Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 2023’s badly handled data breaches
December 29, 2023
Last year, researchers compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this year, many organizations continue to make ...
- EasyPark data breach may affect millions of customers
December 29, 2023
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10 2023. Read more… Source: Yahoo News
- India: Forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists
December 28, 2023
Amnesty International, in partnership with The Washington Post, has unearthed shocking new details about the continued use of NSO Group’s highly invasive spyware Pegasus to target prominent journalists in India, including one who had previously been a victim of an attack using the same spyware. The Security Lab recovered evidence of a zero-click exploit which was ...
- Another top US mortgage firm reveals a major data breach, over a million customers affected
December 28, 2023
LoanCare suffered a data breach last month, which resulted in the theft of sensitive customer data, the insurance service company has confirmed. Roughly 1.3 million people were affected by the breach, the company further explained, as hackers stole people’s full names, physical addresses, Social Security Numbers (SSN), and loan numbers. Read more… Source: MSN News
- Financially motivated threat actors misusing App Installer
December 28, 2023
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. In response to ...
- Yakult Australia targeted in cyber attack, employee files published on dark web
December 28, 2023
Iconic probiotic company Yakult Australia has been hit by a significant cyber attack that has seen its company records and sensitive employee documents, such as passports, published on the dark web. Yakult Australia confirmed its Australian and New Zealand IT systems were impacted by a “cyber incident”. Read more… Source: MSN News