Blog

Latest articles from SOCRadar

Major Cyber Attacks in Review October 2022
November 10, 2022

Major Cyber Attacks in Review: October 2022

Major cyberattacks of the last month include data leaks, security breaches, phishing attacks, and much more. Here are the top cyber incidents of October 2022. The MyDeal Data Breach Affects 2.2M Customers, and Stolen Data… Continue Reading

Vulnerability Management Best Practices
November 9, 2022

Vulnerability Management Best Practices

Every day, new vulnerabilities emerge, and multiplying proliferating vulnerabilities throughout today's complex technology contexts yield a never-ending risk hamster wheel. That's why vulnerability management has been a crucial component of any organization's security program for… Continue Reading

Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days
November 9, 2022

Microsoft November 2022 Patch Tuesday Fixed 11 Critical Vulnerabilities and 6 Zero-Days

What are the Vulnerabilities?  Microsoft November 2022 Patch Tuesday has been released with patches for a total of 68 vulnerabilities, which include 6 actively exploited zero days and 11 critical vulnerabilities. The number for each… Continue Reading

How Should CISOs Prepare on the Current Cyberthreat Landscape?
November 8, 2022

How Should CISOs Prepare on the Current Cyberthreat Landscape?

Recent research by John Sakellariadis for the Atlantic Council delves deeper into the emergence of ransomware over the past ten years. It is well worth reading for CISOs trying to comprehend this sector.  The Rise of Ransomware … Continue Reading

Top Critical Vulnerabilities Used by Ransomware Groups
November 7, 2022

Top Critical Vulnerabilities Used by Ransomware Groups

As ransomware attacks have grown in popularity recently, researchers have begun compiling an easy-to-follow list of vulnerabilities exploited by ransomware groups. So organizations would be aware of which security flaws ransomware gangs use to gain… Continue Reading

November 7, 2022

The Week in Dark Web – 7 November 2022 – Data Leaks and Access Sales

Powered by DarkMirror™ Threat actors continued to sell databases and access to organizations' systems on hacker forums last week. Check out the latest dark web summary and see what's happening on the dark side. Find… Continue Reading

Hacktivist Group Black Reward Leaked Iran's Nuclear Program Secrets
November 4, 2022

Hacktivist Group Black Reward Leaked Iran’s Nuclear Program Secrets

Iran's Atomic Energy Organization announced on Sunday, October 23, that foreign country-backed hackers had hacked an email system belonging to the organization's subsidiaries. On the other hand, the Iranian hacktivist group Black Reward claimed responsibility… Continue Reading

Fortinet Fixes Six Serious Vulnerabilities
November 3, 2022

Fortinet Fixes Six Serious Vulnerabilities

Including six vulnerabilities with a high severity rating, Fortinet warned customers on Tuesday (1 November) of 16 vulnerabilities found in the company's devices.  Improper neutralization of input during web page generation vulnerability (CVE-2022-35842) in FortiADC… Continue Reading

Dark Web Stories: DDoS as a Service
November 2, 2022

Dark Web Stories: DDoS as a Service

DoS (Denial-of-service attacks) are frequently encountered in the cyber world and result in violation of the availability of online services. When this attack is made with the help of many computers (botnets), it is called… Continue Reading

LockBit Responsible for 1/3 of Ransomware Attacks Targeting Financial Industry
November 1, 2022

LockBit Responsible for 1/3 of Ransomware Attacks Targeting Financial Industry

In the first eight months of 2022, the SOCRadar CTIA Team examined 1,700 ransomware threats published on dark web forums and hacker channels. 4.5% of these posts were related to the financial industry, targeting financial… Continue Reading

A New Rising Social Engineering Trend: Callback Phishing
November 1, 2022

A New Rising Social Engineering Trend: Callback Phishing

Callback phishing emerged as a hybrid social engineering technique that combines phishing and vishing. The phishing technique used to steal sensitive data or transmit harmful packages via email and vishing, which applies phishing over the… Continue Reading

October 31, 2022

The Week in Dark Web – 31 October 2022 – Data Leaks and Access Sales

Powered by DarkMirror™ Threat actors continued to sell databases and access to organizations' systems on hacker forums last week. Check out the latest dark web summary and see what's happening on the dark side. Find… Continue Reading

MFA Bypass Techniques: How Does it Work?
October 31, 2022

MFA Bypass Techniques: How Does it Work?

Identification and authentication are the first phase of verification in the login processes of Information Systems. Malicious threat actors use various methods, such as brute force to pass this phase unauthorized. Authentication solutions are named… Continue Reading

What Do You Need to Know About New Critical Vulnerability in OpenSSL
October 28, 2022

What Do You Need to Know About New Critical Vulnerability in OpenSSL

Version 3.0.7 of OpenSSL is expected to be released on November 1 to fix a critical vulnerability that has not yet been made public. The vulnerability resides in currently used versions of OpenSSL. After full… Continue Reading

Newly Unsealed Indictment Charges the Operator of Raccoon Infostealer
October 28, 2022

Newly Unsealed Indictment Charges the Operator of Raccoon Infostealer

On Tuesday, October 25th, 2022, a federal grand jury indictment charges a Ukrainian national, Mark Sokolovsky, 26, also known as Photix, raccoonstealer, and black21jack77777, for his role in operating an international malware operation known as… Continue Reading

Ransomware Strikes Thailand Manufacturing Industry
October 27, 2022

Ransomware Strikes Thailand Manufacturing Industry

Data leaks are a significant concern for every organization. Between September 2021 and September 2022, theft or leak of data has been a big issue for Thailand as well, through various means such as the… Continue Reading

Cloud Security Module: Minimize Risk of Misconfigured Buckets
October 26, 2022

Cloud Security Module: Minimize Risk of Misconfigured Buckets

Not long ago, there were discussions about whether organizations should migrate to the cloud. The future has come, and almost all digital assets -services, databases, IT resources, and apps- are now stored in the cloud. Of… Continue Reading

22 Years Old Vulnerability in SQLite Allows Arbitrary Code Execution
October 26, 2022

22 Years Old Vulnerability in SQLite Allows Arbitrary Code Execution

CVE-2022-35737 is a vulnerability caused by the "Improper Validation of Array Index." The vulnerability has a CVSS score of 7.5 and affects applications that use the SQLite library API.  CVE-2022-35737 emerged in SQLite version 1.0.12 in October 2000. Attackers… Continue Reading

Financial Industry Shaken by DDoS Attacks
October 25, 2022

Financial Industry Shaken by DDoS Attacks

Distributed denial-of-service (DDoS) attacks are one of the most common techniques along with cyber criminals. Despite being temporary, DDoS attacks can have a significant impact on organizations. DDoS attacks became a big issue again last… Continue Reading

Apple Releases Patch for Exploited Zero-Day
October 25, 2022

Apple Releases Patch for Exploited Zero-Day

Threat actors actively exploiting the remote code execution vulnerability tagged CVE-2022-42827. On compromised iOS devices, an application may be able to execute arbitrary code with kernel privileges, according to Apple’s advisory.  There is no CVSS score assigned… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo