Latest articles from SOCRadar
More than 1,800 mobile applications have hardcoded AWS credentials, according to Symantec, which has issued a warning about the possible risks of poor security measures. An analysis of Android and iOS apps revealed that most apps… Continue Reading
CIAM (Customer identity and access management) is part of the identity and access management (IAM) system integrated into applications for external users such as customers/consumers. The primary goal of CIAM is to manage and control… Continue Reading
Intellexa, a spyware firm that originated in Greece, has entered the market recently. Its work is similar to Pegasus Spyware and offers RCE exploits for iOS and Android OS. In November 2019, Cyprus authorities detained… Continue Reading
A Security Operations Center (SOC) is a centralized function inside an organization that employs people, procedures, and technology to continually monitor and enhance an organization's security posture. It also prevents, identifies, analyzes, and reacts to cybersecurity… Continue Reading
McAfee researchers discovered several malicious Google Chrome extensions. The total download count for the extensions is over 1.4 million. The extensions are capable of tracking and stealing browser activity. The malicious extensions are listed as: Netflix… Continue Reading
Security testing for an application is a crucial element in the lifecycle of software testing. It restricts unwanted intrusions at multiple application layers, including servers, the front-end application layer, middleware modules, and network security. This… Continue Reading
Powered by DarkMirror™ This week’s edition covers the latest dark web news from the past week. This week's headlines are leaks, dark web access sales, and vast databases of user information. Find out if your… Continue Reading
Endpoint Security products are responsible for a market size of approximately 14 million in 2021. Regarding this market's compound annual growth rate (CAGR), it is estimated that the market will double in 9 years. According… Continue Reading
Atlassian recently issued a security advisory to notify Bitbucket Server and Data Center users about a critical vulnerability. Labeled CVE-2022-36804 is a command injection flaw with a CVSS score of 9.9. On vulnerable systems, the vulnerability could allow attackers… Continue Reading
A new Russian ransomware group known as ALPHV, also known as BlackCat or Noberus, appeared with its first posts in late November 2021. Since then, they have been very active in running ransomware attacks. There… Continue Reading
A larger phishing campaign that targeted 136 organizations and resulted in the theft of 9,931 account login credentials has been linked to the hackers behind a series of recent hacks, including those on Twilio, MailChimp, and Cloudflare. These… Continue Reading
On 25th August, LastPass announced a breach and stated that its source code was stolen, along with some technical information. The incident happened two weeks ago, and the password management company only recently confirmed it.… Continue Reading
Have you ever heard of the term dark web? Besides sheltering various individuals from spies to threat actors in its highly private environment, the dark web also hosts black markets of different sizes. According to… Continue Reading
IBM released security updates for two critical vulnerabilities in its message-oriented middleware IBM MQ. The vulnerabilities, identified as CVE-2022-27780 and CVE-2022-30115, allow for security bypass and exposure of sensitive data. The flaws were both discovered… Continue Reading
A security flaw identified in VMware Tools could lead to local privilege escalation attacks. A remote attacker with initial access can steal sensitive data and take complete control over virtual machines. The flaw has a… Continue Reading
A TLD is the last character of a domain name, such as .com, .net, .org, etc. Domains play a crucial role in phishing attacks. A threat actor can use free domains to create a distribution of… Continue Reading
GitLab released patches where they fixed a critical remote code execution vulnerability. It is labeled CVE-2022-2884 with a CVSS score of 9.9. This critical vulnerability in the GitHub Import API can be exploited by an attacker who… Continue Reading
Phishing attacks are being launched by hackers using a tactic called Static Expressway. The newly-spread tactic lets hackers get their emails past Amazon Web Services (AWS) automated security scanners. Email security provider Avanan claims that scammers can… Continue Reading
Powered by DarkMirror™ This week’s edition covers the latest dark web news from the past week. This week's headlines are government leaks, dark web access sales, and vast databases of user information. Find out if… Continue Reading
SOCRadar's Threat Landscape Report this month aims to provide organizations located in Spain with a region-based understanding of evolving and emerging cyber threats. We hope our intelligence will help companies and nonprofits in their future… Continue Reading
