Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hezbollah’s cyber unit hacked into telecoms and ISPs
January 28, 2021
A Hezbollah-affiliated threat actor known as Lebanese Cedar has been linked to intrusions at telco operators and internet service providers in the US, the UK, Israel, Egypt, Saudi Arabia, Lebanon, Jordan, the Palestinian Authority, and the UAE. The year-long hacking campaign started in early 2020 and was discovered by Israeli cyber-security firm Clearsky. In a report published ...
- Pro-Ocean: Rocke Group’s New Cryptojacking Malware
January 28, 2021
In 2019, Unit 42 researchers documented cloud-targeted malware used by the Rocke Group to conduct cryptojacking attacks to mine for Monero. Since then, cybersecurity companies have had the malware on their radar, which hampered Rocke Group’s cryptojacking operation. In response, the threat actors updated the malware. Here, we uncover a revised version of the same cloud-targeted ...
- New cybercrime tool can build phishing pages in real-time
January 28, 2021
A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time to adapt to targeted victims. Named LogoKit, this phishing tool is already deployed in the wild, according to threat intelligence firm RiskIQ, which has been tracking its evolution. The company said it already identified LogoKit installs on ...
- Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
January 27, 2021
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 ...
- A look at Linux, Threats, Risks, and Recommendations
January 26, 2021
Linux, which started as a personal project 30 years ago, is presently one of the most powerful operating systems dominating cloud platforms and servers around the world today. In fact, Linux usage has now exceeded that of Windows on Azure, Microsoft’s own cloud platform. Linux is also undeniably ubiquitous. According to the Linux Foundation’s 2017 State ...
- DreamBus botnet targets enterprise apps running on Linux servers
January 25, 2021
Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet. The latest of these threats is named DreamBus. Analyzed in a report published last week by security firm Zscaler, the company said this new threat is ...