Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days
September 9, 2020
There’s been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers. Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt ...
- Strategic investment to secure smart factories
September 9, 2020
Security is undergoing a digital transformation in the manufacturing industry. As the fusion of the cyber world and the physical world progresses, various security issues are mounting. Manufacturing executives must view security as a management issue, not as a system issue. Is cyber security a cost or an investment? Trend Micro has published an ebook that focuses ...
- September Patch Tuesday Updates Exchange, SharePoint
September 9, 2020
This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...
- City of Hartford postpones first day of school after ransomware attack
September 8, 2020
Officials from the city of Hartford, Connecticut, were forced to postpone the first day of the new school calendar year after a ransomware infection impacted the city’s IT network. According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school’s internal IT ...
- Netwalker ransomware hits Pakistan’s largest private power utility
September 8, 2020
K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan’s largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this ...
- Newcastle University students’ data held to ransom by cyber criminals
September 8, 2020
Newcastle University is being held to ransom by cyber criminals in an attack which has been disrupting IT systems since the beginning of the month. The cyber crime group behind the attack – known as DoppelPaymer – previously leaked documents online relating to Elon Musk’s companies SpaceX and Tesla. The criminals have posted stolen files from the ...