Latest articles from SOCRadar
The reconnaissance and espionage campaign of the Russia-linked Turla hacker group against the Austrian Economic Chamber, Baltic Defense College, and NATO's Joint Advanced Distributed Learning (JDAL) platform has emerged. Experts think that the recent economic… Continue Reading
Karakurt has extorted sensitive data from nearly 40 different organizations within a year, a Russian-originated cybercriminal organization. So what is the cause of the group's "success," and who are they? Karakurt: A Ransomware Gang or… Continue Reading
The Conti ransomware gang had taken its infrastructure offline and ceased operations. According to the news of Advanced Intel's Yelisey Boguslavskiy, the Tor admin panel, where Conti held the ransom negotiations and published new data leak… Continue Reading
The rise of working from home and access to cloud services and the expansion of businesses have increased attack surfaces. The attack surface is all hardware, software, and cloud assets that process or store information with access… Continue Reading
Threat intelligence feeds on such a broad spectrum that sometimes you'd be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the… Continue Reading
The critical VMware vulnerability with code CVE-2022-22954 was discovered to be used by threat actors for remote code execution in botnet and Log4Shell-driven attacks. Although VMware has announced that the vulnerability has been fixed, cyber-attacks continue… Continue Reading
SOCRadar analysts, while investigating phishing attacks via WhatsApp, recently found a significant increase in an attack with the same type of content. One of the most notable features of the attack was that it quickly… Continue Reading
Threat actors exploit the critical vulnerability affecting Zyxel's firewall and VPN devices. The vulnerability allows attackers to inject arbitrary commands without authentication remotely. Zyxel has recently released patches for it. The vulnerability, code CVE-2022-30525, is… Continue Reading
With the development of technology, nowadays, we can connect various everyday devices, such as cars, kitchen appliances, TV, to the internet, or other wireless communication networks, via embedded devices. This technology is called, simply the… Continue Reading
It turned out that the backdoor malware called BPFdoor, which cybersecurity researchers recently discovered, has been targeting Linux and Solaris systems for over five years. BPFdoor allows threat actors to remotely connect to a Linux… Continue Reading
RaidForums was launched in 2015 by Diogo Santos Coelho of Portugal, aka Omnipotent. Cybercriminals enormously used the RaidForums hacker site to obtain and sell stolen datasets. The forum represented a database sharing and marketplace forum,… Continue Reading
Cybersecurity is one of the main topics for business managers in today's world. The approach to cyber risks has changed from "maturity based" to "risk-based" over time. Managerial leaders want to know the cyber threats to… Continue Reading
Threat actors shared a 10GB database allegedly belonging to popular VPN apps such as SuperVPN, GeckoVPN, and ChatVPN companies in a Telegram group. The database, which includes the personal information of approximately 21 million users,… Continue Reading
Microsoft has released the May 2022 Patch Tuesday. The patches fix three zero-day vulnerabilities, one of which is actively exploited, and 75 vulnerabilities. According to the released security update, eight vulnerabilities are rated as "critical" and… Continue Reading
Microsoft has released patches for a vulnerability that affects Azure Synapse and Azure Data Factory products, allowing threat actors to RCE the Integration Runtime infrastructure. The vulnerability coded CVE-2022-29972 was evaluated in the high-risk category… Continue Reading
A critical vulnerability discovered by F5 on May 4 allows threat actors to bypass iControl REST authentication. The flaw which coded CVE-2022-1388 has a CVSS score of 9.8. According to F5's advisory, there is no… Continue Reading
The industry standard for sharing threat intelligence, STIX/TAXII is a great starting point for anyone new to threat intelligence. Technically speaking, STIX and TAXII are not sharing programs, tools, or software, but rather components and standards that… Continue Reading
NGOs and humanitarian nonprofits depend on digital communication technologies and software to coordinate their missions worldwide. In particular, organizations working in humanitarian aid need these technologies to perform operations such as data collection, classification, and… Continue Reading
What is OSINT? Open-source intelligence, abbreviated as OSINT, is the gathering of information from publicly available sources that can be analyzed and turned into actionable intelligence. OSINT is commonly used in penetration testing and is… Continue Reading
Cyber-attacks against the supply chain ecosystems continued to ramp up through the year 2021 with high-profile attacks such as Log4j, Kaseya VSA, and many others. Attackers including APT actors have been observed to be attacking… Continue Reading