Latest articles from SOCRadar
According to a post on Reddit, evidence was presented that the CTX module in the Python package repositories is performing malicious activity. It is known that the CTX module was updated again after seven years,… Continue Reading
The reconnaissance and espionage campaign of the Russia-linked Turla hacker group against the Austrian Economic Chamber, Baltic Defense College, and NATO's Joint Advanced Distributed Learning (JDAL) platform has emerged. Experts think that the recent economic… Continue Reading
Karakurt has extorted sensitive data from nearly 40 different organizations within a year, a Russian-originated cybercriminal organization. So what is the cause of the group's "success," and who are they? Karakurt: A Ransomware Gang or… Continue Reading
The Conti ransomware gang had taken its infrastructure offline and ceased operations. According to the news of Advanced Intel's Yelisey Boguslavskiy, the Tor admin panel, where Conti held the ransom negotiations and published new data leak… Continue Reading
The rise of working from home and access to cloud services and the expansion of businesses have increased attack surfaces. The attack surface is all hardware, software, and cloud assets that process or store information with access… Continue Reading
Threat intelligence feeds on such a broad spectrum that sometimes you'd be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the… Continue Reading
The critical VMware vulnerability with code CVE-2022-22954 was discovered to be used by threat actors for remote code execution in botnet and Log4Shell-driven attacks. Although VMware has announced that the vulnerability has been fixed, cyber-attacks continue… Continue Reading
Powered by DarkMirror™ This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines… Continue Reading
SOCRadar analysts, while investigating phishing attacks via WhatsApp, recently found a significant increase in an attack with the same type of content. One of the most notable features of the attack was that it quickly… Continue Reading
Threat actors exploit the critical vulnerability affecting Zyxel's firewall and VPN devices. The vulnerability allows attackers to inject arbitrary commands without authentication remotely. Zyxel has recently released patches for it. The vulnerability, code CVE-2022-30525, is… Continue Reading
With the development of technology, nowadays, we can connect various everyday devices, such as cars, kitchen appliances, TV, to the internet, or other wireless communication networks, via embedded devices. This technology is called, simply the… Continue Reading
It turned out that the backdoor malware called BPFdoor, which cybersecurity researchers recently discovered, has been targeting Linux and Solaris systems for over five years. BPFdoor allows threat actors to remotely connect to a Linux… Continue Reading
RaidForums was launched in 2015 by Diogo Santos Coelho of Portugal, aka Omnipotent. Cybercriminals enormously used the RaidForums hacker site to obtain and sell stolen datasets. The forum represented a database sharing and marketplace forum,… Continue Reading
Cybersecurity is one of the main topics for business managers in today's world. The approach to cyber risks has changed from "maturity based" to "risk-based" over time. Managerial leaders want to know the cyber threats to… Continue Reading
Threat actors shared a 10GB database allegedly belonging to popular VPN apps such as SuperVPN, GeckoVPN, and ChatVPN companies in a Telegram group. The database, which includes the personal information of approximately 21 million users,… Continue Reading
Microsoft has released the May 2022 Patch Tuesday. The patches fix three zero-day vulnerabilities, one of which is actively exploited, and 75 vulnerabilities. According to the released security update, eight vulnerabilities are rated as "critical" and… Continue Reading
Microsoft has released patches for a vulnerability that affects Azure Synapse and Azure Data Factory products, allowing threat actors to RCE the Integration Runtime infrastructure. The vulnerability coded CVE-2022-29972 was evaluated in the high-risk category… Continue Reading
Powered by DarkMirror™ This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines… Continue Reading
In the cyber world that grows and develops with cumulative data accumulation, "small" and short-term data breaches that we think we can ignore from time to time may cause a crisis beyond our estimations. Unlike… Continue Reading
A critical vulnerability discovered by F5 on May 4 allows threat actors to bypass iControl REST authentication. The flaw which coded CVE-2022-1388 has a CVSS score of 9.8. According to F5's advisory, there is no… Continue Reading
