Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Network tunneling with… QEMU?
March 5, 2024
While investigating an incident at a large company a few months ago, kaspersky researchers detected uncommon malicious activity inside one of the systems. They ran an analysis on the artifacts, only to find that the adversary had deployed and launched the following: The Angry IP Scanner network scanning utility The mimikatz password, hash, and Kerberos ticket extractor, and ...
- US airman pleads guilty to leaking classified documents
March 5, 2024
Jack Teixeira, a member of the Massachusetts Air National Guard charged with leaking classified military documents on a social media platform, pleaded guilty on Monday to carrying out one of the most serious U.S. national security breaches in years. The 22-year-old pleaded guilty to six counts of willful retention and transmission of classified information relating to ...
- Iran foiled nearly 200 cyber-attacks in month to elections
March 5, 2024
Head of Iran’s Civil Defense Organization Brigadier General Gholamreza Jalali says Iran has foiled nearly 200 cyber-attacks in the month leading up to the recent parliamentary elections. In an interview with Iranian television on Monday, Jalali said some 4 or 5 major cyber-attacks were carried out during the same period but were foiled by the experts ...
- Third-party breach leads to American Express customer data compromise
March 4, 2024
Payment card provider American Express Company is warning customers that their credit card details may have been exposed following a breach involving a third-party provider. The details were first revealed in a filing with the State of Massachusetts, with a form letter sent to affected customers stating that a third-party service provider “engaged by numerous merchants ...
- New Marsilia Ransomware Downloader Found
March 4, 2024
This week, the SonicWall Capture Labs threat research team analyzed a sample of Marsilia malware, also known as Mallox. This is a multi-stage sample that, when functional, will have a first stage that enumerates system information and creates persistence. The second stage is then downloaded and will perform data extraction and encryption for ransomware purposes. The ...
- New Banking Trojan “CHAVECLOAK” Targets Brazil
March 4, 2024
FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware. Notably, CHAVECLOAK is specifically designed to target users in Brazil, aiming to steal sensitive information linked to ...