Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Active Exploitation of Zero-Day Vulnerability in Ivanti Connect Secure
January 9, 2025
CVE-2025-0282 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 9.0. If exploited, a remote unauthenticated attacker could execute arbitrary code (ACE). CVE-2025-0283 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 7.0. If exploited, a local authenticated attacker could escalate their privileges. Affected organisations must review the Ivanti Security Advisory and ...
- Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data
January 8, 2025
Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. MirrorFace sent emails with attachments containing malware to targeted organizations and individuals to view ...
- Enhancing Botnet Detection with AI using LLMs and Similarity Search
January 8, 2025
As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques. In first-of-its-kind research, ...
- Multiple Vulnerabilities in SonicOS
January 8, 2025
SonicWall has released a security advisory to address three high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. Read more… Source: NHS Digital Sign up for our Newsletter Related:
- AI-supported spear phishing fools more than 50% of targets
January 7, 2025
One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, and the results line up with everyone’s expectations: AI is making it easier to ...
- Italian digital identity provider suffers data breach, 5.5M customers affected
January 7, 2025
InfoCert has had millions of its customers’ personal data stolen and put up for sale. A leading European certification authority and provider of digital identity services such as Italy’s SPID (Public Digital Identity System), InfoCert posted a public notice on its website detailing the data breach on December 27. However, the notice has since been taken ...