Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Frontier Communications: 750k people’s data stolen in April attack on systems
June 7, 2024
Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing. Lawyers representing the major US telco told the Office of the Maine Attorney General that data belonging to 751,895 people was stolen. The data types impacted, according to the filing, are limited to names ...
- Telangana Police hit by second major data breach in a week as TSCOP App compromised
June 7, 2024
Just a week after the hacking incident involving Telangana police’s HawkEye app, another app, TSCOP, has been compromised as well. As a result, policerelated data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is behind this security lapse. The TSCOP app user data is being sold online ...
- CoinGecko confirms email provider data breach, over 23,000 phishing emails sent
June 7, 2024
Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by its third-party email management platform GetResponse. Following yesterday’s reports of a new wave of crypto airdrop scams, CoinGecko confirmed that GetResponse suffered a data breach on June 5, allowing attackers to export the contact information of over 1.9 million CoinGecko users. Read more… Source: CoinTelegraph Sign up for ...
- Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
June 6, 2024
Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...
- Hundreds of Snowflake customer passwords found online are linked to info-stealing malware
June 5, 2024
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts ...
- RansomHub: New Ransomware has Origins in Older Knight
June 5, 2024
RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. ...