Blog

Latest articles from SOCRadar

1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations
February 2, 2023

1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations

A new malware has appeared on the frontlines, targeting online Redis servers. The malware, named HeadCrab by researchers, has been active since September 2021. The malware's primary goal is to create a botnet for Monero… Continue Reading

134M Exploit Attempts: Realtek RCE Vulnerability Targeted in Large-Scale Attacks
January 31, 2023

134M Exploit Attempts: Realtek RCE Vulnerability Targeted in Large-Scale Attacks

Threat actors stepped up their efforts to exploit a remote code execution vulnerability in the Realtek Jungle SDK between August and October 2022, according to researchers. A report from Palo Alto Networks noted that the attacks targeting… Continue Reading

Yandex Code Repositories Leaked Allegedly by Former Employee
January 27, 2023

Yandex Code Repositories Leaked Allegedly by Former Employee

Yandex, a Russian technology company and popular search engine, has had its source code repositories leaked on a hacker forum. According to Yandex, the repositories were stolen by a former employee.  The hacker shared a magnet link with 44.7GB of data… Continue Reading

VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight
January 25, 2023

VMware Patches Critical RCE Vulnerabilities in vRealize Log Insight

UPDATE (February 1, 2023): Proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain has been made available by researchers. VMware patched several vulnerabilities found in its vRealize Log Insight appliance. The vulnerabilities are identified as… Continue Reading

Remote Code Execution Vulnerability in Microsoft Teams
January 24, 2023

Remote Code Execution Vulnerability in Microsoft Teams

Researchers discovered an RCE vulnerability in Microsoft Teams during Pwn2Own 2022. The application is used by a wide range of people, including professionals, and an exploit could cause significant harm to its users.  Remote code execution (RCE)… Continue Reading

Attackers Exploit Fortinet Zero-Day CVE-2022-42475 with BoldMove Malware
January 23, 2023

Attackers Exploit Fortinet Zero-Day CVE-2022-42475 with BoldMove Malware

Researchers have discovered a sophisticated new BoldMove malware created specifically to operate on Fortinet's FortiGate firewalls after collecting data related to a recently disclosed zero-day vulnerability in the company's FortiOS SSL-VPN technology.  A threat actor created the malware with a base… Continue Reading

PayPal Reveals Credential Stuffing Attack That Affected 35K Users
January 20, 2023

PayPal Reveals Credential Stuffing Attack That Affected 35K Users

PayPal has disclosed that it was hit by a credential stuffing attack last month. The online payment platform notifies all users whose data has been compromised due to the attack.  Hackers carry out credential stuffing attacks using… Continue Reading

CISA Warns for Vulnerabilities in Industrial Control Systems
January 19, 2023

CISA Warns for Vulnerabilities in Industrial Control Systems (ICS)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about multiple security vulnerabilities in GE Digital, Siemens, Contec, and Mitsubishi Electric products. The agency issued four ICS (Industry Control Systems) advisories for the vulnerabilities on January 17, 2023. The advisories mention… Continue Reading

Threat Actors Use GitHub Codespaces Feature to Distribute Malicious Content
January 18, 2023

Threat Actors Use GitHub Codespaces Feature to Distribute Malicious Content

Since its public release in November 2022, GitHub Codespaces has been a popular environment among developers; however, researchers believe threat actors could also use it to launch attacks. According to researchers, Codespaces has a feature that can be… Continue Reading

January 17, 2023

What Do You Need to Know About the Critical RCE Vulnerability in Zoho’s ManageEngine? (CVE-2022-47966)

CVE-2022-47966, a critical vulnerability in a number of Zoho’s products, allows remote code execution without authentication. The use of a vulnerable third-party dependency called Apache Santuario is the root cause that enables the exploitation of the remote… Continue Reading

Attackers Infected a CircleCI Employee with Malware to Steal Customer Session Tokens
January 16, 2023

Attackers Infected a CircleCI Employee with Malware to Steal Customer Session Tokens

Software provider CircleCI confirmed that a data breach in December resulted in the theft of some of its customers' sensitive information. The breach occurred after an employee's computer was infected with data-stealing malware, which allowed access to the… Continue Reading

Threat Actors Exploit CVE-2022-44877 RCE Vulnerability in CentOS Web Panel
January 13, 2023

Threat Actors Exploit CVE-2022-44877 RCE Vulnerability in CentOS Web Panel (CWP)

Update (16.01.2023): According to data gathered by researchers, the CVE-2022-46169 vulnerability in Cacti saw an increase in exploitation attempts, and the overall number is now less than two dozen. 6,427 Cacti hosts were found to… Continue Reading

Cacti Patched CVE-2022-46169 Critical RCE Vulnerability
January 11, 2023

Cacti Patched CVE-2022-46169 Critical RCE Vulnerability

Cacti patched a critical security flaw to prevent arbitrary code execution on Cacti-running servers.  Cacti is an open-source, web-based network monitoring and graphing tool that offers users a framework for fault management and operational monitoring.  What is… Continue Reading

Ransomware Gangs Leak Large Amounts of Data in Recent Attacks: Hive and Vice Society
January 9, 2023

Ransomware Gangs Leak Large Amounts of Data in Recent Attacks: Hive and Vice Society

Ransomware gangs are known to release stolen data in retaliation if the ransom is not paid after successful encryption. This worsens the victim's situation and exposes sensitive information to anyone on the internet. Recent ransomware data leaks… Continue Reading

200M+ Twitter Users' Email Addresses and 250M+ Deezer Users' Information Leaked Online
January 5, 2023

200M+ Twitter Users’ Email Addresses and 250M+ Deezer Users’ Information Leaked Online

On a well-known hacker forum, a data leak containing the email addresses of 235 million Twitter users was made public.  Data from 5.4 million Twitter users collected from numerous threat actors and combined with information from other breaches were… Continue Reading

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products
January 4, 2023

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products

Taiwanese NAS device manufacturer Synology has released a security update to address a critical vulnerability with a CVSS score of 10. The vulnerability, tracked as CVE-2022-43931, affects Synology router products that can be set up as VPN servers to… Continue Reading

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks
December 28, 2022

RCE Vulnerability (CVE-2022-45359) in Yith WooCommerce Gift Cards Plugin Exploited in Attacks

In late November, security researchers found a critical vulnerability in Yith's WooCommerce Gift Cards plugin. Attackers can gain remote code execution through the vulnerability, identified as CVE-2022-45359 (CVSS score: 9.8), and ultimately take over WordPress websites. The Yith… Continue Reading

CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification
December 26, 2022

CVE-2022-47633 Vulnerability Allows Attackers to Bypass Kyverno Signature Verification

The Kyverno admission controller for container images has been found to have a high-severity security vulnerability. The vulnerability could let attackers introduce malicious code into cloud production environments.  Users can define and enforce policies for their cluster and… Continue Reading

All You Need to Know About the Linux Kernel ksmbd Remote Code Execution (ZDI-22-1690) Vulnerability
December 24, 2022

All You Need to Know About the Linux Kernel ksmbd Remote Code Execution (ZDI-22-1690) Vulnerability

Five new vulnerabilities, one of which has a severity rating of 10 according to the Common Vulnerability Scoring System (CVSS), have been announced by the Zero Day Initiative (ZDI). What is the ZDI-22-1690 Vulnerability? The… Continue Reading

December 24, 2022

400 Million Twitter Users Data Allegedly Breached for Extortion 

On December 23, 2022, a threat actor shared a post on a dark web forum monitored by SOCRadar, claiming to possess 400 million Twitter user data. While sharing some samples, the adversary states that Elon… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo