Velociraptor incident response tool abused for remote access
This approach represents an evolution from threat actors abusing remote monitoring and management tools
Similar Posts
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Bys sVulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly…
Minnesota National Guard deployed; St. Paul declares state of emergency in response to cyberattack
Bys sSamantha Fischer reports: Minnesota Governor Tim Walz issued an executive order to activate the National Guard Tuesday after the city of St. Paul became the target of a cyberattack. According to the governor’s office, the order took effect immediately. “We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,”…
Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
Bys sEuropol reports: Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging…
Record-Breaking DDoS Attack Reached 5.6 Tbps
Bys sCloudflare saw a 53% increase in DDoS attack frequency last year, when it blocked a record-breaking 5.6 Tbps attack. The post Record-Breaking DDoS Attack Reached 5.6 Tbps appeared first on SecurityWeek.
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
Bys sThe maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts,” Mike Fiedler, PyPI safety and security…
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Bys sUnknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with