Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Disneyland, Disney Cruise guests and employees personal info leaked
September 7, 2024
Over the summer, Disney’s internal communications channels suffered a data breach. We now know that as a result of this breach, guests and employees were affected, with personal information being stolen by hackers. Earlier this summer, a hacker group called “NullBulge” gained access to over 1TB of sensitive data from Disney after infiltrating the company’s internal ...
- Chinese APT Abuses VSCode to Target Government in Asia
September 6, 2024
Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target ...
- CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon
September 6, 2024
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5. Centreon is a widely used network, system and application monitoring tool. This issue resides ...
- US Department of Homeland Security looks to infosec testbed to help protect ports
September 6, 2024
The US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS).The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways. Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs. ...
- Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure
September 5, 2024
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm ...
- Zyxel Releases Multiple Security Advisories
September 4, 2024
Zyxel has released 3 security advisories to address vulnerabilities in Zyxel firewalls, Access Points (APs), extenders, and security router devices. In the first security advisory, Zyxel describes seven vulnerabilities found in their ATP and USG FLEX firewall product lines. Two vulnerabilities could allow an attacker to create a denial-of-service (DoS) condition, four vulnerabilities could allow an ...