Blog

Latest articles from SOCRadar

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection
May 8, 2023

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection

Researchers discovered a new ransomware group called Cactus, operating since at least March 2023. Cactus steals data and encrypts files like other ransomware operations but uses a different method to avoid detection. Cactus, according to researchers,… Continue Reading

Top 7 Must-watch Talks at RSA Conference 2023
May 5, 2023

Top 7 Must-watch Talks at RSA Conference 2023

The RSA Conference 2023 is set to be one of the biggest and most exciting cybersecurity events of the year. With over 500 sessions scheduled, attendees will have plenty of opportunities to learn from some of the brightest minds… Continue Reading

Cyber Attackers Continue Threatening Education and Healthcare Organizations
May 5, 2023

Cyber Attackers Continue Threatening Education and Healthcare Organizations

The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and… Continue Reading

The .bank TLD: Benefits and Downsides
May 4, 2023

The .bank TLD: Benefits and Downsides

The world has changed rapidly since the invention of the Internet. One of the most important aspects it affected is using the Internet for banking. According to Forbes, as of 2022, 78% of adults in the U.S. prefer… Continue Reading

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
May 4, 2023

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices

Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian Government Computer Emergency Response Team… Continue Reading

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks
May 3, 2023

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks

[May 4, 2023] Update: Brightline, a mental health provider, was among the organizations targeted by the Clop ransomware group in March. Read the subheading "Data Breach of Brightline Impacts Over 780K Patients." The Department of Health… Continue Reading

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads
May 3, 2023

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads

Cybersecurity researchers have discovered a new malware, called 'LOBSHOT,' distributed through Google ads. This malware allows cybercriminals to take over infected Windows devices by using hVNC. The hVNC is a type of VNC remote access… Continue Reading

Dark Web Profile: BlackByte Ransomware
May 2, 2023

Dark Web Profile: BlackByte Ransomware

Ransomware has been one of the most glaring threats against organizations in recent years. Since 2021 SOCRadar has detected around 5,600 ransomware attacks. There was a rise from 2021 to 2022 in the number of attacks… Continue Reading

May 2, 2023

SOCRadar Technical Whitepaper: ‘Snapshot of 70 Million Stealer Logs’

SOCRadar's first technical white paper is out! Here are some highlights: Threat actors created fake data to increase the number of records.  Stealer software commonly runs in the Downloads folder and AppData/temp directories.  Corporate credentials… Continue Reading

Global Malverposting Campaign Infecting Over 500,000 Devices
May 2, 2023

Global Malverposting Campaign Infecting Over 500,000 Devices

A global malverposting campaign that has been ongoing for the past three months has been traced back to a Vietnamese threat actor.  Malverposting is the practice of distributing malware to a large number of people through promoted social… Continue Reading

May 2, 2023

Salesforce Credentials Leak, Admin, and Webshell Access Sales, Partnership Announcements

We are experiencing a period in which threat actors are increasingly outsourcing and growing the cybercrime network. SOCRadar researchers have previously addressed these issues in their initial access and vulnerability brokers articles. The larger this network, the easier attackers… Continue Reading

An Inherent Weakness: Critical Infrastructures in Gulf Countries
April 28, 2023

An Inherent Weakness: Critical Infrastructures in Gulf Countries

One of the most devastating cyberattacks on critical infrastructure was the Colonial Pipeline attack in the United States in May 2021. This attack caused chaos nationwide and was considered a national security threat affecting consumers, airlines, and public transportation. … Continue Reading

Active Exploitation of Serious Vulnerabilities in PaperCut, Veeam, and TP-Link
April 28, 2023

Active Exploitation of Serious Vulnerabilities in PaperCut, Veeam, and TP-Link

[Update] May 15, 2023: The Bl00dy Ransomware gang has started exploiting the CVE-2023-27350 vulnerability. Added the subheading: “Bl00dy Ransomware Exploits PaperCut RCE in Education Industry.” [Update] May 9, 2023: State-sponsored threat actors named Mint Sandstorm… Continue Reading

Dark Web Profile: LockBit 3.0 Ransomware
April 27, 2023

Dark Web Profile: LockBit 3.0 Ransomware

The frequency of ransomware attacks is on the rise every year. A single group, the LockBit Ransomware Group, is accountable for over one-third of all ransomware attacks in the latter half of the previous year, the… Continue Reading

Apache Superset's Default Configuration Vulnerability Could Lead to RCE
April 27, 2023

Apache Superset’s Default Configuration Vulnerability Could Lead to RCE

Developers of Apache Superset, an open-source data visualization software, have released patches to fix a vulnerability in the default configuration settings. The vulnerability, identified as CVE-2023-27524, has a high severity CVSS score of 8.9. An unauthenticated attacker who… Continue Reading

AI vs. AI: Future of the Cybersecurity Battles
April 26, 2023

AI vs. AI: Future of the Cybersecurity Battles

Attacks and security solutions tailored with the help of artificial intelligence (AI) have become a trending subject in the security industry as AI bots continue to improve. The power of AI has initiated an arms… Continue Reading

Severe SLP Vulnerability Could Lead to Large DDoS Amplification Attacks
April 26, 2023

Severe SLP Vulnerability Could Lead to Large DDoS Amplification Attacks

A new high-severity vulnerability was discovered, affecting Service Location Protocol (SLP). The vulnerability could allow attackers to launch massive volumetric denial-of-service (DoS) attacks, which could be amplified up to 2,200 times. Researchers state that the vulnerability, identified as CVE-2023-29552 (CVSS… Continue Reading

PyPI Packages Found Distributing Payloads in WhiteSnake Malware Campaign
April 25, 2023

PyPI Packages Found Distributing Payloads in WhiteSnake Malware Campaign

Security researchers recently uncovered a new malware payload in the PyPI repository for Python packages. The payload, written in C#, raised concerns about the possibility of cross-language malware attacks. Security researchers at JFrog discovered 22 malicious packages containing the… Continue Reading

AWS S3 Bucket Takeover Vulnerability: Risks, Consequences, and Detection
April 25, 2023

AWS S3 Bucket Takeover Vulnerability: Risks, Consequences, and Detection

As the amount of data companies possesses grow, their costs can be optimized more efficiently. Thanks to the emergence of storage technologies, such as AWS S3, that meet business and compliance requirements and their user-friendly… Continue Reading

April 24, 2023

New Victims of BlackCat and LockBit, Gentex Data Breach, and Education Institution Access Sales

Powered by DarkMirror™ Ransomware is on the headlines again in SOCRadar's weekly dark web summary. Well-known cybercrime gangs LockBit and BlackCat (ALPHV) continue their attacks. The BlackCat ransomware gang announced that they attacked Western Digital… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo