Blog

Latest articles from SOCRadar

BRATA Malware Becomes an Advanced Threat
June 20, 2022

BRATA Malware Becomes an Advanced Threat

Originally a banking trojan, BRATA acquires new capabilities and becomes a more advanced threat. Malware can now be much more effective at stealing user information. Cleafy's analysis shows BRATA's activities are almost identical to APT activity… Continue Reading

DriftingCloud APT Group Exploits Zero-Day In Sophos Firewall
June 17, 2022

DriftingCloud APT Group Exploits Zero-Day In Sophos Firewall

Cybersecurity researchers have revealed that Sophos Firewall has been actively exploited by DriftingCloud APT group since early March. Apparently, the attacks started long before the CVE-2022-1040 vulnerability was patched, affecting v18.5 and older versions of… Continue Reading

Cisco Fixed Critical Authentication Bypass Vulnerability Affecting Some Products
June 16, 2022

Cisco Fixed Critical Authentication Bypass Vulnerability Affecting Some Products

Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as… Continue Reading

Microsoft June 2022 Patch Tuesday Fixes 55 Vulnerabilities Including Follina
June 15, 2022

Microsoft June 2022 Patch Tuesday Fixes 55 Vulnerabilities Including Follina

Microsoft has released the June 2022 Patch Tuesday. The company announced that it had patched 55 vulnerabilities, including the CVE-2022-30190 vulnerability, nicknamed Follina, which affects Office products. Among the fixed vulnerabilities, 27 RCE and 12… Continue Reading

Almost Impossible to Detect Symbiote Linux Malware
June 10, 2022

Almost Impossible to Detect Symbiote Linux Malware

The newly discovered Linux malware Symbiote can easily infect and hide in almost any process on compromised systems. The malware steals account credentials and gives malicious actors backdoor access. Symbiote is stored in the system after… Continue Reading

What Do You Need to Know About New SAMA Principles?
June 8, 2022

What Do You Need to Know About New SAMA Principles?

The Kingdom of Saudi Arabia (KSA) has launched a digital transformation program focusing on the banking industry. With the growing digitization of financial services, securing the availability of sensitive data, transactions, and services has become… Continue Reading

Ransomware Groups Target VMware and QNAP Products
June 8, 2022

Ransomware Groups Target VMware and QNAP Products

Linux-based Black Basta ransomware targets VMware ESXi virtual machines, while DeadBolt ransomware targets QNAP NAS (network-attached storage) products. Black Basta has deployed a new Linux-based version to target VMware ESXi servers. DeadBolt stands out with… Continue Reading

Top 10 Cybersecurity Events You Must Follow
June 7, 2022

Top 10 Cybersecurity Events You Must Follow

Whether you work at a startup or in the information security department of a well-established company, you need to attend cybersecurity events to meet with the world's leading cybersecurity experts and vendors. These events, where… Continue Reading

Mandiant Leak Alleged: A PR Trial?
June 7, 2022

Mandiant Leak Alleged: A PR Trial? 

LockBit ransomware gang claimed that they had stolen Mandiant's data. The gang posted a countdown on their data leak site earlier today. They claimed to have hacked the cybersecurity company and stolen 356,841 files from their network. LockBit's… Continue Reading

What Do You Need To Know About Atlassian Confluence RCE Vulnerability?
June 6, 2022

What Do You Need To Know About Atlassian Confluence RCE Vulnerability? 

After it was disclosed that the RCE vulnerability with the code CVE-2022-26134, which affects Atlassian Confluence and Data Center servers, was exploited by multiple threat actors, detailed analyzes of the exploit continue to be published.… Continue Reading

What are Threat Hunting Tools?
June 2, 2022

What are Threat Hunting Tools?

Threat hunting is how computer security specialists aggressively seek out and eliminate cyber dangers that have infiltrated their computer network invisibly. Threat hunting is searching for new possible risks and vulnerabilities beyond recognized alerts or malicious… Continue Reading

Verizon 2022 DBIR: All Sizes of Businesses Suffer from Ransomware
June 1, 2022

Verizon 2022 DBIR: All Sizes of Businesses Suffer from Ransomware

Verizon has released the 15th Data Breach Investigations Report (DBIR), an in-depth analysis of trends in cyberattacks and data breaches for cybersecurity experts and leaders worldwide. The report includes reviews of around 24,000 cybersecurity incidents that… Continue Reading

On-Device Fraud Trend in Mobile Malware Campaigns
June 1, 2022

On-Device Fraud Trend in Mobile Malware Campaigns

According to the 2022 mobile threat landscape analysis published byThreatFabric, ODF (on-device fraud) banking trojans targeting Android devices are widespread, while Spain and Turkey are at the center of malware campaigns. The other most targeted countries are Poland, Australia,… Continue Reading

Workarounds for Microsoft Office Zero-Day RCE Vulnerability "Follina" has Released
May 31, 2022

Workarounds for Microsoft Office Zero-Day RCE Vulnerability “Follina” has Released

The Follina zero-day vulnerability in Microsoft Office allows threat actors to perform remote code execution. Cybersecurity researchers discovered the vulnerability when the Word document "05-2022-0438.doc" was uploaded to VirusTotal from an IP address in Belarus. Independent… Continue Reading

GitHub Announces 100,000 npm Users' Credentials Stolen
May 30, 2022

GitHub Announces 100,000 npm Users’ Credentials Stolen

GitHub has announced that 100,000 npm user information was stolen through OAuth tokens linked to Heroku and Travis CI. It was previously stated that there was a security breach in mid-April, but detailed information was not… Continue Reading

Deep Web Profile: REvil
May 27, 2022

Deep Web Profile: REvil

REvil is a ransomware hacking group, as its name suggests -REvil = "ransomware" + "evil"-. This ransomware group is thought to be centered in Russia. It is also named "Sodinokibi." Who is REvil? Their work… Continue Reading

PoC Released for Authentication Bypass Vulnerability in VMware
May 27, 2022

PoC Released for Authentication Bypass Vulnerability in VMware

Vulnerability-related PoC has been published that allows threat actors to bypass authentication across multiple VMware products. VMware previously shared patches for the vulnerability. VMware issued a security advisory on May 18, 2022, for vulnerabilities affecting Workspace ONE… Continue Reading

20 Interesting Facts About Ransomware
May 26, 2022

20 Interesting Facts About Ransomware

Ransomware attacks marked 2021 and continue to make a splash in 2022. We've compiled some interesting information about this type of attack that has frightened financial institutions, government agencies, and even NGOs worldwide. We know how… Continue Reading

How DNS Sinkholing Works?
May 25, 2022

How DNS Sinkholing Works?

What is a Domain Name System (DNS)?  The Domain Name System, or DNS, is a naming database that locates and translates internet domain names into IP addresses, similar to a phone’s contact list.  Web browsing… Continue Reading

Stop BEC Attacks with SOCRadar Takedown Processes
May 25, 2022

Stop BEC Attacks with SOCRadar Takedown Processes

Attacks such as phishing, business e-mail compromise (BEC), and malware infection, which are among the fraud activities, increasingly pose a serious threat to organizations. The numbers in the "Phishing Activity Trends Reports" of the last quarter… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo