Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Apple’s ‘Find My’ Network Exploited via Bluetooth
May 13, 2021
Apple’s “Find My device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, a security researcher has demonstrated. Security researcher Fabian Bräunlein with Positive Security developed a proof of concept, using a microcontroller and a custom MacOS app, that ...
- Hacker group behind Colonial Pipeline attack claims it has three new victims
May 12, 2021
The hacker group DarkSide claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the U.S. Over the past 24 hours, the group posted the names of three new companies on ...
- Ransomware world in 2021: who, how and why
May 12, 2021
As the world marks the second Anti-Ransomware Day, there’s no way to deny it: ransomware has become the buzzword in the security community. And not without good reason. The threat may have been around a long time, but it’s changed. Year after year, the attackers have grown bolder, methodologies have been refined and, of course, ...
- New ransomware: CISA warns over FiveHands file-encrypting malware variant
May 12, 2021
The US Cybersecurity & Infrastructure Security Agency (CISA) has warned organizations to be cautious of a relatively new ransomware variant called FiveHands. FiveHands ransomware has been around since January 2021, but CISA said it was “aware of a recent, successful cyberattack against an organization” using this strain of file-encrypting malware. Read more… Source: ZDNet
- ‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
May 12, 2021
A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other smart devices as old as 24 years may be vulnerable ...
- New Android malware targeting banks in Italy, Spain, Germany, Belgium, and the Netherlands
May 11, 2021
A new Android trojan has been identified by security researchers, who said on Monday that once it is successfully installed in the victim’s device, those behind it can obtain a live stream of the device screen and also interact with it via its Accessibility Services. The malware, dubbed “Teabot” by security researchers with Cleafy, has been ...