Latest articles from SOCRadar
Data breach cases are increasing as cyber security incidents rise. According to statistics, more than 90% of data breaches are caused by cyber-attacks. However, data breaches hit an all-time high in 2021. Data breaches increased… Continue Reading
The US House of Representatives speaker Nancy Pelosi arrived in Taiwan on the evening of August 2. She's the first US representative to visit Taiwan in the last 25 years. This led to a series… Continue Reading
A service provider recently notified Palo Alto Networks about an attempted reflected denial-of-service (RDoS) attack. The firewalls of several vendors, including Palo Alto Networks, were vulnerable to this attempted attack. An amplified TCP RDoS attack can be… Continue Reading
Gathering information is the first step in identifying security vulnerabilities and analyzing risks. To collect data, security professionals use advanced and specific search engines. This article compiled the ten most used search engines by pentesters… Continue Reading
Zimbra Collaboration Suite (ZCS) was found to have an actively exploited authentication bypass vulnerability. The vulnerability is tracked as CVE-2022-37042 and considered high severity. The vulnerability has just been added to CISA's list of Known Exploited Vulnerabilities along with CVE-2022-27925.… Continue Reading
IOCs are a vital component of the threat hunting process, essential to detect and isolate advanced cyber threats. As a critical operational component of proactive security, identifying IOCs is functional to prevent possible intrusions and a… Continue Reading
1-Is Cisco really hacked? Yanluowang shared Cisco's profile on their leak site and claimed the attack. On Tuesday evening, August 10, the Yanluowang ransomware group (linked to Lapsus$ extortion group) claimed to have hacked Cisco and… Continue Reading
The Forum of Incident Response and Security Teams (FIRST) has shared an update for Traffic Light Protocol (TLP), denominating the latest version as “TLP 2.0.” According to FIRST, TLP 2.0 is planning to be fully adopted… Continue Reading
In this month's Patch Tuesday, Microsoft fixed 121 flaws in total, including two zero-day vulnerabilities that are actively exploited. Among 121, there are 17 vulnerabilities with critical ratings that could allow RCE and privilege escalation. The fixed vulnerabilities fall into the following categories, with their counts: Elevation of Privilege (64) Security Feature Bypass (6) Remote Code Execution (31) Information Disclosure (12) Denial of Service (7) Spoofing (1)… Continue Reading
Since the start of the Russian invasion of Ukraine, Ukrainian organizations have been bombarded with cyberattacks executed by Russian threat actors. In addition to Ukrainian organizations, on August 5, multiple Russian threat actors turned their… Continue Reading
Two critical vulnerabilities discovered in the open source email server Exim threaten over 500,000 email servers. One of the vulnerabilities allows RCE. POCs Published The critical vulnerability, code CVE-2022-37452, allows threat actors to execute commands… Continue Reading
DNS converts easy-to-remember domain names into numeric IP addresses determined by the primary network protocols of the computer services and devices to be accessed. The DNS system, which can be considered a database, saves users… Continue Reading
RapperBot is an IoT botnet malware that has spread through brute force since it was first identified in June 2022. Over 3,500 unique IPs were utilized by the RapperBot to brute force into a rising… Continue Reading
Gartner shared HypeCyclefor Security Operations, 2022, which it publishes periodically and aims to provide insight into cyber security operations and risk management strategy formation. In the report, Gartner stated that Digital Risk Protection services had… Continue Reading
Cybercriminals can now use a new service called Dark Utilities to build up a command and control (C2) center for their malicious activities. Dark Utilities was created in 2022 as a C2-as-a-Service platform. Many functions… Continue Reading
Cisco released fixes for several vulnerabilities in its VPN routers. Affected products could be subject to remote code execution, command injection, and DoS attacks by unauthenticated, remote attackers. The vulnerabilities are labeled CVE-2022-20827, CVE-2022-20841, and… Continue Reading
Vice Society is a ransomware threat that is relatively new in the ransomware space. They emerged in the middle of 2021 and have targeted small or mid-size victims. It has been observed that they have been performing… Continue Reading
IBM has published the Cost of a Data Breach report, which reveals how organizations from different industries are affected by data breaches and set future cybersecurity predictions. According to the report, financial losses incurred by… Continue Reading
With the security update released Tuesday, VMware fixed ten vulnerabilities affecting some of its products. One is the authentication bypass vulnerability, which is critical with a CVSS score of 9.8. Three RCE vulnerabilities are also… Continue Reading
In this article, we will look at the reconnaissance techniques from the MITRE ATT&CK framework’s point of view and discuss how to detect cyberattacks using MITRE ATT&CK Framework, and how we can protect ourselves and… Continue Reading
