Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security company ADT announces security breach of customer data
August 9, 2024
Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report “a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” ADT filed the 8-K on August 7, adding that the incident happened “recently,” but refraining from providing an exact date. The company ...
- UK police commissioner threatens to extradite, jail US citizens over online posts
August 9, 2024
London’s Metropolitan Police chief warned that officials will not only be cracking down on British citizens for commentary on the riots in the U.K., but on American citizens as well. “We will throw the full force of the law at people. And whether you’re in this country committing crimes on the streets or committing crimes from ...
- JG Summit Holdings probing ‘possible’ cyber attack
August 9, 2024
Gokongwei-led conglomerate JG Summit Holdings Inc. is investigating an alleged cybersecurity attack which was claimed to have affected thousands of the company’s computers. RansomHub, which was supposedly responsible for the attack, expressed frustration over being ignored by JG Summit and was threatening to initiate additional attacks if its demands were not met, according to Deep Web ...
- Royal Ransomware Actors Rebrand as “BlackSuit”
August 8, 2024
The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal). FBI investigations identified these TTPs and IOCs as recently as July 2024. See ...
- UK: Woman arrested for ‘sharing inaccurate information about identity of Southport attacker’
August 8, 2024
A woman has been arrested in relation to a social media post containing ‘inaccurate information about the identity of the attacker’ in the Southport stabbings. The 55-year-old woman from near Chester, was arrested on Thursday (August 8). She was taken into custody on suspicion of publishing written material to stir up racial hatred and false communications. ...
- Russia: Massive DDoS attack on Kursk Region repelled
August 8, 2024
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation has reported that a massive distributed denial-of-service (DDoS) attack on the Kursk Region’s local services has been successfully thwarted. “A massive DDoS attack on the regional services of the Kursk Region has been repelled and specialists have already restored all online activity,” the ...