Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ‘Several combinations of social engineering’ used during cyberattack on camera maker Axis
March 3, 2022
Camera maker Axis released more details about a cyberattack that started on the night of Saturday, February 19. In its initial messages on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday, February 20, before it shut down all public-facing services globally in the hopes of ...
- NVIDIA DLSS source code leaked as part of cyberattack
March 2, 2022
The attack on NVIDIA continues, this time with an alleged leak of the source code for the company’s DLSS tech. A ransomware group known as Lapsus has allegedly shared NVIDIA’s DLSS source code as part of a cyberattack. The group has demanded that NVIDIA remove mining limitations from RTX 30-series graphics cards. The leaked DLSS source code ...
- Conti ransomware group’s source code leaked
March 2, 2022
Infamous ransomware group Conti is now the target of cyberattacks in the wake of its announcement late last week that it fully supports Russia’s ongoing invasion of neighboring Ukraine, with the latest hit being the leaking of its source code for the public to see. This disclosure comes just days after an archive leaked containing more ...
- SMS PVA Part 3: Countries Most Impacted by Service
March 2, 2022
Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell as an example. Moreover, it discussed the “benefits” of SMS PVA services to cybercriminals. In the final installation of our series, we’ll discuss relevant statistics and recommendations to mitigate the ...
- TeaBot Android Banking Trojan continues its global conquest with new upgrades
March 2, 2022
The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. On March 1, the Cleafy research team said TeaBot now targets over 400 applications, pivoting from an earlier focus on “smishing” to more advanced tactics. Smishing attacks are used to compromise mobile handsets via spam text messages ...
- DDoS attackers have found this new trick to knock over websites
March 2, 2022
Distributed denial of service (DDoS) attackers are using a new technique to knock websites offline by targeting vulnerable ‘middleboxes’, such as firewalls, to amplify junk traffic attacks. Amplification attacks are nothing new and have helped attackers knock over servers with short busts of traffic as high as 3.47 Tbps. Microsoft last year mitigated attacks on this ...