Rapid7 Q1 2025 Incident Response Findings

Rapid7’s Q1 2025 incident response data highlights several key initial access vector IAV trends, shares salient examples of incidents investigated by the Rapid7 Incident Response IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing i...

Changing the tide: Reflections on threat data from 2024

"Enough Ripples, And You Change The Tide. For The Future Is Never Truly Set." X-Men: Days of Future Past In January, I dedicated some time to examine threat data from 2024, comparing it with the previous years to identify anomalies, spikes, and changes. As anticipated, the number of Common...

Making Sense of Kubernetes Initial Access Vectors Part 1 – Control Plane

Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats...

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

The Emotet malware is now being leveraged by ransomware-as-a-service RaaS groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware...

Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper,"...

Investigating and Mitigating Malicious Drivers

The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to...

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

UBUNTU-CVE-2020-14663

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Default credentials

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...

Mandriva Update for kernel MDKSA-2007:060 (kernel)

Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDKSA-2007:060 kernel Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...