Blog

Latest articles from SOCRadar

May 10, 2023

Microsoft’s May 2023 Patch Tuesday Addresses Three Zero-Day Vulnerabilities

Microsoft has released the May 2023 Patch Tuesday update and it addresses 40 security vulnerabilities. The patch addresses six critical vulnerabilities and three zero-day vulnerabilities, two of which are actively exploited. The following is a… Continue Reading

May 10, 2023

Ever-Changing Tactics on Social Engineering

In today's digital age, cyber threats are becoming increasingly common, and one of the most prevalent types of attacks is phishing. Phishing involves tricking people into giving away their personal or confidential information by posing… Continue Reading

Dark Web Profile: KillNet Anonymous Sudan
May 9, 2023

Dark Web Profile: KillNet Anonymous Sudan

[Update] July 5, 2023: In a recent cyber attack, Anonymous Sudan claimed to have targeted the login portal of Riot Games Inc. Added under the subheading: “Recent Cyber Activities: Microsoft Hacking, UAE-Israel Alliance, and Targeted Attacks.” [Update]… Continue Reading

Money Message Ransomware Leaks MSI Signing Keys for Intel Boot Guard
May 9, 2023

Money Message Ransomware Leaks MSI Signing Keys for Intel Boot Guard

MSI, a leading Taiwanese PC manufacturer, suffered a ransomware attack last month. The threat actors behind the attack, the Money Message gang, published the company's private code signing keys on a dark website last week for double extortion. In… Continue Reading

May 8, 2023

Vocalcom Ransomware Attack, Credit Card Sales, and Botnet Services

This week, we have some troubling news to share, like always. We've learned that half a million credit cards belonging to Brazilians are up for sale on the dark web. In addition, an American shop… Continue Reading

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection
May 8, 2023

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection

Researchers discovered a new ransomware group called Cactus, operating since at least March 2023. Cactus steals data and encrypts files like other ransomware operations but uses a different method to avoid detection. Cactus, according to researchers,… Continue Reading

Top 7 Must-watch Talks at RSA Conference 2023
May 5, 2023

Top 7 Must-watch Talks at RSA Conference 2023

The RSA Conference 2023 is set to be one of the biggest and most exciting cybersecurity events of the year. With over 500 sessions scheduled, attendees will have plenty of opportunities to learn from some of the brightest minds… Continue Reading

Cyber Attackers Continue Threatening Education and Healthcare Organizations
May 5, 2023

Cyber Attackers Continue Threatening Education and Healthcare Organizations

The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and… Continue Reading

The .bank TLD: Benefits and Downsides
May 4, 2023

The .bank TLD: Benefits and Downsides

The world has changed rapidly since the invention of the Internet. One of the most important aspects it affected is using the Internet for banking. According to Forbes, as of 2022, 78% of adults in the U.S. prefer… Continue Reading

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
May 4, 2023

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices

Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian Government Computer Emergency Response Team… Continue Reading

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks
May 3, 2023

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks

[May 4, 2023] Update: Brightline, a mental health provider, was among the organizations targeted by the Clop ransomware group in March. Read the subheading "Data Breach of Brightline Impacts Over 780K Patients." The Department of Health… Continue Reading

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads
May 3, 2023

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads

Cybersecurity researchers have discovered a new malware, called 'LOBSHOT,' distributed through Google ads. This malware allows cybercriminals to take over infected Windows devices by using hVNC. The hVNC is a type of VNC remote access… Continue Reading

Dark Web Profile: BlackByte Ransomware
May 2, 2023

Dark Web Profile: BlackByte Ransomware

Ransomware has been one of the most glaring threats against organizations in recent years. Since 2021 SOCRadar has detected around 5,600 ransomware attacks. There was a rise from 2021 to 2022 in the number of attacks… Continue Reading

May 2, 2023

SOCRadar Technical Whitepaper: ‘Snapshot of 70 Million Stealer Logs’

SOCRadar's first technical white paper is out! Here are some highlights: Threat actors created fake data to increase the number of records.  Stealer software commonly runs in the Downloads folder and AppData/temp directories.  Corporate credentials… Continue Reading

Global Malverposting Campaign Infecting Over 500,000 Devices
May 2, 2023

Global Malverposting Campaign Infecting Over 500,000 Devices

A global malverposting campaign that has been ongoing for the past three months has been traced back to a Vietnamese threat actor.  Malverposting is the practice of distributing malware to a large number of people through promoted social… Continue Reading

May 2, 2023

Salesforce Credentials Leak, Admin, and Webshell Access Sales, Partnership Announcements

We are experiencing a period in which threat actors are increasingly outsourcing and growing the cybercrime network. SOCRadar researchers have previously addressed these issues in their initial access and vulnerability brokers articles. The larger this network, the easier attackers… Continue Reading

An Inherent Weakness: Critical Infrastructures in Gulf Countries
April 28, 2023

An Inherent Weakness: Critical Infrastructures in Gulf Countries

One of the most devastating cyberattacks on critical infrastructure was the Colonial Pipeline attack in the United States in May 2021. This attack caused chaos nationwide and was considered a national security threat affecting consumers, airlines, and public transportation. … Continue Reading

Active Exploitation of Serious Vulnerabilities in PaperCut, Veeam, and TP-Link
April 28, 2023

Active Exploitation of Serious Vulnerabilities in PaperCut, Veeam, and TP-Link

[Update] May 15, 2023: The Bl00dy Ransomware gang has started exploiting the CVE-2023-27350 vulnerability. Added the subheading: “Bl00dy Ransomware Exploits PaperCut RCE in Education Industry.” [Update] May 9, 2023: State-sponsored threat actors named Mint Sandstorm… Continue Reading

Dark Web Profile: LockBit 3.0 Ransomware
April 27, 2023

Dark Web Profile: LockBit 3.0 Ransomware

[Update] August 31, 2023: See the subheading: “LockBit’s Operational Struggles, Empty Threats, and Sudden Surge.” [Update] July 03, 2023: LockBit claimed to hack Taiwan Semiconductor Manufacturing Company (TSMC), but TSMC clarified that only one of… Continue Reading

Apache Superset's Default Configuration Vulnerability Could Lead to RCE
April 27, 2023

Apache Superset’s Default Configuration Vulnerability Could Lead to RCE

Developers of Apache Superset, an open-source data visualization software, have released patches to fix a vulnerability in the default configuration settings. The vulnerability, identified as CVE-2023-27524, has a high severity CVSS score of 8.9. An unauthenticated attacker who… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo