Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts

Co-authored by Yaron Kaplan and Gil Shamgar. AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise." These alerts go beyond traditional threat detection by focusing on attack...

Introducing Integrated API Abuse Prevention to Combat Bad Bots

In recent years theres been a rise in "API Abuse" attacks, which includes detrimental automated behaviors such as malicious bots, account takeover ATO, credential stuffing, application layer L7 DDoS, data scraping, and more. For instance, in April-2021 malicious actors scraped the personal data o...

How to Detect New Threats via Suspicious Activities

Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid...

inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)

A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...

Description of Update 1 for Microsoft Advanced Threat Analytics v1.7

Describes the features and functionality of Update 1 for Microsoft Advanced Threat Analytics ATA v1.7.This article describes an update for Microsoft Advanced Threat Analytics ATA v1.7.DO NOT run the command in this article on the versions that are later than v1.7, as this damages the system. Also...

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team DART, we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you...

[Wireless IDS] Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets

Wireless IDS is an open source tool written in Python and work on Linux environment. This tool will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following Detect mass deauthentication sent to client / access point which unreasonable...