Blog

Latest articles from SOCRadar

Apache HTTP Server Vulnerability CVE-2023-25690: PoC Available
May 26, 2023

Apache HTTP Server Vulnerability CVE-2023-25690: PoC Available

The Apache Foundation announced on March 7, 2023, that they had addressed CVE-2023-25690 in Apache HTTP Server 2.4.56. The fix, implemented on March 5, prevents control characters from being included in a proxied request. This vulnerability had a CVSS score… Continue Reading

Luxottica Data Leak Exposes Over 70M Customers' Data
May 25, 2023

Luxottica Data Leak Exposes Over 70M Customers’ Data

Luxottica, the world's largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums. The major brands Luxottica owns include… Continue Reading

Cloud Threat Actor Spotlight: GUI-vil's Strategies in AWS Compromises
May 24, 2023

Cloud Threat Actor Spotlight: GUI-vil’s Strategies in AWS Compromises

Researchers have been tracking a financially motivated threat group known as GUI-vil (aka p0-LUCR-1), based in Indonesia, which engages in unauthorized cryptocurrency mining. Researchers first observed this threat actor in November 2021, and recently in… Continue Reading

IcedID Macro Attacks Deploy Nokoyawa Ransomware
May 22, 2023

IcedID Macro Attacks Deploy Nokoyawa Ransomware

Malicious actors frequently resort to alternative techniques to gain initial access, such as employing diverse file formats and payloads. It is important to highlight that they still actively use VBA macros embedded within Office documents… Continue Reading

G7: Cybersecurity Reflections
May 18, 2023

G7: Cybersecurity Reflections

The G7 Cybersecurity Summit 2023 is just around the corner and is being held in Hiroshima, Japan, which is a city that was devastated by an atomic bomb attack in 1945, now serves as a… Continue Reading

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)
May 18, 2023

Vulnerability in KeePass Password Manager Permits Retrieving Master Password (CVE-2023-32784)

A vulnerability in the open-source password manager tool KeePass could allow retrieval of the master password. The vulnerability tracked as CVE-2023-32784 has a proof-of-concept (PoC) exploit available before its patch. The KeePass 2.X branch for… Continue Reading

Network Devices Under Threat: Mustang Panda Targets TP-Link Routers, Critical Teltonika Vulnerabilities
May 17, 2023

Network Devices Under Threat: Mustang Panda Targets TP-Link Routers, Critical Teltonika Vulnerabilities 

The attacks targeting European foreign affairs entities since January 2023 have been attributed to a Chinese cyber espionage group, Mustang Panda. The attackers use a TP-Link firmware implant that contains a backdoor malware called "Horse Shell."… Continue Reading

May 15, 2023

Recent Data Breaches: Capita, Toyota, and Discord 

Data breaches have become increasingly common, with recent incidents impacting companies like Capita, Toyota and Discord, exposing the sensitive information of customers.  Such breaches can have severe financial and reputational consequences, making it essential for… Continue Reading

May 12, 2023

Essential Addons for Elementor WordPress Plugin Allows Privilege Escalation (CVE-2023-32243)

A popular WordPress plugin called Essential Addons for Elementor has a security vulnerability, tracked as CVE-2023-32243, which could allow hackers to gain administrator privileges on affected websites. The plugin, which has over one million active… Continue Reading

May 11, 2023

Scammers Distribute Malware via Verified Account Ads on Facebook

Scamming campaigns frequently involve threat actors impersonating businesses or significant individuals. However, a recent trend of Facebook ad scams has been especially threatening, with scammers potentially infecting a large number of people with malware. Several… Continue Reading

Increased Healthcare Security Breaches in 2022
May 10, 2023

Increased Healthcare Security Breaches in 2022

Data from the US government shows that there has been a significant increase in healthcare security breaches.  At least 125 data breaches of healthcare organizations have been reported since the beginning of April, according to a list… Continue Reading

May 10, 2023

Microsoft’s May 2023 Patch Tuesday Addresses Three Zero-Day Vulnerabilities

Microsoft has released the May 2023 Patch Tuesday update and it addresses 40 security vulnerabilities. The patch addresses six critical vulnerabilities and three zero-day vulnerabilities, two of which are actively exploited. The following is a… Continue Reading

May 10, 2023

Ever-Changing Tactics on Social Engineering

In today's digital age, cyber threats are becoming increasingly common, and one of the most prevalent types of attacks is phishing. Phishing involves tricking people into giving away their personal or confidential information by posing… Continue Reading

Money Message Ransomware Leaks MSI Signing Keys for Intel Boot Guard
May 9, 2023

Money Message Ransomware Leaks MSI Signing Keys for Intel Boot Guard

MSI, a leading Taiwanese PC manufacturer, suffered a ransomware attack last month. The threat actors behind the attack, the Money Message gang, published the company's private code signing keys on a dark website last week for double extortion. In… Continue Reading

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection
May 8, 2023

Cactus Ransomware Employs Unique Encryption Techniques to Avoid Detection

Researchers discovered a new ransomware group called Cactus, operating since at least March 2023. Cactus steals data and encrypts files like other ransomware operations but uses a different method to avoid detection. Cactus, according to researchers,… Continue Reading

Top 7 Must-watch Talks at RSA Conference 2023
May 5, 2023

Top 7 Must-watch Talks at RSA Conference 2023

The RSA Conference 2023 is set to be one of the biggest and most exciting cybersecurity events of the year. With over 500 sessions scheduled, attendees will have plenty of opportunities to learn from some of the brightest minds… Continue Reading

Cyber Attackers Continue Threatening Education and Healthcare Organizations
May 5, 2023

Cyber Attackers Continue Threatening Education and Healthcare Organizations

The recent cyber attacks on Bluefield University and University Urology highlight the increasing risk of cybercrime targeting organizations in the education and healthcare industries. As organizations become more reliant on technology for storing and processing data, they must remain vigilant and… Continue Reading

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
May 4, 2023

Sandworm Attackers Use WinRAR to Wipe Data from Government Devices

Sandworm (UAC-0165), a Russian hacking group, has been linked to an attack on Ukrainian state networks that involved wiping data from government devices using WinRAR, according to an advisory from the Ukrainian Government Computer Emergency Response Team… Continue Reading

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks
May 3, 2023

GoAnywhere MFT Vulnerability Contributes to 91% Increase in Ransomware Attacks

[May 4, 2023] Update: Brightline, a mental health provider, was among the organizations targeted by the Clop ransomware group in March. Read the subheading "Data Breach of Brightline Impacts Over 780K Patients." The Department of Health… Continue Reading

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads
May 3, 2023

LOBSHOT hVNC Malware: A New Threat Distributed Through Google Ads

Cybersecurity researchers have discovered a new malware, called 'LOBSHOT,' distributed through Google ads. This malware allows cybercriminals to take over infected Windows devices by using hVNC. The hVNC is a type of VNC remote access… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo