Blog

Latest articles from SOCRadar

Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket
October 19, 2022

Sensitive Data of 65,000+ Entities in 111 Countries Leaked due to a Single Misconfigured Data Bucket

SOCRadar has detected that sensitive data of 65,000 entities became public because of a misconfigured server. The leak includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally… Continue Reading

New Alchimist Framework Targets Windows, macOS, and Linux Systems
October 14, 2022

New Alchimist Framework Targets Windows, macOS, and Linux Systems

Researchers discovered a new post-exploit C2 framework by the name of Alchimist. The framework targets devices using Windows, Linux, and Mac operating systems; and is possibly already being used.  Alchimist can be used by attackers with… Continue Reading

SAP Fixes Critical Vulnerabilities in Commerce and Manufacturing Execution Products
October 13, 2022

SAP Fixes Critical Vulnerabilities in Commerce and Manufacturing Execution Products

SAP published its Security Patch Day document for October 2022. Five new high-severity security notes and one update, including three that address BusinessObjects information disclosure vulnerabilities and one that addresses a buffer overflow in SAP SQL Anywhere… Continue Reading

Aruba Released Patch for EdgeConnect's Critical RCE and Auth Bypass Vulnerabilities
October 13, 2022

Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities

Aruba released security updates to fix several critical vulnerabilities. The vulnerabilities were found in its popular WAN management tool, EdgeConnect Enterprise Orchestrator. Successful exploitation could let a remote attacker access systems and execute commands.  Affected products:  EdgeConnect… Continue Reading

Microsoft October Patch Tuesday Fixes Actively Exploited Zero Day and 13 Critical Flaws
October 12, 2022

Microsoft October Patch Tuesday Fixes Actively Exploited Zero Day and 13 Critical Flaws

Microsoft Patch Tuesday for this month fixes a total of 84 vulnerabilities, including an actively exploited zero-day flaw. All the vulnerabilities are high-severity, with 13 critical ones that could lead to remote code execution, privilege escalation, or… Continue Reading

Critical RCE Vulnerability with Max CVSS Score in VM2 Sandbox Library
October 12, 2022

Critical RCE Vulnerability with Max CVSS Score in VM2 Sandbox Library

A critical vulnerability in vm2 might let a remote attacker bypass the sandbox environment and execute shell commands on the device hosting the sandbox.  To reduce the possibility that malicious code will harm the host machine it… Continue Reading

Fortinet Critical Authentication Bypass Vulnerability Exploited in the Wild
October 11, 2022

What Do You Need to Know About Fortinet Critical Authentication Bypass Vulnerability (CVE-2022-40684)?

1. What are the CVE details and severity status of vulnerabilities?  Last week, Fortinet patched a severe authentication bypass vulnerability. The company confirmed after the patch that the vulnerability is being exploited in the wild. The CVE-2022-40684(CVSS score: 9.6)… Continue Reading

BidenCash Carding Shop Returns With a Larger Credit Card Dump
October 10, 2022

BidenCash Carding Shop Returns With a Larger Credit Card Dump

BidenCash carding shop released another advertisement dump, including information on 1,221,551 credit cards. The dump is available to anyone for free. BidenCash dump download page Last month, BidenCash launched new domains in response to distributed denial-of-service… Continue Reading

Unpatched RCE Vulnerability in Zimbra Actively Exploited
October 10, 2022

Unpatched RCE Vulnerability in Zimbra Actively Exploited

Threat actors actively exploit Zimbra Collaboration Suite in the wild due to an unpatched vulnerability. Tracked as CVE-2022-41352 (CVSS score: 9.8), the vulnerability allows remote code execution. The vulnerability is initiated when Amavis, Zimbra's antivirus engine, employs the cpio method to scan… Continue Reading

Eternity Threat Group Distributing Multifunctional LilithBot Malware
October 7, 2022

