Blog

Latest articles from SOCRadar

Microsoft Exchange Server Vulnerability Trend in 2022
February 6, 2023

Microsoft Exchange Server Vulnerability Trend in 2022

By SOCRadar Research Microsoft Exchange Server, a widely used email and calendar server for businesses, holds critical information vital to an organization's functioning. Exchange servers can contain the PII of the users and sensitive data regarding the… Continue Reading

February 6, 2023

The Week in Dark Web – February 5, 2023 – Access Sales and Data Leaks

Powered by DarkMirror™ Threat actors can weaponize even the smallest scraps of information in large-scale attacks. This is why dark web posts that expose personal information, such as data leaks, account and access sales can… Continue Reading

February 4, 2023

ESXiArgs Ransomware Attack Targets VMware Servers Worldwide

The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP service that unauthenticated threat actors in low-complexity attacks can exploit.  According to available research, CERT-FR claims that this attack exploits the CVE-2021-21974 vulnerability that has… Continue Reading

Lessons Learned from Education Industry Attacks in 2022
February 3, 2023

Lessons Learned from Education Industry Attacks in 2022

By SOCRadar Research The education industry covers a diverse range of organizations, including K-12 education, higher education, private and public education, science research institutes, and tutoring ranging from exam preparation to hobby courses. Furthermore, educational… Continue Reading

1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations
February 2, 2023

1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations

A new malware has appeared on the frontlines, targeting online Redis servers. The malware, named HeadCrab by researchers, has been active since September 2021. The malware's primary goal is to create a botnet for Monero… Continue Reading

How Can Extended Threat Intelligence Help CISO's First 100 Days?
February 2, 2023

How Can Extended Threat Intelligence Help CISO’s First 100 Days?

When the expression "first 100 days" is mentioned, we all immediately think of what a leading politician has done from the first day to the hundredth day. These "first 100 days" became iconic during Franklin… Continue Reading

What is Stealer as a Service?
February 1, 2023

What is Stealar as a Service?

By SOCRadar Research Stealer as a service is a marketing approach in which threat actors offer to sell or lease access to information-stealer tools designed to steal sensitive data from victims' devices. This model enables anyone… Continue Reading

134M Exploit Attempts: Realtek RCE Vulnerability Targeted in Large-Scale Attacks
January 31, 2023

134M Exploit Attempts: Realtek RCE Vulnerability Targeted in Large-Scale Attacks

Threat actors stepped up their efforts to exploit a remote code execution vulnerability in the Realtek Jungle SDK between August and October 2022, according to researchers. A report from Palo Alto Networks noted that the attacks targeting… Continue Reading

SOCRadar's End of Year Report: Phishing Threats in 2022
January 30, 2023

SOCRadar’s End of Year Report: Phishing Threats in 2022

The year 2022 was challenging for global cybersecurity, with waves of cyberattacks during Russia's invasion of Ukraine setting the tone for the rest of the year. This has also made it a challenging year for… Continue Reading

January 30, 2023

The Week in Dark Web – 30 January 2023 – KillNet Targets Germany!

Powered by DarkMirror™ Former DDoS provider, nowadays a pro-Russian threat actor KillNet continues targeting western organizations. Since Russia's invasion of Ukraine started, the group added many victims to its list. Last week, multiple German companies… Continue Reading

Yandex Code Repositories Leaked Allegedly by Former Employee
January 27, 2023

Yandex Code Repositories Leaked Allegedly by Former Employee

Yandex, a Russian technology company and popular search engine, has had its source code repositories leaked on a hacker forum. According to Yandex, the repositories were stolen by a former employee.  The hacker shared a magnet link with 44.7GB of data… Continue Reading

Malicious Actors in Dark Web: December 2022 Ransomware Landscape
January 27, 2023

Malicious Actors in Dark Web: December 2022 Ransomware Landscape

Ransomware is one of the more common cyberattack types in the news. Behind the scenes of ransomware, there are numerous threat actors, each with a motive. Although the motive usually includes financial gain, the threat actors… Continue Reading

CTI4SOC: Ultimate Solution to SOC Analyst's Biggest Challenges
January 26, 2023

CTI4SOC: Ultimate Solution to SOC Analyst’s Biggest Challenges 

Today's SOC analyst has a lot to deal with. All kinds of challenges await these cybersecurity professionals, who undertake the critical task of keeping organizations safe. Some of these challenges are related to the changing cybercrime… Continue Reading

January 26, 2023

Dark Web Profile: Hive Ransomware Group

by SOCRadar Research On November 8, 2021 electronics retail giant Media Markt has suffered a ransomware attack with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to… Continue Reading

Introducing Radar Pages: Major Cyber Attacks
January 26, 2023

Introducing Radar Pages: Major Cyber Attacks

Cybersecurity has grown in importance as a geopolitical factor. Cyberattacks target public and private systems each day, and the variety of attacks has grown quickly.  Cybercriminals are primarily driven by financial gain; they are looking for information… Continue Reading

VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight
January 25, 2023

VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight

UPDATE (February 1, 2023): Proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain has been made available by researchers. VMware patched several vulnerabilities found in its vRealize Log Insight appliance. The vulnerabilities are identified as… Continue Reading

Remote Code Execution Vulnerability in Microsoft Teams
January 24, 2023

Remote Code Execution Vulnerability in Microsoft Teams

Researchers discovered an RCE vulnerability in Microsoft Teams during Pwn2Own 2022. The application is used by a wide range of people, including professionals, and an exploit could cause significant harm to its users.  Remote code execution (RCE)… Continue Reading

January 24, 2023

The Week in Dark Web – 24 January 2023 – Access Sales and Data Leaks

Powered by DarkMirror™ Threat actors cause cybercrime to spread to a broader base with databases and unauthorized access sales. Without the ability to obtain the database, attackers can purchase personal information from other threat actors… Continue Reading

From Zero to Adversary: APTs
January 23, 2023

From Zero to Adversary: APTs

By SOCRadar Research From time to time, news hit the front pages regarding cyberattacks on significant infrastructures, such as nuclear facilities, or major companies, such as SolarWinds. These attacks are carried out by cyber threat… Continue Reading

Attackers Exploit Fortinet Zero-Day CVE-2022-42475 with BoldMove Malware
January 23, 2023

Attackers Exploit Fortinet Zero-Day CVE-2022-42475 with BoldMove Malware

Researchers have discovered a sophisticated new BoldMove malware created specifically to operate on Fortinet's FortiGate firewalls after collecting data related to a recently disclosed zero-day vulnerability in the company's FortiOS SSL-VPN technology.  A threat actor created the malware with a base… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo