Blog

Latest articles from SOCRadar

Top 5 Phishing Resources for SOC Teams
July 6, 2022

Top 5 Phishing Resources for SOC Teams

Phishing is a cyber-attack in which attackers defraud their victims through email, text messaging, phone calls, or websites. Attackers redirect their victims to well-crafted fake websites or malicious links using technics like social engineering. Passwords, financial information,… Continue Reading

RedAlert Ransomware Targets Windows and Linux VMware ESXi Servers
July 6, 2022

RedAlert Ransomware Targets Windows and Linux VMware ESXi Servers

RedAlert is a new ransomware operation aiming to encrypt Windows and Linux VMWare ESXi servers on corporate networks using the NTRUEncrypt public-key encryption algorithm. The ransomware is named after a string in the ransom text,… Continue Reading

AstraLocker Shut Down Their Operations and Released Decryptor
July 6, 2022

AstraLocker Shut Down Their Operations and Released Decryptor

A ransomware gang AstraLocker, recently announced they are shutting down their operations and shared decryptors related to all the campaigns in the past. According to news from BleepingComputer, developer of the ransomware announces s/he done… Continue Reading

Top 5 Tactics Threat Actors Use for Initial Access
July 5, 2022

Top 5 Tactics Threat Actors Use for Initial Access

A short while ago, combined security advice released by several national cybersecurity agencies highlighted the top ten attack vectors most used by threat actors to access networks. Threat actors take advantage of outdated systems, external… Continue Reading

What are DevOps, DevSecOps, and Rugged DevOps?
July 4, 2022

What are DevOps, DevSecOps, and Rugged DevOps?

We are hearing these two buzzwords, DevSecOps and DevOps, more frequently. For example, Gartner predicts DevSecOps will reach mainstream adoption within two to five years, which means that we will hear about them even more… Continue Reading

Hundreds of Windows Networks are Infected with Raspberry Robin Worm
July 4, 2022

Hundreds of Windows Networks are Infected with Raspberry Robin Worm

Microsoft reported that hundreds of businesses' networks have already been compromised by the Windows worm Raspberry Robin. Multiple security experts discovered Raspberry Robin in 2021. Microsoft even saw evidence from 2019. Raspberry Robin acts like… Continue Reading

SOCRadar Denmark Threat Landscape Report
July 4, 2022

SOCRadar Denmark Threat Landscape Report: 9 Danish Companies Targeted Every 9 Days

Cybercrime is a threat that closely concerns public authorities, companies, and residents in Denmark, as it is around the world. The fact that threat actors adapt rapidly to the "new normal," improve their skills and… Continue Reading

SOCRadar Singapore Threat Landscape Report: Excessive Increase in Cyberattack Attempts
June 29, 2022

SOCRadar Singapore Threat Landscape Report: Excessive Increase in Cyberattack Attempts

The cyber security agenda is shaken every day with brand new threats and methods developed by malicious actors. We see the effects of the developments in these attack techniques in countries where capital accumulation is intense,… Continue Reading

New Version of Raccoon Stealer Released
June 29, 2022

New Version of Raccoon Stealer Released

The new version of Raccoon Stealer has been released. The first version was first seen in 2019 and served as MaaS (malware-as-a-service.) The malware ceased operations on March 25, following the death of one of… Continue Reading

What is Network Performance Monitoring (NPM)?
June 28, 2022

What is Network Performance Monitoring (NPM)?

Network Performance Monitoring (NPM) is assessing the service quality of a network as experienced by users by measuring, visualizing, monitoring, diagnosing, optimizing, and reporting on it. NPM aims to identify congestion, maximize throughput, and improve… Continue Reading

New Banking Trojan Revive Targets BBVA Customers
June 28, 2022

New Banking Trojan Revive Targets BBVA Customers

The newly emerged Android banking trojan Revive mimics BBVA bank's two-factor authentication app. Although still in early development, the malware is capable of phishing attacks and account takeover via keyloggers. According to Cleafy's research, when the trojan… Continue Reading

Malicious Python Packages Steal AWS Keys
June 27, 2022

Malicious Python Packages Steal AWS Keys

Cybersecurity researchers have discovered that some Python packages available in the PyPI repositories engage in malicious activity. Malicious packets send some sensitive data, including AWS login credentials, to internet-facing endpoints. In May, malicious activities were… Continue Reading

Threat Actors Target VMware Servers by Exploiting Log4Shell Vulnerability
June 24, 2022

Threat Actors Target VMware Servers by Exploiting Log4Shell Vulnerability

The Log4Shell RCE vulnerability with code CVE-2021-44228 continues to be exploited by state-backed threat actors. Attackers utilize the vulnerability to target VMware Horizon and Unified Access Gateway servers. By exploiting the Log4Shell vulnerability, attackers can gain… Continue Reading

How to Protect Yourself Against Shodan, BinaryEdge and ZoomEye? 
June 22, 2022

How to Protect Yourself Against Shodan, BinaryEdge and ZoomEye? 

Have you ever wondered how hackers find the IPs, ports, and services required for their attacks? Some attacks need thousands of host computers to find the vulnerable ones. Hackers do not require sophisticated tools to… Continue Reading

Dark Web Profile: Netwalker Ransomware
June 22, 2022

Dark Web Profile: Netwalker Ransomware

Today, with the effects of digitalization, most of the information is stored online. This situation creates a vulnerability for organizations because the number of cyberattacks is increasing daily to steal those data. One example of… Continue Reading

NTLM Relay Attack Leads to Windows Domain Takeover
June 21, 2022

NTLM Relay Attack Leads to Windows Domain Takeover

A new DFSCoerce NTLM Relay attack has been discovered on Windows. Threat actors can take over Microsoft Active Directory Certificate Services (AD CS) domains using MS-DFSNM (Microsoft Distributed File System Namespace Management). To take over… Continue Reading

SOCRadar Visiting InfoSecurity Europe 2022
June 20, 2022

SOCRadar Exhibiting Extended Threat Intelligence Solution at InfoSecurity Europe 2022

SOCRadar will be at InfoSecurity Europe, held at London ExCel this week from 21 to 23 June. We are very excited to meet you face to face at our booth V38. Visit us to gain… Continue Reading

BRATA Malware Becomes an Advanced Threat
June 20, 2022

BRATA Malware Becomes an Advanced Threat

Originally a banking trojan, BRATA acquires new capabilities and becomes a more advanced threat. Malware can now be much more effective at stealing user information. Cleafy's analysis shows BRATA's activities are almost identical to APT activity… Continue Reading

DriftingCloud APT Group Exploits Zero-Day In Sophos Firewall
June 17, 2022

DriftingCloud APT Group Exploits Zero-Day In Sophos Firewall

Cybersecurity researchers have revealed that Sophos Firewall has been actively exploited by DriftingCloud APT group since early March. Apparently, the attacks started long before the CVE-2022-1040 vulnerability was patched, affecting v18.5 and older versions of… Continue Reading

Cisco Fixed Critical Authentication Bypass Vulnerability Affecting Some Products
June 16, 2022

Cisco Fixed Critical Authentication Bypass Vulnerability Affecting Some Products

Cisco fixed a vulnerability discovered in the external authentication functionality of Secure Email and Web Manager. The vulnerability could allow threat actors to bypass authentication and log on to the web. The vulnerability tracked as… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo