Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Website for US deportation airline GlobalX defaced by hackers
May 5, 2025
Hackers defaced one of the websites of the airline at the center of President Donald Trump’s campaign of deportations to an offshore detention center in El Salvador, a Reuters viewing of the site showed on Monday. A message posted to a subdomain of GlobalX said the site had been hijacked by hackers operating under the banner ...
- Hundreds of top ecommerce sites under attack following Magento supply chain flaw
May 5, 2025
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. The company says ...
- TeleMessage, a modified Signal clone used by US government officials, has been hacked
May 5, 2025
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...
- Kidnappers in France target cryptocurrency entrepreneurs for ransom
May 4, 2025
French police rescued the father of a wealthy cryptocurrency entrepreneur in a nighttime raid after he was taken hostage for ransom, the latest alleged criminal effort in France to extort people involved in the management of digital assets. The man was kidnapped Thursday morning in Paris, the prosecutor’s office said Sunday. “The victim turned out to ...
- Scattered Spider hacking group allegedly behind cyber-attacks on Marks & Spencer
May 2, 2025
The culprit behind the M&S cyber attack is still a matter of investigation but speculation has pointed to a group called Scattered Spider. Also called UNC3944, Octo Tempest or Muddled Libra, Scattered Spider is a hacking group comprised of hackers – some thought to be as young as 16. Members are said to frequent hacker forums, ...
- Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324)
May 2, 2025
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, ...