Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Awaken Likho is awake: new techniques of an APT group
October 7, 2024
In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...
- iPhone flaw could read your saved passwords out loud – update now
October 7, 2024
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...
- UK’s Sellafield nuclear waste processing plant fined £333K for infosec blunders
October 4, 2024
The outfit that runs Britain’s Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation’s Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023. Sellafield, located in Cumbria, England, manages more radioactive waste than any other nuclear site in the world, and decommissioning work happening at ...
- Zimbabwe faces alarming rise in cyber attacks amid bank hacking
October 3, 2024
Zimbabwe has witnessed a significant surge in cyber attacks in recent months, with local entities, including banks, falling victim to hacking, the country’s Minister of Information Communication Technology, Tatenda Mavetera has revealed. Mavetera said the threat is also a local phenomenon, citing recent bank hacks in the country. Mavetera stated that cybercrime is not just a ...
- CISA flags major Ivanti security flaw – patch now
October 3, 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...
- Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe
October 3, 2024
Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they ...