Blog

Latest articles from SOCRadar

IcedID Macro Attacks Deploy Nokoyawa Ransomware
May 22, 2023

IcedID Macro Attacks Deploy Nokoyawa Ransomware

Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded within Office documents… Continue Reading

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)
May 18, 2023

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)

A vulnerability in the open-source password manager tool KeePass could allow retrieval of the master password. The vulnerability tracked as CVE-2023-32784 has a proof-of-concept (PoC) exploit available before its patch. The KeePass 2.X branch for… Continue Reading

May 16, 2023

Major Cyberattacks in Review: April 2023

In April 2023, several cybersecurity incidents were reported across various industries. These included supply chain attacks, data breaches, and cryptocurrency thefts. It's important to keep up-to-date on the nature of these attacks, their implications, and… Continue Reading

January 17, 2023

What Do You Need to Know About the Critical RCE Vulnerability in Zoho’s ManageEngine? (CVE-2022-47966)

CVE-2022-47966, a critical vulnerability in a number of Zoho’s products, allows remote code execution without authentication. The use of a vulnerable third-party dependency called Apache Santuario is the root cause that enables the exploitation of the remote… Continue Reading

APT Group Lazarus Exploits High Severity Flaw in Dell Driver
October 5, 2022

APT Group Lazarus Exploits High Severity Flaw in Dell Driver

The state-sponsored Lazarus group has been using a new strategy called Bring Your Own Vulnerable Driver (BYOVD) attack. The group was observed using a vulnerability in the Dell firmware driver to install a Windows rootkit. The high-severity flaw is tracked… Continue Reading

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware
October 4, 2022

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware  

The Comm100 Live Chat application was subject to a supply chain attack in the very last days of September. A trojanized installer was used in the attack, which led to the distribution of a JavaScript… Continue Reading

SolarMarker Distributes Malware Via Fake Chrome Updates
October 3, 2022

SolarMarker Distributes Malware Via Fake Chrome Updates

Threat actors related to SolarMarker strike with watering hole attacks as a new method of delivering malware rather than the previously used SEO poisoning method. In this new approach, they used fake Google Chrome updates… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo