Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- MosesStaff attacks organizations with encryption malware: No payment demand made
November 16, 2021
The MosesStaff hacking group has entered the ‘ransomware’ fray with a difference: blackmail payments are furthest from their minds. On November 15, Check Point Research (CPR) said the group began targeting organizations in Israel during September this year, joining campaigns launched by Pay2Key and BlackShadow. The focus of these operations was to deploy ransomware on their victim’s ...
- New Rowhammer technique bypasses existing DDR4 memory defenses
November 15, 2021
Researchers have developed a new fuzzing-based technique called ‘Blacksmith’ that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations. The emergence of this new Blacksmith method demonstrates that today’s DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted. Rowhammer is a security exploit that relies on the leaking of ...
- High-Severity Intel Processor Bug Exposes Encryption Keys
November 15, 2021
A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be. The high-severity privilege-escalation issue is ...
- Hackers compromise FBI email system, send thousands of messages
November 13, 2021
Hackers compromised a Federal Bureau of Investigation email system on Saturday and sent tens of thousands of messages warning of a possible cyberattack, according to the agency and security specialists. Fake emails appeared to come from a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a statement. Although the hardware impacted by the incident ...
- Fake end-to-end encrypted chat app distributes Android spyware
November 13, 2021
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. This particular RAT (remote access trojan) targets predominately Indian users, being distributed by Pakistani actors. The telemetry data on the most recent campaign shows that the targeting scope hasn’t changed, and ...
- Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day
November 12, 2021
There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto Networks’ GlobalProtect VPN. The zero-day — which has a severity rating of 9.8 and was first reported by ZDNet — allows for unauthenticated, remote code execution ...