Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DDoS attacks in Q3 2021
November 8, 2021
Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the ...
- REvil ransomware affiliates arrested in Romania and Kuwait
November 8, 2021
Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates on November 4, both of them allegedly responsible for infecting thousands of victims. DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers carried out four home searches in Constanța, seizing mobile devices (laptops, mobile phones) and storage ...
- Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
November 7, 2021
On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...
- Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’
November 5, 2021
Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...
- BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
November 4, 2021
On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary ...
- Ukraine links members of Gamaredon hacker group to Russian FSB
November 4, 2021
SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB (Russian Federal Security Service) and is believed to be responsible for over 5,000 ...