Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- British cyber gang ‘stole large amounts from US sports and music stars after accessing their phones’
February 10, 2021
Eight Britons have been arrested for hacking into the phones of US celebrities to steal money and personal information – even posing as them online. Britain’s National Crime Agency (NCA) said sports stars, musicians and their families had been targeted by the scam in which criminals gain access to their victim’s phones or accounts. This allowed them ...
- BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
February 9, 2021
Highly malleable, highly sophisticated and over 10,000 bytes of machine code. This is what Unit 42 researchers were met with during code analysis of this “bear” of a file. The code behavior and features strongly correlate with that of the WaterBear malware family, which has been active since as early as 2009. Analysis by Trend ...
- Android Devices Hunted by LodaRAT Windows Malware
February 9, 2021
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both versions were seen in a recent campaign targeting Bangladesh, ...
- Web hosting provider shuts down after cyberattack
February 9, 2021
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation. According to a message posted on its official site , the company said it was breached on Monday, February 8. The hacker appears to have “compromised” the company’s entire ...
- Actively Exploited Windows Kernel EoP Bug Allows Takeover
February 9, 2021
Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the computing giant has released patches for 56 CVEs covering Microsoft Windows components, the .NET ...
- Florida: Hacker Changed Chemical Levels at Oldsmar’s Water Treatment Plant
February 8, 2021
Pinellas County Sheriff Bob Gualtieri said at a news conference Monday there were two intrusions, hours apart. The first one happened at 8 a.m., when a plant operator noticed someone remotely accessing the system he was monitoring, which controls chemicals and other plant operations. But he didn’t think much of it, according to the sheriff, because ...