Blog

Latest articles from SOCRadar

November 28, 2022

The Week in Dark Web – 28 November 2022 – Data Leaks & Sales

Powered by DarkMirror™ The SOCRadar research team found mostly database sales and data leaks in this week's Dark Web Weekly. Here are the highlights of what happened on the dark web last week. Find out… Continue Reading

Popular Platforms' User Data Leaks Could Boost Future Attack Campaigns
November 28, 2022

Popular Platforms’ User Data Leaks Could Boost Future Attack Campaigns

The holiday season begins with large-scale user data leaks on popular social platforms. Given the sensitivity of the information they expose, the leaked data may end up being used in other attacks.  To take proper precautions,… Continue Reading

What We Learned from Medibank Ransomware Incident
November 25, 2022

What We Learned from Medibank Ransomware Incident

In less than a month, Medibank is the second Australian business to experience a significant data breach after the telecommunications giant Optus. On October 12th, David Koczkar, the chief executive of Medibank, got an internal notification about suspicious… Continue Reading

All You Need To Know About the ManageEngine Vulnerability (CVE-2022-40300)
November 25, 2022

All You Need To Know About the ManageEngine Vulnerability (CVE-2022-40300)

What is the Vulnerability in ManageEngine (CVE-2022-40300)? Recently, Zoho has patched a vulnerability tracked as CVE-2022-40300 in ManageEngine. The vulnerability affects a few products and could lead to SQL injection due to resource types being validated improperly in AutoLogonHelperUtil class. … Continue Reading

91% of E-Commerce Login Traffic is Credential Stuffing Attempts
November 24, 2022

91% of E-Commerce Login Traffic is Credential Stuffing Attempts

Credential stuffing is a type of cyberattack in which user login information or entire password lists are obtained through theft or leaks and used to log into another service. Weak and reused passwords invite credential… Continue Reading

New ICT regulation of EU Financial Sector: DORA
November 24, 2022

New ICT regulation of EU Financial Sector: DORA

by SOCRadar Research Cyber-attacks are rising worldwide, and the financial industry is among the most targeted ones. Cyber threats and attacks have become one of the sources of systemic risk for the financial industry. The… Continue Reading

Gifts of the Dark Web: Auto-Generated Gift Codes
November 23, 2022

Gifts of the Dark Web: Auto-Generated Gift Codes

The most popular interests of online shoppers are earning or using gift cards, reward points, and coupons. During the holiday season, e-commerce sites increase the distribution of gift cards and rewards in response to customer… Continue Reading

SOCRadar AttackMapper: Gartner-recommended EASM Solution
November 23, 2022

SOCRadar AttackMapper: Gartner-recommended EASM Solution

The Gartner Invest Analyst Insight report, which will guide the future investment plans of managers and decision-makers in the cybersecurity market, was published on October 19, 2022. SOCRadar is also recognized as a recommended EASM… Continue Reading

E-Commerce Threat Landscape Report: 17.4M Credit Card Information Sold
November 22, 2022

E-Commerce Threat Landscape Report: 17.4M Credit Card Information Sold

Attacks in the e-commerce industry are usually known to threaten financial information. When a user makes a payment, credit card data is stored in e-commerce sites, adding to billions of credit card data that can… Continue Reading

November 21, 2022

The Week in Dark Web – 21 November 2022 – Access & Malicious Service Sales and Data Leaks

Powered by DarkMirror™ There are not always access or database sales on the dark web, although we mainly cover them in our weekly articles. Threat actors also run malware-as-a-service or ransomware-as-a-service operations on the dark… Continue Reading

E-Commerce Threat Landscape Report: HTTPS Used in %70 of Scams
November 21, 2022

E-Commerce Report: Threat Actors Use HTTPS in 70% of Scams

E-commerce is a fragile industry, opening many doors to various attacks. Phishing is a widespread attack in this industry; in fact, e-commerce is the third most targeted industry for phishing attacks.  Customers of e-commerce sites are… Continue Reading

F5 Released Hotfixes for F5 BIG-IP and iControl REST Vulnerabilities
November 17, 2022

F5 Released Hotfixes for BIG-IP and iControl REST Vulnerabilities

What are the CVE-2022-41622 and CVE-2022-41800 Vulnerabilities? The vulnerability CVE-2022-41622 makes BIG-IP and BIG-IQ vulnerable to unauthenticated remote code execution (RCE) via cross-site request forgery due to Big-IP’s SOAP API lacking CSRF protection and other protective measures. A remote… Continue Reading

All You Need to Know About SandBreak Vulnerability in VM2
November 16, 2022

All You Need to Know About SandBreak Vulnerability in VM2

What is the SandBreak Vulnerability? The SandBreak vulnerability in vm2 is identified as CVE-2022-36067. A remote attacker could exploit the vulnerability to bypass the sandbox environment, which could enable them to execute shell commands on the host… Continue Reading

How Can SOC Analysts Benefit from Cyber Threat Intelligence?
November 15, 2022

How Can SOC Analysts Benefit from Cyber Threat Intelligence?

A modern-day SOC is made from three components: people, processes, and technologies. In the people factor, a SOC team accounts for the provision of IT security services via detecting potential cyber threats and attacks actively,… Continue Reading

FIFA World Cup 2022 Qatar: Dark Web & Phishing Landscape Analysis
November 15, 2022

FIFA World Cup 2022 Qatar: Dark Web & Phishing Landscape Analysis

FIFA World Cup 2022 will be organized in Qatar from November 20 to December 18, 2022. Predictions show that 1.5 million people will travel to Qatar to watch the tournament, which national teams from 32… Continue Reading

November 14, 2022

The Week in Dark Web – 14 November 2022 – Access Sales and Data Leaks

Powered by DarkMirror™ November is the time of year when shopping sites are most targeted by threat actors. Just two weeks have passed, but there are many shopping sites' databases and access sales on the… Continue Reading

Manufacturing Industry Pays the Highest Average Ransom at $2.04M
November 14, 2022

Manufacturing Industry Pays the Highest Average Ransom at $2.04M

The past five years have witnessed the evolution of threat actors in ransomware. These developments, both operationally and technically, have significantly increased the damage done by ransomware groups. Ransomware gangs are no longer content with… Continue Reading

Penetration Testing vs. External Attack Surface Management vs. Vulnerability Management
November 14, 2022

Penetration Testing vs. External Attack Surface Management vs. Vulnerability Management

In an environment where attack methods are diversified, threat actors are constantly improving, massive attacks, data breaches, digital frauds, and ransomware attacks continue unabated. And it becomes more challenging to secure cyberspace.  To cope with… Continue Reading

All You Need to Know About the Latest OpenLiteSpeed Vulnerabilities
November 13, 2022

All You Need to Know About the Latest OpenLiteSpeed Web Server Vulnerabilities

Researchers have discovered three different vulnerabilities, two of which are assigned a high severity rating and respectively used in the attack chain in the OpenLiteSpeed web server. According to some sources, it could be ranked… Continue Reading

Increased Healthcare Security Breaches in 2022
November 11, 2022

Increased Healthcare Security Breaches in 2022

Data from the US government shows that there has been a significant increase in healthcare security breaches.  At least 125 data breaches of healthcare organizations have been reported since the beginning of April, according to a list… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo