Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Renewable energy systems vulnerable to cyber attacks
July 2, 2024
The FBI has issued an official alert to the public about the potential for malicious cyber actors to disrupt power generation, steal intellectual property, or hold critical information for ransom within the U.S. renewable energy sector. The warning comes as federal and local governments increasingly advocate for renewable energies, expanding the industry and creating more opportunities ...
- Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks
July 1, 2024
The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were ...
- LockBit ransomware attack stole data on millions of Infosys McCamish users
July 1, 2024
When LockBit ransomware affiliates struck Infosys McCamish Systems (IMS) in late 2023, they did not steal sensitive information on some 57,000 people, as was initially thought. Instead, the threat actors stole valuable intel on more than six million people, a new report the IMS shared with the US authorities has said. The type of information stolen ...
- SentinelLabs uncovers new CapraRAT spyware targeting Android users
July 1, 2024
A new report released today by SentinelLabs, warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications. CapraRAT is an Android remote-access trojan virus used by a Pakistan-linked threat actor called Transparent Tribe, also known as APT36, which first emerged around 2018. The malware has primarily been used for ...
- The biggest data breaches in 2024: 1B stolen records and rising
June 29, 2024
We’re over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can’t get any worse, they do. From huge stores of customers’ personal information getting scraped, stolen and posted online, to reams of medical ...
- Remote access giant TeamViewer says Russian spies hacked its corporate network
June 28, 2024
TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on ...