Eternity Threat Group Distributing Multifunctional LilithBot Malware

LilithBot, a multipurpose malware sample, was found by ThreatLabz. Further investigation indicated that malware was connected to the Eternity group (also known as EternityTeam or Eternity Project), a threat organization related to the Russian Jester… Continue Reading

Cisco Patched High Severity Vulnerabilities in Some Products
October 7, 2022

Cisco Patched High Severity Vulnerabilities in Some Products

Cisco released an advisory to announce fixes for two high-severity vulnerabilities. The vulnerabilities could allow a remote hacker to perform cross-site request forgery (CSRF) attacks or bypass SSL server certificate validation. The flaws, tracked as CVE-2022-20814 and CVE-2022-20853, can… Continue Reading

New Spyware RatMilad Targets Middle Eastern Mobile Devices
October 6, 2022

New Spyware RatMilad Targets Middle Eastern Mobile Devices

RatMilad, a newly discovered Android spyware, has been stealing data from mobile devices in the Middle East. The malware is spread through links on social media and pretends to be applications for services like VPN and phone number… Continue Reading

Microsoft SQL Servers Infected by the New Malware: Maggie
October 6, 2022

Microsoft SQL Servers Infected by the New Malware: Maggie

Maggie has emerged as a brand-new malware. The backdoor has already spread to hundreds of computers and is specifically designed to attack Microsoft SQL servers. DCSO CyTec analysts found the Maggie malware, and data shows… Continue Reading

APT Group Lazarus Exploits High Severity Flaw in Dell Driver
October 5, 2022

APT Group Lazarus Exploits High Severity Flaw in Dell Driver

The state-sponsored Lazarus group has been using a new strategy called Bring Your Own Vulnerable Driver (BYOVD) attack. The group was observed using a vulnerability in the Dell firmware driver to install a Windows rootkit. The high-severity flaw is tracked… Continue Reading

Optus Confirms Nearly 2.1M Australian Telecom Users' Data was Exposed
October 5, 2022

Optus Confirms Nearly 2.1M Australian Telecom Users’ Data was Exposed  

Optus disclosed a data leak involving nearly 2.1 million customer records. Customers' personal information, including identification numbers, was revealed. The leak was caused by a data breach confirmed by Optus in late September, during which they were double… Continue Reading

Top 20 Cybersecurity Podcasts You Must Follow in 2022
October 4, 2022

Top 20 Cybersecurity Podcasts You Must Follow in 2022

Every day brings new trends and threats with it. To keep yourself, your devices, and your business safe, it is advisable to be aware of changes in the cyber landscape. Podcasts are a simple and effective… Continue Reading

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware
October 4, 2022

Comm100 Installer Abused in Supply Chain Attack to Distribute Malware  

The Comm100 Live Chat application was subject to a supply chain attack in the very last days of September. A trojanized installer was used in the attack, which led to the distribution of a JavaScript… Continue Reading

Ransomware Gangs Targeting US Critical Infrastructure
October 3, 2022

Ransomware Gangs Targeting US Critical Infrastructure

Last week, notorious ransomware gangs made a splash again by targeting US critical infrastructures. One of the threat actors that victimized the defense and education sectors were the BlackCat group, also known as ALPHV, and… Continue Reading

SolarMarker Distributes Malware Via Fake Chrome Updates
October 3, 2022

SolarMarker Distributes Malware Via Fake Chrome Updates

Threat actors related to SolarMarker strike with watering hole attacks as a new method of delivering malware rather than the previously used SEO poisoning method. In this new approach, they used fake Google Chrome updates… Continue Reading

Threat Actors Exploit Unpatched Microsoft Exchange Zero-Days
September 30, 2022

Threat Actors Exploit Unpatched Microsoft Exchange Zero-Days (ProxyNotShell)

Security experts caution about actively exploited zero-day vulnerabilities in Microsoft Exchange servers. The flaws could allow remote code execution in fully patched servers.  The two flaws are tracked by Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8)… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo