Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The rising threat of phishing attacks with Crypto Drainers
December 22, 2023
A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks. These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks ...
- Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors
December 22, 2023
At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...
- Cyberattack forces First American to take some IT systems offline
December 22, 2023
First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...
- Indian IT services giant HCL Technologies hit by ransomware
December 22, 2023
Indian IT giant HCL Technologies apparently suffered a significant ransomware attack. Multiple media sources are claiming that the company filed a new report with the National Stock Exchange of India, in which it describes falling prey to a limited ransomware attack, stating that it “has become aware of a ransomware incident in an isolated cloud environment ...
- How Outlook notification sounds can lead to zero-click exploits
December 21, 2023
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first ...
- Bandook – A Persistent Threat That Keeps Evolving
December 21, 2023
Bandook malware is a remote access trojan that has been continuously developed since it was first detected in 2007. It has been used in various campaigns by different threat actors over the years. FortiGuard Labs identified a new Bandook variant being distributed via a PDF file this past October. This PDF file contains a shortened URL ...