Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Rogue AI is the Future of Cyber Threats
August 15, 2024
Yoshua Bengio, regarded as one of the “godfathers” of artificial intelligence, has likened the now-ubiquitous technology to a bear. When we teach the bear to become smart enough to escape its cage, we no longer control it. All we can do after that is try to build a better cage. This should be our goal with ...
- A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
August 15, 2024
FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises. ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage. Another noteworthy characteristic of this malware is its heavy usage ...
- UK, US supervise Ukrainian scam call centers – Russian Interior Ministry
August 15, 2024
The special services of the United Kingdom and the United States control and supervise Ukrainian scam call centers, a spokesman for the Russian Interior Ministry said. “The most important thing is that they are fully controlled by the special services of Ukraine, the special services of the UK and the US. Remote thefts ...
- Kootenai Health cyber attack impacts 464,000 patients
August 15, 2024
US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack. The non-profit health system, based in Coeur d’Alene, Idaho, said it was alerted to a potential data breach in March 2024 after noticing “unusual activity that disrupted access to certain IT systems”. Following an investigation, Kootenai ...
- Cyber attack on councils across Greater Manchester leaves thousands vulnerable to phishing scam
August 14, 2024
A cyber attack on councils across Greater Manchester has left thousands of residents vulnerable to a phishing scam. The attack, which initially hit one borough last week and spread over the weekend, on software company Locata downed the housing websites for Manchester, Salford and Bolton councils. It has also led to thousands of users being sent ...
- EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
August 14, 2024
In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service. Attackers used this malware to download ...