Latest articles from SOCRadar
Researchers discovered a new ransomware group called Cactus, operating since at least March 2023. Cactus steals data and encrypts files like other ransomware operations but uses a different method to avoid detection. Cactus, according to researchers,… Continue Reading
The RSA Conference 2023 is set to be one of the biggest and most exciting cybersecurity events of the year. With over 500 sessions scheduled, attendees will have plenty of opportunities to learn from some of the brightest minds… Continue Reading
The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and… Continue Reading
The world has changed rapidly since the invention of the Internet. One of the most important aspects it affected is using the Internet for banking. According to Forbes, as of 2022, 78% of adults in the U.S. prefer… Continue Reading
Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian Government Computer Emergency Response Team… Continue Reading
[May 4, 2023] Update: Brightline, a mental health provider, was among the organizations targeted by the Clop ransomware group in March. Read the subheading "Data Breach of Brightline Impacts Over 780K Patients." The Department of Health… Continue Reading
Cybersecurity researchers have discovered a new malware, called 'LOBSHOT,' distributed through Google ads. This malware allows cybercriminals to take over infected Windows devices by using hVNC. The hVNC is a type of VNC remote access… Continue Reading
Ransomware has been one of the most glaring threats against organizations in recent years. Since 2021 SOCRadar has detected around 5,600 ransomware attacks. There was a rise from 2021 to 2022 in the number of attacks… Continue Reading
SOCRadar's first technical white paper is out! Here are some highlights: Threat actors created fake data to increase the number of records. Stealer software commonly runs in the Downloads folder and AppData/temp directories. Corporate credentials… Continue Reading
A global malverposting campaign that has been ongoing for the past three months has been traced back to a Vietnamese threat actor. Malverposting is the practice of distributing malware to a large number of people through promoted social… Continue Reading
We are experiencing a period in which threat actors are increasingly outsourcing and growing the cybercrime network. SOCRadar researchers have previously addressed these issues in their initial access and vulnerability brokers articles. The larger this network, the easier attackers… Continue Reading
One of the most devastating cyberattacks on critical infrastructure was the Colonial Pipeline attack in the United States in May 2021. This attack caused chaos nationwide and was considered a national security threat affecting consumers, airlines, and public transportation. … Continue Reading
[Update] May 15, 2023: The Bl00dy Ransomware gang has started exploiting the CVE-2023-27350 vulnerability. Added the subheading: “Bl00dy Ransomware Exploits PaperCut RCE in Education Industry.” [Update] May 9, 2023: State-sponsored threat actors named Mint Sandstorm… Continue Reading
The frequency of ransomware attacks is on the rise every year. A single group, the LockBit Ransomware Group, is accountable for over one-third of all ransomware attacks in the latter half of the previous year, the… Continue Reading
Developers of Apache Superset, an open-source data visualization software, have released patches to fix a vulnerability in the default configuration settings. The vulnerability, identified as CVE-2023-27524, has a high severity CVSS score of 8.9. An unauthenticated attacker who… Continue Reading
Attacks and security solutions tailored with the help of artificial intelligence (AI) have become a trending subject in the security industry as AI bots continue to improve. The power of AI has initiated an arms… Continue Reading
A new high-severity vulnerability was discovered, affecting Service Location Protocol (SLP). The vulnerability could allow attackers to launch massive volumetric denial-of-service (DoS) attacks, which could be amplified up to 2,200 times. Researchers state that the vulnerability, identified as CVE-2023-29552 (CVSS… Continue Reading
Security researchers recently uncovered a new malware payload in the PyPI repository for Python packages. The payload, written in C#, raised concerns about the possibility of cross-language malware attacks. Security researchers at JFrog discovered 22 malicious packages containing the… Continue Reading
As the amount of data companies possesses grow, their costs can be optimized more efficiently. Thanks to the emergence of storage technologies, such as AWS S3, that meet business and compliance requirements and their user-friendly… Continue Reading
Powered by DarkMirror™ Ransomware is on the headlines again in SOCRadar's weekly dark web summary. Well-known cybercrime gangs LockBit and BlackCat (ALPHV) continue their attacks. The BlackCat ransomware gang announced that they attacked Western Digital… Continue Reading
