Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trickbot will now try to crash researcher PCs to stop reverse engineering attempts
January 26, 2022
The Trickbot Trojan has been revised with a new set of anti-reverse engineering features including the capability to crash computers if analysis tools are detected. Over the years, Trickbot has evolved from its original state as a banking Trojan to a wider suite of malicious components. Following the retirement of Dyre in 2016 and the disruption of ...
- Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad
January 26, 2022
This Private Industry Notice provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures (TTPs) to enable recipients to identify and defend against the group’s malicious cyber activities. On 20 October 2021, a grand jury in the US District Court for the Southern District of New York indicted two Iranian nationals ...
- Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data
January 25, 2022
Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...
- TianySpy Malware Uses Smishing Disguised as Message From Telco
January 25, 2022
It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...
- Trellix finds OneDrive malware targeting government officials in Western Asia
January 25, 2022
Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix. Researchers with Trellix named the malware involved “Graphite” because it uses Microsoft’s Graph API to leverage OneDrive as a command and control server. The attack takes advantage of an MSHTML remote ...
- Canada’s foreign affairs department hit with cyberattack
January 25, 2022
Canada’s foreign affairs department was hit with a cyberattack last week, according to the Treasury Board of Canada. The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on Wednesday, according to a statement provided by the Treasury Board to ABC News. The statement does not identify who carried out the ...