Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ivanti vulnerabilities now actively exploited in massive numbers
January 17, 2024
The researchers that discovered the active exploitation are warning that these attacks are now very widespread. The fact that there are no patches available and users were asked to apply a workaround and monitor their network traffic for suspicious activity, may have contributed to the slow response to the sounded alarms. Almost 7000 devices remain vulnerable ...
- PSA: Anyone can tell if you are using WhatsApp on your computer
January 17, 2024
Anyone who knows your WhatsApp number can figure out if you are only using the mobile app, or its companion web or desktop apps, a security researcher found. Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found that it’s possible to determine whether a user on WhatsApp is using more than just the ...
- New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
January 17, 2024
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...
- Majorca: Calvià City Council hit by €10million ransom demand
January 17, 2024
Saturday witnessed a cyberattack on the Spanish city of Calvià in Majorca, with hackers now demanding 10 million euros to be paid to restore functionality to integral systems. The Calvià City Council website has been offering updates on the situation, saying the local authority is “working to recover normality as soon as possible, after having been ...
- Binge & Dan Murphys Among Major Brands Hit By Cyber Attack
January 17, 2024
Thousands of retail customers have fallen victim to a hacking scheme where scammers access their online accounts to make fraudulent transactions. Local scammers, having bought online login details from overseas cybercriminals, bragged in a chat online about purchasing iPhones, clothing and alcohol (almost $800 worth) with strangers’ money. The Iconic, an online retailer, said last week ...
- Known Indicators of Compromise Associated with Androxgh0st Malware
January 16, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided ...