Latest articles from SOCRadar
Whether you work at a startup or in the information security department of a well-established company, you need to attend cybersecurity events to meet with the world's leading cybersecurity experts and vendors. These events, where… Continue Reading
LockBit ransomware gang claimed that they had stolen Mandiant's data. The gang posted a countdown on their data leak site earlier today. They claimed to have hacked the cybersecurity company and stolen 356,841 files from their network. LockBit's… Continue Reading
After it was disclosed that the RCE vulnerability with the code CVE-2022-26134, which affects Atlassian Confluence and Data Center servers, was exploited by multiple threat actors, detailed analyzes of the exploit continue to be published.… Continue Reading
Threat hunting is how computer security specialists aggressively seek out and eliminate cyber dangers that have infiltrated their computer network invisibly. Threat hunting is searching for new possible risks and vulnerabilities beyond recognized alerts or malicious… Continue Reading
Verizon has released the 15th Data Breach Investigations Report (DBIR), an in-depth analysis of trends in cyberattacks and data breaches for cybersecurity experts and leaders worldwide. The report includes reviews of around 24,000 cybersecurity incidents that… Continue Reading
According to the 2022 mobile threat landscape analysis published byThreatFabric, ODF (on-device fraud) banking trojans targeting Android devices are widespread, while Spain and Turkey are at the center of malware campaigns. The other most targeted countries are Poland, Australia,… Continue Reading
The Follina zero-day vulnerability in Microsoft Office allows threat actors to perform remote code execution. Cybersecurity researchers discovered the vulnerability when the Word document "05-2022-0438.doc" was uploaded to VirusTotal from an IP address in Belarus. Independent… Continue Reading
GitHub has announced that 100,000 npm user information was stolen through OAuth tokens linked to Heroku and Travis CI. It was previously stated that there was a security breach in mid-April, but detailed information was not… Continue Reading
REvil is a ransomware hacking group, as its name suggests -REvil = "ransomware" + "evil"-. This ransomware group is thought to be centered in Russia. It is also named "Sodinokibi." Who is REvil? Their work… Continue Reading
Vulnerability-related PoC has been published that allows threat actors to bypass authentication across multiple VMware products. VMware previously shared patches for the vulnerability. VMware issued a security advisory on May 18, 2022, for vulnerabilities affecting Workspace ONE… Continue Reading
Ransomware attacks marked 2021 and continue to make a splash in 2022. We've compiled some interesting information about this type of attack that has frightened financial institutions, government agencies, and even NGOs worldwide. We know how… Continue Reading
What is a Domain Name System (DNS)? The Domain Name System, or DNS, is a naming database that locates and translates internet domain names into IP addresses, similar to a phone’s contact list. Web browsing… Continue Reading
Attacks such as phishing, business e-mail compromise (BEC), and malware infection, which are among the fraud activities, increasingly pose a serious threat to organizations. The numbers in the "Phishing Activity Trends Reports" of the last quarter… Continue Reading
According to a post on Reddit, evidence was presented that the CTX module in the Python package repositories is performing malicious activity. It is known that the CTX module was updated again after seven years,… Continue Reading
The reconnaissance and espionage campaign of the Russia-linked Turla hacker group against the Austrian Economic Chamber, Baltic Defense College, and NATO's Joint Advanced Distributed Learning (JDAL) platform has emerged. Experts think that the recent economic… Continue Reading
Karakurt has extorted sensitive data from nearly 40 different organizations within a year, a Russian-originated cybercriminal organization. So what is the cause of the group's "success," and who are they? Karakurt: A Ransomware Gang or… Continue Reading
The Conti ransomware gang had taken its infrastructure offline and ceased operations. According to the news of Advanced Intel's Yelisey Boguslavskiy, the Tor admin panel, where Conti held the ransom negotiations and published new data leak… Continue Reading
The rise of working from home and access to cloud services and the expansion of businesses have increased attack surfaces. The attack surface is all hardware, software, and cloud assets that process or store information with access… Continue Reading
Threat intelligence feeds on such a broad spectrum that sometimes you'd be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the… Continue Reading
The critical VMware vulnerability with code CVE-2022-22954 was discovered to be used by threat actors for remote code execution in botnet and Log4Shell-driven attacks. Although VMware has announced that the vulnerability has been fixed, cyber-attacks continue… Continue Reading