Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Payload Trends in Malicious OneNote Samples
May 16, 2024
In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...
- Scammers can easily phish your multi-factor authentication codes – here’s how to avoid it
May 16, 2024
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. ...
- Cyber crime threatening mining safety
May 16, 2024
A 2022 survey by Ernst & Young found that 71% of respondents in the mining sector had seen an increase in the number of disruptive attacks in the year leading up to the survey. “Leading mining companies in southern Africa are actively implementing digital transformation projects, and the technology used is becoming more complicated. With connected ...
- SugarGh0st RAT Used to Target American Artificial Intelligence Experts
May 16, 2024
Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically ...
- Another cyber-attack on Australian healthcare company
May 16, 2024
here’s been another large-scale ransomware data breach of an Australian company…this time at an e-script provider named Medi-Secure. Medi-Secure is a prescription exchange service, which offers electronic prescribing and dispensing of prescriptions. It’s not yet known how many data records have been accessed, but experts warn that many Australians might not even know their details were ...
- Notorious data leak site BreachForums seized by law enforcement
May 15, 2024
BreachForums—probably the largest dark web marketplace for stolen data to be leaked and sold—has been seized by law enforcement.Now, both the regular and the TOR domain of BreachForums are plastered with a message telling visitors the site is now under control of the FBI. Raidforums ran from early 2015 until February 2022. The first iteration of ...