Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TrickBot gang developer arrested when trying to leave Korea
September 6, 2021
An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim’s networks, steal data, and deploy other malware, such as ransomware. Seoul’s KBS (via The ...
- East Asian online organised crime group preying on British job seekers
September 6, 2021
An organised group of criminals based in East Asia have defrauded job seekers in the UK and worldwide after getting a scam app on to both the Google and Apple app stores. Working with victims who have tried to track down their scammers, Sky News has learnt they were operating from Cambodia, the Philippines and China, ...
- Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle
September 4, 2021
A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation – meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes’ findings after helping him analyse Bluetooth emissions from a dozen different models of audio ...
- Analyzing SSL/TLS Certificates Used by Malware
September 3, 2021
Malware has increasingly been making use of encryption to help hide their network traffic in recent years. This makes sense especially when one realizes that ordinary network traffic is increasingly encrypted as well. Google’s own Transparency Report notes that HTTPS traffic now makes up the vast majority of network traffic passed via the Google Chrome ...
- The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
September 3, 2021
The United Nations Regulation No. 155 sets provisions for cybersecurity and cyber security management systems in vehicles. A notable section of the document is Annex 5, which lists 69 attack vectors affecting vehicle cybersecurity. In order to help organizations comply with this regulation, we conducted a threat modelling exercise on the defined attack vectors as ...
- Threat Brief: CVE-2021-26084
September 3, 2021
On Aug. 25, 2021, Atlassian released a security advisory for an injection vulnerability in Confluence Server and Data Center, CVE-2021-26084. If the vulnerability is exploited, threat actors could bypass authentication and run arbitrary code on unpatched systems. Since the release of this advisory, mass scanning activity has started to occur, seeking unpatched systems, and in-the-wild ...