Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
May 15, 2024
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks. Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware. The observed activity begins with impersonation through voice phishing (vishing), followed by delivery of malicious tools, including ...
- Man convicted following complex two year cybercrime investigation by Police Scotland
May 15, 2024
A 21-year-old man from West Dunbartonshire has been convicted of creating, selling and supporting an online computer system with the capability of bringing down websites. Detective Chief Inspector Andy Maclean, of Police Scotland’s Cybercrime Investigations Unit, said: “Tagore supplied a tool used by his customers to carry out Distributed Denial of Services (DDOS) attacks. These are ...
- Santander hit by data breach affecting customers and staff
May 14, 2024
Spanish bank Santander has said data managed by an external party was recently accessed without permission, affecting some of its clients and all of its current staff. “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,” the bank said in a statement on Tuesday. Read more… Source: MSN News Sign up ...
- Massive COMB data breach reveals info on over a billion people
May 14, 2024
Someone is combining information on Chinese citizens leaked in different data breaches into a single database, and has so far made more than 1.2 billion records. This compilation of many breaches (COMB) contains plenty of sensitive user information, including phone numbers, postal addresses, ID card numbers, and more. Researchers claim they spotted an unprotected database on ...
- Christie’s £670m art auctions hit by cyber attack
May 14, 2024
Auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m (£670m) are being hampered by a cyber attack. Lots ranging from a Vincent van Gogh painting, valued at $35m, to rare wine are going under the hammer in its spring auctions. Would-be buyers are unable to view them on its website ...
- Ireland: More than 470 legal proceedings issued against health service after ransomware hit
May 14, 2024
More than 470 legal proceedings have been issued against the Health Service Executive (HSE) in relation to a cyber attack that shutdown the health service’s IT systems and compromised the data of thousands of patients and staff three years ago. Conti, a Russia-based cybercrime group, launched its ransomware attack on the health service on May 14th, ...