Latest articles from SOCRadar
Exploitation activity targeting ownCloud with the CVE-2023-49103 vulnerability has been observed, raising concerns within the cybersecurity community. ownCloud, renowned as an open-source file server facilitating secure storage, file-sharing, and collaboration, recently drew attention due to… Continue Reading
Recently, cyberspace has witnessed a surge of activity, particularly within the hacktivist space, traditionally active on Telegram and Twitter. As this landscape becomes increasingly volatile, some hacktivist groups are shifting their focus to traditional web… Continue Reading
The digital transformation of commerce has brought unparalleled convenience and opened the floodgates to an array of cyber threats. SOCRadar's comprehensive E-Commerce Cyber Bible report sheds light on this dark side of digital commerce, offering crucial insights… Continue Reading
Greetings, just like Bitcoin goes up and down momentarily, the Dark Web can go crazy and calm down from time to time. In this issue, the Dark Web events that the SOCRadar team has been… Continue Reading
CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect… Continue Reading
In recent years, the e-commerce industry has become a prime target for cybercriminals, making e-commerce security more critical than ever. According to the SOCRadar report, phishing, credit card fraud, and exploitation of vulnerabilities are the… Continue Reading
Atlassian has urgently issued security advisories for two separate products: Bamboo Data Center and Server, and Crowd Data Center and Server. The announcement states that they have addressed the CVE-2023-22516 vulnerability, which has a CVSS… Continue Reading
Fortinet, a leading cybersecurity provider, has recently issued an advisory for a critical vulnerability impacting its FortiSIEM Report Server. The vulnerability poses a serious risk, potentially allowing remote and unauthenticated attackers to execute malicious commands… Continue Reading
As digital transformation reshapes the education sector, education security in K-12 schools has emerged as a crucial concern. The comprehensive analysis provided by SOCRadar's US Education K-12 Threat Landscape Report emphasizes the growing need for robust cybersecurity… Continue Reading
In the dynamic field of cybersecurity, staying abreast of new vulnerabilities is crucial. The recent discovery of two significant vulnerabilities in the Citrix Hypervisor, a widely used virtualization management tool, underscores this necessity. This blog… Continue Reading
The ALPHV/BlackCat ransomware group, known for their vicious ransomware attacks, has recently taken a surprising action by filing a complaint with the U.S. Securities and Exchange Commission (SEC) against a company they allegedly hacked, MeridianLink,… Continue Reading
SAP, a prominent enterprise software company, has unveiled three new vulnerabilities in its November 2023 Security Patch Day update. The company has also updated security notes for three previously disclosed security vulnerabilities. The most critical… Continue Reading
VMware recently issued an advisory (VMSA-2023-0026) regarding a critical authentication bypass vulnerability in its VMware Cloud Director Appliance (VCD Appliance). Identified as CVE-2023-34060, this vulnerability poses a significant risk with a CVSSv3 score of 9.8,… Continue Reading
Microsoft recently rolled out its Patch Tuesday for November 2023, tackling a total of 63 security vulnerabilities. Of these, three carry a critical rating, and five are identified as zero-day vulnerabilities. Three zero-day vulnerabilities are… Continue Reading
Saudi Arabia, a major player in Middle Eastern geopolitics and global economics, faces significant cybersecurity challenges. With its rapid digital transformation, the region attracts a myriad of cyber threats, impacting national security and organizational operations.… Continue Reading
Last week, OpenVPN Access Server, a widely-used open-source VPN solution, received an update addressing two vulnerabilities, tracked as CVE-2023-46849 and CVE-2023-46850. Although CVSS scores for these vulnerabilities are pending, they can enable attackers to gain… Continue Reading
The Israel-Hamas conflict, which started with the surprise attack of Hamas militants on Israeli territory on October 7, escalated in a very short time with Israel's declaration of war and is continuing. This tragic event,… Continue Reading
Sumo Logic, a cybersecurity company renowned for its expertise in cloud-based log management, analytics, and insights, recently disclosed a security breach. The breach came to light when the company detected unauthorized access to its Amazon… Continue Reading
[Update] November 15, 2023: See the subheadings: “Nuclei Template Now Available, Scan for the SysAid Vulnerability (CVE-2023-47246).” [Update] November 14, 2023: See the subheadings: “CVE-2023-47246 in SysAid Has Been Listed in CISA’s KEV Catalog: Urgent… Continue Reading
QNAP recently published advisories for two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369. These vulnerabilities affect the QTS operating system, QuTS hero, QuTScloud, and several other applications on QNAP NAS (Network-Attached Storage) devices.… Continue Reading