Blog

Latest articles from SOCRadar

Secure Your Cloud Environment: 5 Best Practices
January 3, 2023

Secure Your Cloud Environment: 5 Best Practices

With the increasing adoption of cloud computing, cloud security has become a major concern for businesses that rely on cloud-based services to store, process, and manage their data. Cloud computing is a model for delivering computing services… Continue Reading

10 Questions to ChatGPT: How It Can Change Cybersecurity
January 3, 2023

10 Questions to ChatGPT: How It Can Change Cybersecurity

This blog is written with the help of OpenAI's ChatGPT. In November 2022, OpenAI -an Artificial Intelligence research and deployment company- released its chatbot, the ChatGPT. With the release, ChatGPT attracted the entire world's attention, and people… Continue Reading

Dark Web Profile: MuddyWater APT Group
January 2, 2023

Dark Web Profile: MuddyWater APT Group

By SOCRadar Research Security concerns grow day by day with the rise of cyberattacks. Among the threats, cyber espionage is one of the prominent activities. It can be used to get a hold of sensitive or classified… Continue Reading

4 Lessons Learned from Supply Chain Attacks in 2022
December 28, 2022

4 Lessons Learned from Supply Chain Attacks in 2022

At the BlackBerry Security Summit in 2022, four-fifths of IT decision-makers said they had been notified of an attack or vulnerability in their supply chain within the year. 77% of organizations stated that they had detected the… Continue Reading

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
December 28, 2022

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks

In late November, security researchers found a critical vulnerability in Yith's WooCommerce Gift Cards plugin. Attackers can gain remote code execution through the vulnerability, identified as CVE-2022-45359 (CVSS score: 9.8), and ultimately take over WordPress websites. The Yith… Continue Reading

Gartner Recognizes SOCRadar as an EASM Vendor in Hype Cycle for Endpoint Security Report
December 26, 2022

Gartner Recognizes SOCRadar as an EASM Vendor in Hype Cycle for Endpoint Security Report

Gartner's report with comprehensive analysis and insights for endpoint security has been published. The Hype Cycle for Endpoint Security report aims to give organizations a perspective on why they should invest in these cybersecurity solutions while… Continue Reading

CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification
December 26, 2022

CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification

The Kyverno admission controller for container images has been found to have a high-severity security vulnerability. The vulnerability could let attackers introduce malicious code into cloud production environments.  Users can define and enforce policies for their cluster and… Continue Reading

December 26, 2022

The Week in Dark Web – 26 December 2022 – Data Leaks and Access Sales

Powered by DarkMirror™ We're in the last week of the year. Most of us have already gone to visit our loved ones for a holiday. When thinking, "Oh, now I can get some relief," threat… Continue Reading

All You Need to Know About the Linux Kernel ksmbd Remote Code Execution (ZDI-22-1690) Vulnerability
December 24, 2022

All You Need to Know About the Linux Kernel ksmbd Remote Code Execution (ZDI-22-1690) Vulnerability

Five new vulnerabilities, one of which has a severity rating of 10 according to the Common Vulnerability Scoring System (CVSS), have been announced by the Zero Day Initiative (ZDI). What is the ZDI-22-1690 Vulnerability? The… Continue Reading

December 24, 2022

400 Million Twitter Users Data Allegedly Breached for Extortion 

On December 23, 2022, a threat actor shared a post on a dark web forum monitored by SOCRadar, claiming to possess 400 million Twitter user data. While sharing some samples, the adversary states that Elon… Continue Reading

Top 10 Targeted Industries and Countries in 2022
December 23, 2022

Top 10 Targeted Industries and Countries in 2022

No matter the industry, cyberattacks can cause various problems, ranging from minor disruptions to significant losses or, even worse, lawsuits against your organization. Threat actors could target a business in any industry in hopes of… Continue Reading

AWS Elastic IP Transfer Feature Could Be Exploited in Attacks
December 23, 2022

AWS Elastic IP Transfer Feature Could Be Exploited in Attacks

Researchers have discovered a new security risk to a recently added feature in Amazon Web Services (AWS).  Elastic IP transfer, an Amazon Virtual Private Cloud feature, is the attack vector. Moving Elastic IP addresses between AWS accounts is… Continue Reading

Increasing Cyberattacks Targeting the Gaming Industry in 2022
December 22, 2022

Increasing Cyberattacks Targeting the Gaming Industry in 2022

By SOCRadar Research The gaming industry has recently emerged as a preferred target for cyberattacks. The industry is constantly growing, with new platforms and products appearing daily. Changes in the social structure and globally unexpected circumstances like… Continue Reading

Top 10 Cyber Incidents in 2022
December 22, 2022

Top 10 Cyber Incidents in 2022

2022 was a year in which everyone worked to overcome the COVID-19 pandemic and a year in which threat actors simply tried to profit more from it. Threat actors have also been encouraged by national crises like… Continue Reading

Why Have Central Banks Become the Target of Cyber Threat Actors?
December 21, 2022

An Analysis of Central Banks Hackings: Who is Next?

By SOCRadar Research Critical infrastructures are the basis for the functioning of the countries' system, and they are essential to continue the country's operations, such as financial services, education, public health, food and agriculture, military, and… Continue Reading

Reports of ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
December 21, 2022

Reports of ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)

According to reports, the zero-day vulnerabilities CVE-2022-41040 and CVE-2022-41082, dubbed ProxyNotShell, are still being actively exploited. Researchers published proof-of-concept (PoC) details after Microsoft patched the vulnerabilities in October Patch Tuesday. Since the patch, the attackers still target vulnerable MS Exchange Server… Continue Reading

5 Lessons Learned from Healthcare Industry Cyberattacks in 2022
December 20, 2022

5 Lessons Learned from Healthcare Industry Cyberattacks in 2022

By SOCRadar Research Like other critical infrastructures, the healthcare industry is frequently targeted by cyberattacks. The attacks in the healthcare vertical have begun to increase in recent years due to security vulnerabilities triggered by changes… Continue Reading

Top 10 Data Leaks in 2022
December 20, 2022

Top 10 Data Leaks in 2022

Threat actors need sensitive information to carry out most of their malicious activity. They typically obtain the information by conducting various cyberattacks or simply gathering it from unprotected platforms, accounts, or databases.  When an attacker… Continue Reading

December 19, 2022

The Week in Dark Web – 19 December 2022 – Access Sales and Leaks

Powered by DarkMirror™ Threat actors always search for something profitable for their malicious activities, whether a government institute or a company from any industry. The most precious thing for them is personal data, even outdated… Continue Reading

Veeam Fixes Critical Vulnerabilities in Backup & Replication Software (CVE-2022-26500 & CVE-2022-26501)
December 19, 2022

Veeam Fixes Critical Vulnerabilities in Backup & Replication Software (CVE-2022-26500 & CVE-2022-26501)

Veeam has recently fixed two security vulnerabilities (CVE-2022-26500 and CVE-2022-26501) in the Backup & Replication software. With critical CVSS ratings of 9.8, the vulnerabilities permit remote code execution, which an attacker could use to take control of a target system.… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo