Blog

Latest articles from SOCRadar

APT Group Lazarus Exploits High Severity Flaw in Dell Driver
October 5, 2022

APT Group Lazarus Exploits High Severity Flaw in Dell Driver

The state-sponsored Lazarus group has been using a new strategy called Bring Your Own Vulnerable Driver (BYOVD) attack. The group was observed using a vulnerability in the Dell firmware driver to install a Windows rootkit. The high-severity flaw is tracked… Continue Reading

Optus Confirms Nearly 2.1M Australian Telecom Users' Data was Exposed
October 5, 2022

Optus Confirms Nearly 2.1M Australian Telecom Users’ Data was Exposed  

Optus disclosed a data leak involving nearly 2.1 million customer records. Customers' personal information, including identification numbers, was revealed. The leak was caused by a data breach confirmed by Optus in late September, during which they were double… Continue Reading

Top 20 Cybersecurity Podcasts You Must Follow in 2022
October 4, 2022

Top 20 Cybersecurity Podcasts You Must Follow in 2022

Every day brings new trends and threats with it. To keep yourself, your devices, and your business safe, it is advisable to be aware of changes in the cyber landscape. Podcasts are a simple and effective… Continue Reading

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware
October 4, 2022

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware  

The Comm100 Live Chat application was subject to a supply chain attack in the very last days of September. A trojanized installer was used in the attack, which led to the distribution of a JavaScript… Continue Reading

Ransomware Gangs Targeting US Critical Infrastructure
October 3, 2022

Ransomware Gangs Targeting US Critical Infrastructure

Last week, notorious ransomware gangs made a splash again by targeting US critical infrastructures. One of the threat actors that victimized the defense and education sectors were the BlackCat group, also known as ALPHV, and… Continue Reading

SolarMarker Distributes Malware Via Fake Chrome Updates
October 3, 2022

SolarMarker Distributes Malware Via Fake Chrome Updates

Threat actors related to SolarMarker strike with watering hole attacks as a new method of delivering malware rather than the previously used SEO poisoning method. In this new approach, they used fake Google Chrome updates… Continue Reading

Threat Actors Exploit Unpatched Microsoft Exchange Zero-Days
September 30, 2022

Threat Actors Exploit Unpatched Microsoft Exchange Zero-Days (ProxyNotShell)

Security experts caution about actively exploited zero-day vulnerabilities in Microsoft Exchange servers. The flaws could allow remote code execution in fully patched servers.  The two flaws are tracked by Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8)… Continue Reading

Brute Ratel C4 Toolkit Gets Cracked and Distributed Online
September 29, 2022

Brute Ratel C4 Toolkit Gets Cracked and Distributed Online

The cracked version of Brute Ratel C4 (BRC4) is currently being distributed on hacker platforms for free. Posts spreading it have been seen in multiple hacking forums and Telegram and Discord channels. Post about cracked… Continue Reading

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking
September 28, 2022

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking

WhatsApp's September security update fixes two high-severity flaws that could result in remote code execution. The flaws affect WhatsApp and WhatsApp Business versions before 2.22.16.12 in iOS and Android operating systems.  To see which version is currently… Continue Reading

Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information
September 28, 2022

Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information

Hackers frequently look for ways to trick users and organizations, as the weakest link in security is the human factor. This makes phishing one of the most common entry attacks. During the last two months,… Continue Reading

Exmatter Tool Provides a New Strategy for Extortion
September 27, 2022

Exmatter Tool Provides a New Strategy for Extortion

Data exfiltration malware Exmatter, previously associated with the BlackMatter ransomware gang, now has data corruption capabilities. This could signify a new strategy ransomware affiliates may use in the future. Although BlackMatter affiliates have been using… Continue Reading

Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware
September 27, 2022

Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware

Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen using the method… Continue Reading

FARGO Ransomware Targets Vulnerable Microsoft SQL Servers
September 26, 2022

FARGO Ransomware Targets Vulnerable Microsoft SQL Servers

Microsoft SQL database servers are the target of a new ransomware attack campaign called FARGO ransomware. FARGO, also known as TargetCompany, aims to double-extort victims.  This year's ransomware attacks against MS-SQL instances included dropping Cobalt Strike… Continue Reading

Sophos Firewall Patch Released for Actively Exploited Critical Zero-Day RCE Vulnerability
September 26, 2022

Sophos Firewall Patch Released for Actively Exploited Zero-Day RCE Vulnerability

Sophos released a patch for a flaw discovered in their firewall product. Tracked as CVE-2022-3236 (CVSS score: 9.8), the vulnerability allows code injection in the User Portal and Webadmin components, which could result in remote code execution.… Continue Reading

A New Attack Wave Targeting Critical Magento Vulnerability
September 23, 2022

A New Attack Wave Targeting Critical Magento Vulnerability

E-commerce platform Magento has become a frequent target for hackers. More attempts have been made to exploit CVE-2022-24086 since its proof-of-concept was made available. The critical vulnerability is present in Magento 2, and it allows unauthenticated attackers to execute… Continue Reading

CISA Urges to Patch ManageEngine Against RCE Vulnerability
September 23, 2022

CISA Urges to Patch ManageEngine Against RCE Vulnerability

CISA has added a new critical vulnerability to its Known Exploited Vulnerabilities Catalog. The flaw exists in several ManageEngine products from Zoho and can lead to remote code execution on unpatched instances. The flaw, identified as CVE-2022-35405,… Continue Reading

Python Flaw Unfixed for 15 Years: 350,000 Projects Deemed Vulnerable
September 22, 2022

Python Flaw Unfixed for 15 Years: 350,000 Projects Deemed Vulnerable

A flaw in the Python tarfile module has gone unfixed for 15 years. 350,000 open-source projects are considered vulnerable. The flaw is tracked as CVE-2007-4559; it is a directory traversal vulnerability that allows to read and… Continue Reading

Threat Actors Exploit Atlassian Confluence RCE Vulnerability to Install Crypto Miners
September 22, 2022

Threat Actors Exploit Atlassian Confluence RCE Flaw to Install Crypto Miners

Unpatched Atlassian Confluence Server instances are vulnerable to a critical RCE flaw. The flaw, tracked as CVE-2022-26134 (CVSS score: 9.8), is actively exploited by hackers for crypto mining purposes.  The vulnerability, once exploited, could result in various attack… Continue Reading

$162M Stolen from Digital Asset Trader Wintermute
September 21, 2022

$162M Stolen from Digital Asset Trader Wintermute

Evgeny Gaevoy, the CEO of Wintermute, said earlier today that the company had been hacked and had lost $162.2 million in DeFi operations.  The Profanity tool was used to create the compromised Wintermute wallet. Wintermute… Continue Reading

Cobalt Strike Rolls Out an Update for XSS Vulnerability
September 21, 2022

Cobalt Strike Rolls Out an Update for XSS Vulnerability

Cobalt Strike 4.7.1 out-of-band update fixed an issue in version 4.7 that the affected users reported. There was no workaround for the problem. A vulnerability revealed soon after the 4.7 release was also addressed by… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo