Blog

Latest articles from SOCRadar

Brute Ratel C4 Toolkit Gets Cracked and Distributed Online
September 29, 2022

Brute Ratel C4 Toolkit Gets Cracked and Distributed Online

The cracked version of Brute Ratel C4 (BRC4) is currently being distributed on hacker platforms for free. Posts spreading it have been seen in multiple hacking forums and Telegram and Discord channels. Post about cracked… Continue Reading

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking
September 28, 2022

Critical WhatsApp Vulnerabilities Allow Attackers Remote Device Hacking

WhatsApp's September security update fixes two high-severity flaws that could result in remote code execution. The flaws affect WhatsApp and WhatsApp Business versions before 2.22.16.12 in iOS and Android operating systems.  To see which version is currently… Continue Reading

Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information
September 28, 2022

Threat Actors Impersonate GitHub, Zoom, and Cloudflare to Steal User Information

Hackers frequently look for ways to trick users and organizations, as the weakest link in security is the human factor. This makes phishing one of the most common entry attacks. During the last two months,… Continue Reading

Exmatter Tool Provides a New Strategy for Extortion
September 27, 2022

Exmatter Tool Provides a New Strategy for Extortion

Data exfiltration malware Exmatter, previously associated with the BlackMatter ransomware gang, now has data corruption capabilities. This could signify a new strategy ransomware affiliates may use in the future. Although BlackMatter affiliates have been using… Continue Reading

Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware
September 27, 2022

Threat Actors Utilize PowerPoint Files to Distribute Graphite Malware

Threat actors started utilizing PowerPoint presentations as a code execution method and delivering Graphite malware in targeted attacks. APT28 (Fancy Bear), a threat actor group linked to Russia, has recently been seen using the method… Continue Reading

FARGO Ransomware Targets Vulnerable Microsoft SQL Servers
September 26, 2022

FARGO Ransomware Targets Vulnerable Microsoft SQL Servers

Microsoft SQL database servers are the target of a new ransomware attack campaign called FARGO ransomware. FARGO, also known as TargetCompany, aims to double-extort victims.  This year's ransomware attacks against MS-SQL instances included dropping Cobalt Strike… Continue Reading

Sophos Firewall Patch Released for Actively Exploited Critical Zero-Day RCE Vulnerability
September 26, 2022

Sophos Firewall Patch Released for Actively Exploited Zero-Day RCE Vulnerability

Sophos released a patch for a flaw discovered in their firewall product. Tracked as CVE-2022-3236 (CVSS score: 9.8), the vulnerability allows code injection in the User Portal and Webadmin components, which could result in remote code execution.… Continue Reading

A New Attack Wave Targeting Critical Magento Vulnerability
September 23, 2022

A New Attack Wave Targeting Critical Magento Vulnerability

E-commerce platform Magento has become a frequent target for hackers. More attempts have been made to exploit CVE-2022-24086 since its proof-of-concept was made available. The critical vulnerability is present in Magento 2, and it allows unauthenticated attackers to execute… Continue Reading

CISA Urges to Patch ManageEngine Against RCE Vulnerability
September 23, 2022

CISA Urges to Patch ManageEngine Against RCE Vulnerability

CISA has added a new critical vulnerability to its Known Exploited Vulnerabilities Catalog. The flaw exists in several ManageEngine products from Zoho and can lead to remote code execution on unpatched instances. The flaw, identified as CVE-2022-35405,… Continue Reading

Python Flaw Unfixed for 15 Years: 350,000 Projects Deemed Vulnerable
September 22, 2022

Python Flaw Unfixed for 15 Years: 350,000 Projects Deemed Vulnerable

A flaw in the Python tarfile module has gone unfixed for 15 years. 350,000 open-source projects are considered vulnerable. The flaw is tracked as CVE-2007-4559; it is a directory traversal vulnerability that allows to read and… Continue Reading

Threat Actors Exploit Atlassian Confluence RCE Vulnerability to Install Crypto Miners
September 22, 2022

Threat Actors Exploit Atlassian Confluence RCE Flaw to Install Crypto Miners

Unpatched Atlassian Confluence Server instances are vulnerable to a critical RCE flaw. The flaw, tracked as CVE-2022-26134 (CVSS score: 9.8), is actively exploited by hackers for crypto mining purposes.  The vulnerability, once exploited, could result in various attack… Continue Reading

$162M Stolen from Digital Asset Trader Wintermute
September 21, 2022

$162M Stolen from Digital Asset Trader Wintermute

Evgeny Gaevoy, the CEO of Wintermute, said earlier today that the company had been hacked and had lost $162.2 million in DeFi operations.  The Profanity tool was used to create the compromised Wintermute wallet. Wintermute… Continue Reading

Cobalt Strike Rolls Out an Update for XSS Vulnerability
September 21, 2022

Cobalt Strike Rolls Out an Update for XSS Vulnerability

Cobalt Strike 4.7.1 out-of-band update fixed an issue in version 4.7 that the affected users reported. There was no workaround for the problem. A vulnerability revealed soon after the 4.7 release was also addressed by… Continue Reading

Highlights from SOCRadar Cyberwatch September Webinar
September 20, 2022

Highlights from SOCRadar Cyberwatch September Webinar

The first of SOCRadar's Cyberwatch webinar series took place yesterday. Cyberwatch September, which covers significant cyber incidents, emerging threat actors, the most exploited vulnerabilities, and major cyberattacks worldwide, aims to provide actionable intelligence to cyber… Continue Reading

Microsoft and VMware Warn of Ongoing Chromeloader Malware Campaign
September 20, 2022

Microsoft and VMware Warn of Ongoing Chromeloader Malware Campaign

Microsoft and VMware cautioned users about a widely spread Chromeloader malware campaign. The malware is said to have evolved and become more threatening. Microsoft has posted an alert on Twitter about an active click fraud campaign that utilized Chromeloader, attributed to… Continue Reading

Diplomatic Crisis: Cyber Attack from Iran to Albania
September 19, 2022

Diplomatic Crisis: Cyber Attack from Iran to Albania

On September 7, Edi Rama -the Prime Minister of Albania- released a video message on the website of the Government of Albania. According to the video message, Prime Minister Rama requested all diplomatic, technical, and… Continue Reading

Why are Threat Actors Targeting Indonesia?
September 16, 2022

Why are Threat Actors Targeting Indonesia?

On September 3, Indonesia hiked fuel prices by 30%, stating that petrol and diesel prices are still low by world standards, but subsidies are unsustainable. On the other hand, in the background of political decisions… Continue Reading

Trend Micro Warnes for Actively Exploited RCE Flaw in Apex One
September 16, 2022

Trend Micro Warnes for Actively Exploited RCE Flaw in Apex One

Trend Micro recently released a patch for an actively exploited flaw in its endpoint security platform, Apex One. The security software provider published an advisory to report six vulnerabilities and advised their customers to apply the patches… Continue Reading

Hacker Breached Nearly Entire Uber IT System
September 16, 2022

Hacker Breached Nearly Entire Uber IT System

Transportation provider giant Uber is currently investigating a cyberattack. Following a network intrusion, multiple instances used by the company have been compromised. Uber announced on Twitter that they are working with law enforcement to address the issue.… Continue Reading

WordPress Sites Compromised Due to FishPig Supply Chain Attack
September 15, 2022

WordPress Sites Compromised Due to FishPig Supply Chain Attack

Numerous attack scenarios were observed targeting WordPress recently. These attacks abused WordPress plugins and tools to exploit websites. Threat actors infected FishPig's distribution server as part of a supply chain attack. The vendor's service integrates Adobe's… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo