Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Make sure you’re up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out
January 11, 2022
Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7’s Jake Baines to Sonicwall in October. If ...
- LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk
January 11, 2022
Our LoRaWAN security series has so far outlined multiple security flaws, vulnerability issues, and entry vectors that attackers have been known to use. In this fourth part of the series, we talk about an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. Although it is not a typical target, it ...
- DDoS Attack Trends for Q4 2021
January 11, 2022
The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few. The ...
- Indian Patchwork hacking group infects itself with remote access Trojan
January 10, 2022
An Indian threat group’s inner workings have been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT). Dubbed Patchwork by Malwarebytes and tracked under names including Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, the Indian group has been on the scene since at least 2015 and is actively launching campaigns ...
- Microsoft: powerdir bug gives access to protected macOS user data
January 10, 2022
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users’ protected data. The Microsoft 365 Defender Research Team has reported the vulnerability dubbed powerdir (tracked as CVE-2021-30970) to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research (MSVR). TCC is security tech designed to block ...
- Uncovering and Defending Systems Against Attacks With Layers of Remote Control
January 10, 2022
As organizations brace themselves for the year ahead, now is an opportune time to take stock of how they can strengthen their security posture and shore up their defenses. While organizations may have the power of leading-edge cybersecurity solutions on their side, malicious actors continue to work diligently to refine their methods and take advantage ...