backdoor malware called BPFdoor, which cybersecurity researchers recently discovered, has been targeting Linux and Solaris systems for over five years. BPFdoor allows threat actors to remotely connect to a Linux… Continue Reading

What is the RaidForums?
May 13, 2022

What is the RaidForums?

RaidForums was launched in 2015 by Diogo Santos Coelho of Portugal, aka Omnipotent.  Cybercriminals enormously used the RaidForums hacker site to obtain and sell stolen datasets. The forum represented a database sharing and marketplace forum,… Continue Reading

What is the Risk-Based Approach to Cybersecurity?
May 12, 2022

What is the Risk-Based Approach to Cybersecurity?

Cybersecurity is one of the main topics for business managers in today's world. The approach to cyber risks has changed from "maturity based" to "risk-based" over time. Managerial leaders want to know the cyber threats to… Continue Reading

10GB Database of Popular VPN Apps Leaked
May 12, 2022

10GB Database of Popular VPN Apps Leaked

Threat actors shared a 10GB database allegedly belonging to popular VPN apps such as SuperVPN, GeckoVPN, and ChatVPN companies in a Telegram group. The database, which includes the personal information of approximately 21 million users,… Continue Reading

Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed
May 11, 2022

Microsoft May 2022 Patch Tuesday: Three Zero-Days Total 75 Vulnerabilities Fixed

Microsoft has released the May 2022 Patch Tuesday. The patches fix three zero-day vulnerabilities, one of which is actively exploited, and 75 vulnerabilities. According to the released security update, eight vulnerabilities are rated as "critical" and… Continue Reading

Critical Azure Vulnerability Creates a Massive Attack Surface
May 10, 2022

Critical Azure Vulnerability Creates a Massive Attack Surface

Microsoft has released patches for a vulnerability that affects Azure Synapse and Azure Data Factory products, allowing threat actors to RCE the Integration Runtime infrastructure. The vulnerability coded CVE-2022-29972 was evaluated in the high-risk category… Continue Reading

Critical BIG-IP iControl REST Vulnerability Allows Arbitrary Code Execution
May 5, 2022

Critical BIG-IP iControl REST Vulnerability Allows Arbitrary Code Execution

A critical vulnerability discovered by F5 on May 4 allows threat actors to bypass iControl REST authentication. The flaw which coded CVE-2022-1388 has a CVSS score of 9.8. According to F5's advisory, there is no… Continue Reading

What are STIX/TAXII?
May 4, 2022

What are STIX/TAXII?

The industry standard for sharing threat intelligence, STIX/TAXII is a great starting point for anyone new to threat intelligence. Technically speaking, STIX and TAXII are not sharing programs, tools, or software, but rather components and standards that… Continue Reading

Cyber Threats to NGOs Increase: Half of Organizations Targeted
May 4, 2022

Cyber Threats to NGOs Increase: Half of Organizations Targeted

NGOs and humanitarian nonprofits depend on digital communication technologies and software to coordinate their missions worldwide. In particular, organizations working in humanitarian aid need these technologies to perform operations such as data collection, classification, and… Continue Reading

OSINT Framework Tools as Our Friends
May 3, 2022

OSINT Framework Tools as Our Friends

What is OSINT? Open-source intelligence, abbreviated as OSINT, is the gathering of information from publicly available sources that can be analyzed and turned into actionable intelligence. OSINT is commonly used in penetration testing and is… Continue Reading

8 Ways to Prevent Supply Chain Attacks
May 3, 2022

8 Ways to Prevent Supply Chain Attacks

Cyber-attacks against the supply chain ecosystems continued to ramp up through the year 2021 with high-profile attacks such as Log4j, Kaseya VSA, and many others. Attackers including APT actors have been observed to be attacking… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo