Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- “The mother of all breaches”: 26 billion records found online
January 23, 2024
Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches”. However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal ...
- Threat Assessment: BianLian ransomware group
January 23, 2024
Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data they’ve gathered. From that leak site data, Unit 42 primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) ...
- Subway reportedly hit by LockBit ransomware – but is it half-baked speculation?
January 23, 2024
Subway has allegedly suffered a data breach at the hands of none other than the notorious LockBit ransomware gang. According to a media report, the ransomware-as-a-service provider added the sandwich makers to its data leak site earlier this week after one of its affiliates made away with gigabytes of sensitive data. Read more… Source: MSN News
- Australia: Russian man Aleksandr Ermakov has been sanctioned over the Medibank data breach
January 23, 2024
The Australian government has used Magnitsky-style sanctions for the first time to punish Russian man Aleksandr Ermakov over what it says is his role in the 2022 Medibank Private data breach. Foreign Minister Penny Wong, Home Affairs Minister Clare O’Neil and Deputy Prime Minister Richard Marles made the announcement on Tuesday morning. But what exactly are ...
- New macOS backdoor stealing cryptowallets
January 22, 2024
A month ago, Kaspersky researchers discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. The researchers recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking ...
- Lebanon: Ministry of Social Affairs’ website suffers cybersecurity breach
January 22, 2024
The Ministry of Social Affairs’ website has been subjected to a cyber-attack. Authorities are actively working to resolve the issue and ensure the restoration of normalcy to the site. Reportedly, the website does not contain any personal information. Read more… Source: Lebanese Broadcasting Corporation International