Latest articles from SOCRadar
Originally a banking trojan, BRATA acquires new capabilities and becomes a more advanced threat. Malware can now be much more effective at stealing user information. Cleafy's analysis shows BRATA's activities are almost identical to APT activity… Continue Reading
Cybersecurity researchers have revealed that Sophos Firewall has been actively exploited by DriftingCloud APT group since early March. Apparently, the attacks started long before the CVE-2022-1040 vulnerability was patched, affecting v18.5 and older versions of… Continue Reading
Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as… Continue Reading
Microsoft has released the June 2022 Patch Tuesday. The company announced that it had patched 55 vulnerabilities, including the CVE-2022-30190 vulnerability, nicknamed Follina, which affects Office products. Among the fixed vulnerabilities, 27 RCE and 12… Continue Reading
The newly discovered Linux malware Symbiote can easily infect and hide in almost any process on compromised systems. The malware steals account credentials and gives malicious actors backdoor access. Symbiote is stored in the system after… Continue Reading
The Kingdom of Saudi Arabia (KSA) has launched a digital transformation program focusing on the banking industry. With the growing digitization of financial services, securing the availability of sensitive data, transactions, and services has become… Continue Reading
Linux-based Black Basta ransomware targets VMware ESXi virtual machines, while DeadBolt ransomware targets QNAP NAS (network-attached storage) products. Black Basta has deployed a new Linux-based version to target VMware ESXi servers. DeadBolt stands out with… Continue Reading
Whether you work at a startup or in the information security department of a well-established company, you need to attend cybersecurity events to meet with the world's leading cybersecurity experts and vendors. These events, where… Continue Reading
LockBit ransomware gang claimed that they had stolen Mandiant's data. The gang posted a countdown on their data leak site earlier today. They claimed to have hacked the cybersecurity company and stolen 356,841 files from their network. LockBit's… Continue Reading
After it was disclosed that the RCE vulnerability with the code CVE-2022-26134, which affects Atlassian Confluence and Data Center servers, was exploited by multiple threat actors, detailed analyzes of the exploit continue to be published.… Continue Reading
Threat hunting is how computer security specialists aggressively seek out and eliminate cyber dangers that have infiltrated their computer network invisibly. Threat hunting is searching for new possible risks and vulnerabilities beyond recognized alerts or malicious… Continue Reading
Verizon has released the 15th Data Breach Investigations Report (DBIR), an in-depth analysis of trends in cyberattacks and data breaches for cybersecurity experts and leaders worldwide. The report includes reviews of around 24,000 cybersecurity incidents that… Continue Reading
According to the 2022 mobile threat landscape analysis published byThreatFabric, ODF (on-device fraud) banking trojans targeting Android devices are widespread, while Spain and Turkey are at the center of malware campaigns. The other most targeted countries are Poland, Australia,… Continue Reading
The Follina zero-day vulnerability in Microsoft Office allows threat actors to perform remote code execution. Cybersecurity researchers discovered the vulnerability when the Word document "05-2022-0438.doc" was uploaded to VirusTotal from an IP address in Belarus. Independent… Continue Reading
GitHub has announced that 100,000 npm user information was stolen through OAuth tokens linked to Heroku and Travis CI. It was previously stated that there was a security breach in mid-April, but detailed information was not… Continue Reading
REvil is a ransomware hacking group, as its name suggests -REvil = "ransomware" + "evil"-. This ransomware group is thought to be centered in Russia. It is also named "Sodinokibi." Who is REvil? Their work… Continue Reading
Vulnerability-related PoC has been published that allows threat actors to bypass authentication across multiple VMware products. VMware previously shared patches for the vulnerability. VMware issued a security advisory on May 18, 2022, for vulnerabilities affecting Workspace ONE… Continue Reading
Ransomware attacks marked 2021 and continue to make a splash in 2022. We've compiled some interesting information about this type of attack that has frightened financial institutions, government agencies, and even NGOs worldwide. We know how… Continue Reading
What is a Domain Name System (DNS)? The Domain Name System, or DNS, is a naming database that locates and translates internet domain names into IP addresses, similar to a phone’s contact list. Web browsing… Continue Reading
Attacks such as phishing, business e-mail compromise (BEC), and malware infection, which are among the fraud activities, increasingly pose a serious threat to organizations. The numbers in the "Phishing Activity Trends Reports" of the last quarter… Continue Reading
