Blog

Latest articles from SOCRadar

How Are MSPs (Managed Service Providers) at Risk of Data Breaches?
October 11, 2023

How Are MSPs (Managed Service Providers) at Risk of Data Breaches?

Have you ever wondered how your Managed Service Provider (MSP) is protecting both your data and its own? It is prudent to regularly assess your MSP along with other stakeholders in your supply chain to… Continue Reading

Breaking Down the Top 10 Cybersecurity Misconfigurations by NSA and CISA
October 6, 2023

Breaking Down the Top 10 Cybersecurity Misconfigurations by NSA and CISA

Security misconfigurations occur when systems or applications are not correctly set up, leaving them vulnerable to potential security threats. According to OWASP, approximately 90% of the applications they assessed exhibited some form of misconfiguration, and… Continue Reading

The "Evil" of Everything - Part II: Evilginx and EvilQR Rises AitM
October 2, 2023

The “Evil” of Everything – Part II: Evilginx and EvilQR Rises AitM

In the ever-evolving landscape of cybersecurity threats, it is imperative to maintain vigilance and adaptability. As we delve deeper into the realm of Adversary-in-the-Middle (AiTM) attacks, the second installment of this research series seeks to… Continue Reading

The "Evil" of Everything - Part I: EvilProxy Rises AitM
October 2, 2023

The “Evil” of Everything – Part I: EvilProxy Rises AitM

In today's digital era, detecting a burgeoning type of cyberattack, known as Adversary-in-the-Middle (AiTM) attacks, is becoming increasingly challenging. As cyber threat actors continually refine their techniques, organizations find themselves vulnerable, often ill-equipped to detect… Continue Reading

The Torrent Landscape: Understanding Security, Risks, and the Future
September 29, 2023

The Torrent Landscape: Understanding Security, Risks, and the Future

In today's digital age, the term "torrenting" often evokes images of pirated movies, music, or TV shows. However, the world of torrents is much broader than just illegal content. Torrenting, at its core, is a… Continue Reading

NIST Cybersecurity Framework 2.0: What You Need to Know
September 26, 2023

NIST Cybersecurity Framework 2.0: What You Need to Know

In a previous SOCRadar blog post, we delved into the importance of cybersecurity frameworks for today’s organizations. In this installment, we pivot our focus toward the much-anticipated NIST Cybersecurity Framework 2.0. As cyber threats evolve,… Continue Reading

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
September 22, 2023

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records

In a regular threat and vulnerability hunting activity, SOCRadar has discovered during their research that thousands of DICOM servers were exposed on the internet due to misconfigurations, resulting in the exposure of patient data for… Continue Reading

Don't be Blinded by What You See: Demystifying Homograph Attacks
September 1, 2023

Don’t be Blinded by What You See: Demystifying Homograph Attacks

From Nigerian Princes to Crafty Codes: The Evolution of Phishing Remember the days when our inboxes were graced by those endearing messages from a distant "Nigerian Prince"? Ah, good times, right? If you're thinking, "What… Continue Reading

Chain Reactions: Footprints of Major Supply Chain Attacks
August 28, 2023

Chain Reactions: Footprints of Major Supply Chain Attacks

In today's interconnected digital ecosystem, supply chain attacks have emerged as one of the most potent threats. A supply chain attack occurs when threat actors target organizations by focusing on weaker links in their supply… Continue Reading

Navigating the Cyber Threat Landscape with SOCRadar's Vulnerability Intelligence and CVERadar
August 25, 2023

Navigating the Cyber Threat Landscape with SOCRadar’s Vulnerability Intelligence and CVERadar

In the world of cybersecurity, vulnerability intelligence is like a guiding light for experts dealing with online threats. So, what is it? Vulnerability intelligence focuses on gathering and sharing information about software vulnerabilities. Its main… Continue Reading

Navigating Cloud Vulnerabilities: Challenges and Solutions
August 24, 2023

Navigating Cloud Vulnerabilities: Challenges and Solutions

The cloud, in its simplest form, is a system of servers that store data and applications over the internet rather than on a computer's hard drive. It has become an integral part of modern organizations,… Continue Reading

Raccoon Stealer Resurfaces with New Enhancements
August 24, 2023

Raccoon Stealer Resurfaces with New Enhancements

The developers behind the information-stealing malware, Raccoon Stealer, have broken their six-month silence on hacker forums. They are now promoting an updated version of the 2.3.0 (2.3.0.1 since August 15, 2023) malware to potential cybercriminals.… Continue Reading

Exploring the NIST Cybersecurity Framework: Strengthening Digital Resilience
August 23, 2023

Exploring the NIST Cybersecurity Framework: Strengthening Digital Resilience

In today's rapidly evolving digital landscape, the term "cybersecurity" has become synonymous with safeguarding our most valuable assets: information and data. As we continue to witness an increasing number of cyber threats and attacks, ranging… Continue Reading

The Wolf in Sheep's Clothing: How Cybercriminals Abuse Legitimate Software
August 17, 2023

The Wolf in Sheep’s Clothing: How Cybercriminals Abuse Legitimate Software

[Update] November 9, 2023: Added FBI's notice, see under the title: "FBI Warns of Ransomware Threats via Third Parties and Legitimate Tools." Cybersecurity is an ever-evolving space, this may be fueled by the idea of… Continue Reading

Possible Cyber Threats in the 2024 Olympics
August 16, 2023

Possible Cyber Threats in the 2024 Olympics

The design of the Paris 2024 Olympic and Paralympic torch, introduced on July 25, 2023, struck the first gong for The Paris 2024 Summer Olympic and Paralympic Games. With less than one year remaining until… Continue Reading

How Browser Sync Can Unknowingly Risk Your Business
August 15, 2023

How Browser Sync Can Unknowingly Risk Your Business

An innocuous and maybe a hard worker employee sought to simplify their routines, inadvertently setting a sinister chain of events in motion; they made the decision to activate browser sync via their personal email. It… Continue Reading

New Global Phishing Scam Exposed: Facebook and Instagram Users Targeted by Fake Crypto Platform
August 11, 2023

New Global Phishing Scam Exposed: Facebook and Instagram Users Targeted by Fake Crypto Platform

The thrill of curiosity! It is the spark that drives innovation, leads us to explore new horizons, and sometimes, unfortunately, lands us straight into the arms of danger. Imagine scrolling through your Facebook or Instagram… Continue Reading

Threat-Informed Defense (TID): A Threat Intelligence Perspective
August 4, 2023

Threat-Informed Defense (TID): A Threat Intelligence Perspective

Cyberattacks are increasing in frequency worldwide, posing significant challenges for organizations as they strive to protect their cyber assets from persistent and advanced threat actors. While vulnerability assessments, penetration testing and red teaming, play a… Continue Reading

Living Off the Land: The Invisible Cyber Threat Lurking in Your System
August 3, 2023

Living Off the Land (LOTL): The Invisible Cyber Threat Lurking in Your System

What is LOTL Attack? Living Off the Land (LOTL), also known as lolbins, is a sophisticated cyberattack technique that leverages legitimate tools already present within a victim's system to execute and sustain an attack. Contrary… Continue Reading

The Black Box of GitHub Leaks: Analyzing Companies' GitHub Repos
July 25, 2023

The Black Box of GitHub Leaks: Analyzing Companies’ GitHub Repos

This research aimed to investigate the files that companies might have accidentally uploaded to GitHub and identify any sensitive information that could be present in the uploaded projects; therefore, the focus was on selecting popular… Continue Reading

SOCRadar helps you visualize digital risk, and reduce your company's attack surface
Request Demo