Latest articles from SOCRadar
Powered by DarkMirror™ Threat actors sold which companies' or governments' data on the dark web in the first week of October? Are there any access sales that attackers can use for potential breaches? Here's a… Continue Reading
Last week, notorious ransomware gangs made a splash again by targeting US critical infrastructures. One of the threat actors that victimized the defense and education sectors were the BlackCat group, also known as ALPHV, and… Continue Reading
Threat actors related to SolarMarker strike with watering hole attacks as a new method of delivering malware rather than the previously used SEO poisoning method. In this new approach, they used fake Google Chrome updates… Continue Reading
Security experts caution about actively exploited zero-day vulnerabilities in Microsoft Exchange servers. The flaws could allow remote code execution in fully patched servers. The two flaws are tracked by Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8)… Continue Reading
Overthinker1877 or 1877 Team have recently drawn attention for their random attacks worldwide. Although the first remarkable attack was ransomware against a Romanian news agency in May 2021, they are now on the headlines with… Continue Reading
The cracked version of Brute Ratel C4 (BRC4) is currently being distributed on hacker platforms for free. Posts spreading it have been seen in multiple hacking forums and Telegram and Discord channels. Post about cracked… Continue Reading
WhatsApp's September security update fixes two high-severity flaws that could result in remote code execution. The flaws affect WhatsApp and WhatsApp Business versions before 2.22.16.12 in iOS and Android operating systems. To see which version is currently… Continue Reading
Hackers frequently look for ways to trick users and organizations, as the weakest link in security is the human factor. This makes phishing one of the most common entry attacks. During the last two months,… Continue Reading
Over the past months, the SOCRadar Analyst Team has been tracking the Iranian hacker group known as Moses Staff. The group was first spotted in October 2021 and claimed its motivation was to harm Israeli… Continue Reading
The aviation industry covers a broad spectrum of stakeholders, including airlines, airports, technology providers, etc. It is one of the most important critical infrastructures, with all its network, assets, and systems. It also interacts with… Continue Reading
Data exfiltration malware Exmatter, previously associated with the BlackMatter ransomware gang, now has data corruption capabilities. This could signify a new strategy ransomware affiliates may use in the future. Although BlackMatter affiliates have been using… Continue Reading
Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen using the method… Continue Reading
![How to Detect & Prevent Ransomware Attacks [2022 CISO Edition]](https://socradar.io/wp-content/uploads/2022/09/how-to-detect-prevent-ransomware-attacks-2022-ciso-edition-1024x576.png)
Why is Ransomware One of the First Items on the CISOs Agenda? Rise with Pandemic With the pandemic, as we rush towards an increasingly digitized world, ransomware has become our institutions' most prevalent cyber threat. … Continue Reading
Microsoft SQL database servers are the target of a new ransomware attack campaign called FARGO ransomware. FARGO, also known as TargetCompany, aims to double-extort victims. This year's ransomware attacks against MS-SQL instances included dropping Cobalt Strike… Continue Reading
Sophos released a patch for a flaw discovered in their firewall product. Tracked as CVE-2022-3236 (CVSS score: 9.8), the vulnerability allows code injection in the User Portal and Webadmin components, which could result in remote code execution.… Continue Reading
Powered by DarkMirror™ Threat actors threaten organizations by selling databases containing sensitive data and accesses that could pave the way for potential attacks. Here is the summary of this past week. Find out if your… Continue Reading
Businesses come across more significant cybersecurity challenges as technology evolves. The digital environment and the attack surface are changing every single day. Thus, the significance of knowing when to change priorities cannot be overstated. It… Continue Reading
E-commerce platform Magento has become a frequent target for hackers. More attempts have been made to exploit CVE-2022-24086 since its proof-of-concept was made available. The critical vulnerability is present in Magento 2, and it allows unauthenticated attackers to execute… Continue Reading
CISA has added a new critical vulnerability to its Known Exploited Vulnerabilities Catalog. The flaw exists in several ManageEngine products from Zoho and can lead to remote code execution on unpatched instances. The flaw, identified as CVE-2022-35405,… Continue Reading
Access to timely cyber threat intelligence is widely acknowledged as a crucial protection tactic in our dynamic cyber threat scenario. As a result, there has been an explosion of prospective information sources providing incredible data.… Continue Reading
