Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Android Remote Access Trojan Equipped to Harvest Credentials
April 29, 2024
The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. The researchers encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to harvest credentials. This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on ...
- Dutch cybersecurity experts warning companies about global ransomware attack
April 28, 2024
Dutch cybersecurity companies have issued warnings to thousands of companies about a global ransomware attack. The attackers, known as the Cactus Gang, are from Eastern Europe and have been active since the end of last year. The cybercriminals managed to penetrate the security systems of 122 companies, and at least 10 of those are in the ...
- Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
April 26, 2024
Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...
- Kansas City SCOUT cameras, highway message boards ‘down until further notice’, officials blame cyber attack
April 25, 2024
The traffic cameras, tracking systems and message boards used by many throughout the Kansas City metro area are down until further notice due to what officials are calling a cyber attack. Officials with the Kansas City Scout system said early this morning all SCOUT systems went down until further notice. This included the KC SCOUT website, ...
- Why tourists are particularly vulnerable to cyber attacks
April 25, 2024
Travelling abroad always comes with the potential risk of cybercrime threats including spoofing, phishing attacks, catfishing, fraudulent links and calls, spamming, etc. These travel risks are more for tourists who are generally travelling to a new country for the first time or are alone. They don’t know much about the native language of the new place ...
- Polish minister says government used spyware against hundreds of people
April 25, 2024
The use of spyware in Poland under the previous government resulted in accusations that the authorities were abusing power and eroding democratic guardrails. Poland’s prosecutor general said on Wednesday that Pegasus spyware was used against hundreds of people during the former Polish government. Adam Bodnar told lawmakers that he found the scale of the surveillance to ...