Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
August 9, 2021
In a previous blog entry, we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet ...
- Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now
August 8, 2021
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code ...
- Australian govt warns of escalating LockBit ransomware attacks
August 8, 2021
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. “ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia,” Australia’s cybersecurity agency said in a security alert issued on Thursday. Read more… Source: Bleeping Computer
- Angry Affiliate Leaks Conti Ransomware Gang Playbook
August 6, 2021
An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work. A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service ...
- More than 12,500 vulnerabilities disclosed in first half of 2021
August 5, 2021
Risk Based Security has released two new reports covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the amount of vulnerabilities disclosed. The company’s data breach report found that there were 1,767 publicly reported breaches in the ...
- Security company warns of Mitsubishi industrial control vulnerabilities
August 5, 2021
Cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about 5 vulnerabilities affecting Mitsubishi safety PLCs. In a new report, the company said Mitsubishi acknowledged the issues — which are focused on the authentication implementation of the MELSOFT communication protocol — after they were discovered at the end of 2020. The Japanese ...