Blog

Latest articles from SOCRadar

TikTok Denies Allegations of a 2.05 Billion Record Data Breach
September 6, 2022

TikTok Denies Allegations of a 2.05 Billion Record Data Breach

Popular social media platform TikTok rejected claims that it had been compromised by threat actors who claimed to have obtained access to an insecure cloud server.  The denial comes in response to suspected hacking posts… Continue Reading

QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware
September 6, 2022

QNAP Fixes Zero-Day Recently Leveraged by DeadBolt Ransomware

The Taiwanese company QNAP cautions customers about DeadBolt ransomware attacks upon exploiting a zero-day vulnerability in Photo Station. QNAP detected the issue on September 3.  The DeadBolt ransomware gang has been allegedly exploiting the zero-day vulnerability on QNAP NAS… Continue Reading

What is Account Takeover and How to Prevent It?
September 5, 2022

What is Account Takeover and How to Prevent It?

What is Account Takeover?  Account takeover occurs when fraudsters use stolen credentials to gain unauthorized access to a valid account. ATO attacks are used by fraudsters to move payments, steal information, and take advantage of… Continue Reading

Major Cyberattacks in Review: August 2022
September 5, 2022

Major Cyberattacks in Review: August 2022 

Threat actors did not stay idle in August, and as always, they continued their attacks on small or large companies, government organizations, and critical infrastructures that could disrupt daily life. While ransomware attacks remained popular,… Continue Reading

Attackers Targeting Banking Credentials: American Express and Google Play Users at Risk
September 5, 2022

Attackers Targeting Banking Credentials: American Express and Google Play Users at Risk

Phishing has changed significantly over the past ten years, and scammers now have sophisticated tools to use fake emails and websites to access the banking information of unwary victims. These cutting-edge strategies and alluring lures… Continue Reading

What is Malvertising & How to Stop Ad Malware?
September 2, 2022

What is Malvertising & How to Stop Ad Malware?

What is a Malvertising Attack?  Malvertising, also known as malicious advertising, refers to criminally controlled advertisements within Internet-connected programs, typically web browsers (there are exceptions), that intentionally harm individuals and businesses by distributing malware, potentially… Continue Reading

1,800 Mobile Apps with Hardcoded AWS Credentials Show Supply Chain Risks
September 2, 2022

1,800 Apps with Hardcoded AWS Credentials Show Supply Chain Risks

More than 1,800 mobile applications have hardcoded AWS credentials, according to Symantec, which has issued a warning about the possible risks of poor security measures.  An analysis of Android and iOS apps revealed that most apps… Continue Reading

What is Customer Identity and Access Management (CIAM)?
September 1, 2022

What is Customer Identity and Access Management (CIAM)?

CIAM (Customer identity and access management) is part of the identity and access management (IAM) system integrated into applications for external users such as customers/consumers. The primary goal of CIAM is to manage and control… Continue Reading

Spyware Firm Sold Android and iOS Remote Code Execution Exploit for €8 Million
September 1, 2022

Spyware Firm Sold Android and iOS RCE Exploit for €8 Million

Intellexa, a spyware firm that originated in Greece, has entered the market recently. Its work is similar to Pegasus Spyware and offers RCE exploits for iOS and Android OS. In November 2019, Cyprus authorities detained… Continue Reading

Top Open Source Solutions for Building Security Operations Center II
August 31, 2022

Top Open Source Solutions for Building Security Operations Center II

A Security Operations Center (SOC) is a centralized function inside an organization that employs people, procedures, and technology to continually monitor and enhance an organization's security posture. It also prevents, identifies, analyzes, and reacts to cybersecurity… Continue Reading

Malicious Chrome Extensions Could Affect More Than 1.4 Million Users
August 31, 2022

Malicious Chrome Extensions Could Affect More Than 1.4 Million Users

McAfee researchers discovered several malicious Google Chrome extensions. The total download count for the extensions is over 1.4 million. The extensions are capable of tracking and stealing browser activity.  The malicious extensions are listed as: Netflix… Continue Reading

10 Free Security Testing Tools to Test Your Website
August 30, 2022

10 Free Security Testing Tools to Test Your Website  

Security testing for an application is a crucial element in the lifecycle of software testing. It restricts unwanted intrusions at multiple application layers, including servers, the front-end application layer, middleware modules, and network security.  This… Continue Reading

August 29, 2022

The Week in Dark Web – 29 August 2022 – Access Sales and Data Leaks

Powered by DarkMirror™ This week’s edition covers the latest dark web news from the past week. This week's headlines are leaks, dark web access sales, and vast databases of user information. Find out if your… Continue Reading

All You Need to Know About Endpoint Security
August 29, 2022

All You Need to Know About Endpoint Security

Endpoint Security products are responsible for a market size of approximately 14 million in 2021. Regarding this market's compound annual growth rate (CAGR), it is estimated that the market will double in 9 years. According… Continue Reading

Critical RCE Vulnerability in the Atlassian Bitbucket Server and Data Center
August 29, 2022

Critical RCE Vulnerability in the Atlassian Bitbucket Server and Data Center

Atlassian recently issued a security advisory to notify Bitbucket Server and Data Center users about a critical vulnerability. Labeled CVE-2022-36804 is a command injection flaw with a CVSS score of 9.9. On vulnerable systems, the vulnerability could allow attackers… Continue Reading

Dark Web Profile: Blackcat Ransomware Group (ALPHV)
August 26, 2022

Dark Web Profile: BlackCat (ALPHV)

By SOCRadar Research On April 19, 2022, The Federal Bureau of Investigation (FBI) published a FLASH alert about the BlackCat (ALPHV)'s activities during March 2022. According to the FBI's report, BlackCat is believed to be… Continue Reading

Twilio and MailChimp Attackers Hit 130 Organizations With Okta Phishing Campaign
August 26, 2022

Twilio and MailChimp Attackers Hit 130 Organizations with Okta Phishing Campaign 

A larger phishing campaign that targeted 136 organizations and resulted in the theft of 9,931 account login credentials has been linked to the hackers behind a series of recent hacks, including those on Twilio, MailChimp, and Cloudflare. These… Continue Reading

Threat Actors Stole LastPass Source Code Through a Compromised Developer Account
August 26, 2022

Threat Actors Stole LastPass Source Code Through a Compromised Developer Account

On 25th August, LastPass announced a breach and stated that its source code was stolen, along with some technical information. The incident happened two weeks ago, and the password management company only recently confirmed it.… Continue Reading

Dark Web Stories: Escrow
August 25, 2022

Dark Web Stories: Escrow

Have you ever heard of the term dark web? Besides sheltering various individuals from spies to threat actors in its highly private environment, the dark web also hosts black markets of different sizes. According to… Continue Reading

IBM Fixes Security Bypass Vulnerabilities Discovered in MQ Software
August 25, 2022

IBM Fixes Security Bypass Vulnerabilities Discovered in MQ Software

IBM released security updates for two critical vulnerabilities in its message-oriented middleware IBM MQ. The vulnerabilities, identified as CVE-2022-27780 and CVE-2022-30115, allow for security bypass and exposure of sensitive data.  The flaws were both discovered… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo