Latest articles from SOCRadar
Have you ever wondered how hackers find the IPs, ports, and services required for their attacks? Some attacks need thousands of host computers to find the vulnerable ones. Hackers do not require sophisticated tools to… Continue Reading
Today, with the effects of digitalization, most of the information is stored online. This situation creates a vulnerability for organizations because the number of cyberattacks is increasing daily to steal those data. One example of… Continue Reading
A new DFSCoerce NTLM Relay attack has been discovered on Windows. Threat actors can take over Microsoft Active Directory Certificate Services (AD CS) domains using MS-DFSNM (Microsoft Distributed File System Namespace Management). To take over… Continue Reading
SOCRadar will be at InfoSecurity Europe, held at London ExCel this week from 21 to 23 June. We are very excited to meet you face to face at our booth V38. Visit us to gain… Continue Reading
Originally a banking trojan, BRATA acquires new capabilities and becomes a more advanced threat. Malware can now be much more effective at stealing user information. Cleafy's analysis shows BRATA's activities are almost identical to APT activity… Continue Reading
Cybersecurity researchers have revealed that Sophos Firewall has been actively exploited by DriftingCloud APT group since early March. Apparently, the attacks started long before the CVE-2022-1040 vulnerability was patched, affecting v18.5 and older versions of… Continue Reading
Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as… Continue Reading
Microsoft has released the June 2022 Patch Tuesday. The company announced that it had patched 55 vulnerabilities, including the CVE-2022-30190 vulnerability, nicknamed Follina, which affects Office products. Among the fixed vulnerabilities, 27 RCE and 12… Continue Reading
The newly discovered Linux malware Symbiote can easily infect and hide in almost any process on compromised systems. The malware steals account credentials and gives malicious actors backdoor access. Symbiote is stored in the system after… Continue Reading
The Kingdom of Saudi Arabia (KSA) has launched a digital transformation program focusing on the banking industry. With the growing digitization of financial services, securing the availability of sensitive data, transactions, and services has become… Continue Reading
Linux-based Black Basta ransomware targets VMware ESXi virtual machines, while DeadBolt ransomware targets QNAP NAS (network-attached storage) products. Black Basta has deployed a new Linux-based version to target VMware ESXi servers. DeadBolt stands out with… Continue Reading
Whether you work at a startup or in the information security department of a well-established company, you need to attend cybersecurity events to meet with the world's leading cybersecurity experts and vendors. These events, where… Continue Reading
LockBit ransomware gang claimed that they had stolen Mandiant's data. The gang posted a countdown on their data leak site earlier today. They claimed to have hacked the cybersecurity company and stolen 356,841 files from their network. LockBit's… Continue Reading
After it was disclosed that the RCE vulnerability with the code CVE-2022-26134, which affects Atlassian Confluence and Data Center servers, was exploited by multiple threat actors, detailed analyzes of the exploit continue to be published.… Continue Reading
Threat hunting is how computer security specialists aggressively seek out and eliminate cyber dangers that have infiltrated their computer network invisibly. Threat hunting is searching for new possible risks and vulnerabilities beyond recognized alerts or malicious… Continue Reading
Verizon has released the 15th Data Breach Investigations Report (DBIR), an in-depth analysis of trends in cyberattacks and data breaches for cybersecurity experts and leaders worldwide. The report includes reviews of around 24,000 cybersecurity incidents that… Continue Reading
According to the 2022 mobile threat landscape analysis published byThreatFabric, ODF (on-device fraud) banking trojans targeting Android devices are widespread, while Spain and Turkey are at the center of malware campaigns. The other most targeted countries are Poland, Australia,… Continue Reading
The Follina zero-day vulnerability in Microsoft Office allows threat actors to perform remote code execution. Cybersecurity researchers discovered the vulnerability when the Word document "05-2022-0438.doc" was uploaded to VirusTotal from an IP address in Belarus. Independent… Continue Reading
GitHub has announced that 100,000 npm user information was stolen through OAuth tokens linked to Heroku and Travis CI. It was previously stated that there was a security breach in mid-April, but detailed information was not… Continue Reading
Information that an organization utilizes to understand the risks that have, will, or are presently attacking it is known as cyber threat intelligence. This information is used to predict, prevent, and identify cyber-threats attempting to… Continue Reading
