Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Online store exposed millions of Chinese citizen IDs
November 6, 2023
A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas. The database contained more than ...
- New Report On Suffolk County Cyber Attack Raises Questions
November 6, 2023
The former IT commissioner for the Suffolk County Clerk’s department did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, the Press has learned. The Center for Internet Security (CIS) sent an email at 3 a.m. on Sept. 8, ...
- US sanctions Russian accused of laundering Ryuk ransomware funds
November 6, 2023
The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars’ worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova, 37, is accused of using virtual currency exchange transfers and ...
- Infosys subsidiary hit by cyber security attack
November 3, 2023
Infosys announced on Friday, November 3, that its US unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems. The IT services major said it is working with a cyber security company to resolve the issue and that it had launched an investigation to identify the ...
- Payola ransomware operator demands remote access to PC
November 3, 2023
The Sonicwall threat research team have recently been tracking a new ransomware family called Payola. This family of ransomware appeared in late August 2023. It is written in .NET and is easy to analyze as it contains no obfuscation. Early variants would append “.Payola” to the names of encrypted files but the current variants use ...
- UK: Huge data breach at Southend-on-Sea City Council
November 2, 2023
Details of over 2,000 staff and councillors have been made public in a council data breach. Southend-on-Sea City Council could face six-figure fines for the mistake. The information disclosed included names, addresses and National Insurance numbers. The council leader has apologised and said that all those affected would be contacted and offered advice and support. ...