Latest articles from SOCRadar
In less than a month, Medibank is the second Australian business to experience a significant data breach after the telecommunications giant Optus. On October 12th, David Koczkar, the chief executive of Medibank, got an internal notification about suspicious… Continue Reading
What is the Vulnerability in ManageEngine (CVE-2022-40300)? Recently, Zoho has patched a vulnerability tracked as CVE-2022-40300 in ManageEngine. The vulnerability affects a few products and could lead to SQL injection due to resource types being validated improperly in AutoLogonHelperUtil class. … Continue Reading
Credential stuffing is a type of cyberattack in which user login information or entire password lists are obtained through theft or leaks and used to log into another service. Weak and reused passwords invite credential… Continue Reading
by SOCRadar Research Cyber-attacks are rising worldwide, and the financial industry is among the most targeted ones. Cyber threats and attacks have become one of the sources of systemic risk for the financial industry. The… Continue Reading
The most popular interests of online shoppers are earning or using gift cards, reward points, and coupons. During the holiday season, e-commerce sites increase the distribution of gift cards and rewards in response to customer… Continue Reading
The Gartner Invest Analyst Insight report, which will guide the future investment plans of managers and decision-makers in the cybersecurity market, was published on October 19, 2022. SOCRadar is also recognized as a recommended EASM… Continue Reading
Attacks in the e-commerce industry are usually known to threaten financial information. When a user makes a payment, credit card data is stored in e-commerce sites, adding to billions of credit card data that can… Continue Reading
Powered by DarkMirror™ There are not always access or database sales on the dark web, although we mainly cover them in our weekly articles. Threat actors also run malware-as-a-service or ransomware-as-a-service operations on the dark… Continue Reading
E-commerce is a fragile industry, opening many doors to various attacks. Phishing is a widespread attack in this industry; in fact, e-commerce is the third most targeted industry for phishing attacks. Customers of e-commerce sites are… Continue Reading
What are the CVE-2022-41622 and CVE-2022-41800 Vulnerabilities? The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. A remote… Continue Reading
What is the SandBreak Vulnerability? The SandBreak vulnerability in vm2 is identified as CVE-2022-36067. A remote attacker could exploit the vulnerability to bypass the sandbox environment, which could enable them to execute shell commands on the host… Continue Reading
A modern-day SOC is made from three components: people, processes, and technologies. In the people factor, a SOC team accounts for the provision of IT security services via detecting potential cyber threats and attacks actively,… Continue Reading
FIFA World Cup 2022 will be organized in Qatar from November 20 to December 18, 2022. Predictions show that 1.5 million people will travel to Qatar to watch the tournament, which national teams from 32… Continue Reading
Powered by DarkMirror™ November is the time of year when shopping sites are most targeted by threat actors. Just two weeks have passed, but there are many shopping sites' databases and access sales on the… Continue Reading
The past five years have witnessed the evolution of threat actors in ransomware. These developments, both operationally and technically, have significantly increased the damage done by ransomware groups. Ransomware gangs are no longer content with… Continue Reading
In an environment where attack methods are diversified, threat actors are constantly improving, massive attacks, data breaches, digital frauds, and ransomware attacks continue unabated. And it becomes more challenging to secure cyberspace. To cope with… Continue Reading
Researchers have discovered three different vulnerabilities, two of which are assigned a high severity rating and respectively used in the attack chain in the OpenLiteSpeed web server. According to some sources, it could be ranked… Continue Reading
Data from the US government shows that there has been a significant increase in healthcare security breaches. At least 125 data breaches of healthcare organizations have been reported since the beginning of April, according to a list… Continue Reading
A password strength checker is an online application that assesses the security of a user’s password in real-time by analyzing its grammar and highlighting possible vulnerabilities. The program verifies the usage of certain sequences of… Continue Reading
OSINT is a term that refers to the process of gathering information from publically accessible sources. These sources include but are not limited to newspapers, television, blogs, tweets, social media, photos, podcasts, and videos that… Continue Reading
