Tag: incident response
-
Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks
In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/chinese-hackers-velociraptor-ir-tool-ransomware-attacks
-
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-use-velociraptor-dfir-tool-in-ransomware-attacks/
-
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-use-velociraptor-dfir-tool-in-ransomware-attacks/
-
Threat Actors Exploit DFIR Tool Velociraptor in Ransomware Attacks
Tags: access, attack, cisco, cyber, exploit, incident response, open-source, ransomware, software, threat, toolCisco Talos has confirmed that ransomware operators are now leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool, to gain stealthy, persistent access and deploy multiple ransomware variants against enterprise environments. This marks the first definitive linkage between Velociraptor and ransomware operations, underscoring a shift in how threat actors incorporate legitimate security software…
-
SonicWall Confirms Breach Exposing All Customer Firewall Configuration Backups
SonicWall, together with leading incident response firm Mandiant, has completed a thorough review of a recent cloud backup security incident. The investigation confirmed that an unknown party gained access to all firewall configuration backup files for customers using the MySonicWall cloud backup feature. These files contain encoded configuration settings and encrypted credentials. Although the credentials…
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
-
How to Create an Incident Response Plan (+ Free Template)
Learn how to create an incident response plan to help your business handle security incidents, prevent data breaches, and protect your organization. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/incident-response-how-to-prepare-for-attacks-and-breaches/
-
Stop Alert Chaos: Context Is the Key to Effective Incident Response
The Problem: Legacy SOCs and Endless Alert NoiseEvery SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the…
-
Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from popular triage tools, it creates a mini timeline that is ready for analysis in tools like Timeline Explorer or Excel, as…
-
Forensic-timeliner: A Windows Forensics Tool for DFIR Investigators
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from popular triage tools, it creates a mini timeline that is ready for analysis in tools like Timeline Explorer or Excel, as…
-
Shutdown Threat Puts Federal Cyber on Edge
Cybersecurity Programs, Workforce Face Disruption If Congress Fails to Act. A potential government shutdown threatens to gut federal cybersecurity operations, with key programs set to expire, agency cyber staff facing layoffs and no public contingency plans in place – leaving core defenses, threat sharing and incident response at risk. First seen on govinfosecurity.com Jump to…
-
Cyberbit Buys RangeForce to Bolster AI-Driven Cyber Training
Deal Strengthens Cyber Ranges By Uniting AI-Driven Content and Live-Fire Exercises. Cyberbit acquired RangeForce, uniting two leading cyber range platforms to accelerate AI-enabled simulation training for SOC and incident response teams. The combined entity aims to deliver a unified user interface, deeper content catalog and improved cyber readiness metrics for security leaders. First seen on…
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
Patch now: Attacker finds another zero day in Cisco firewall software
Tags: access, attack, best-practice, cisa, cisco, cve, cyber, defense, detection, exploit, firewall, firmware, Hardware, incident response, malware, monitoring, network, resilience, risk, router, software, technology, threat, tool, update, vpn, vulnerability, zero-day, zero-trustroot, which may lead to the complete compromise of the device.Affected are devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) software, Cisco Secure Firewall Threat Defense (FTD) software, as well as devices running Cisco IOS, IOS XE and IOS XR software. There are two attack scenarios:an unauthenticated, remote attacker getting into devices running Cisco…
-
Cisco Confirms Critical CVE-2025-20352 Zero-Day RCE Vulnerability Under Active Exploitation
Tags: attack, cisco, cve, exploit, flaw, incident response, rce, remote-code-execution, security-incident, software, vulnerability, zero-dayCisco has publicly disclosed a critical remote code execution (RCE) vulnerability, tracked as CVE-2025-20352, affecting its widely deployed Cisco IOS and IOS XE software platforms. According to Cisco’s Product Security Incident Response Team (PSIRT), the flaw is being actively exploited in the wild, with confirmed attacks leveraging compromised administrator credentials. First seen on thecyberexpress.com Jump…
-
CISA Reveals Hackers Breached U.S. Federal Agency via GeoServer RCE Flaw
Tags: access, breach, cisa, cyber, cybersecurity, detection, endpoint, exploit, flaw, hacker, incident response, Intruder, rce, remote-code-execution, vulnerabilityFederal cybersecurity agency CISA has disclosed that attackers exploited a remote code execution vulnerability in GeoServer to breach a U.S. federal civilian executive branch agency. The incident response began after endpoint detection alerts sounded at the agency. Over three weeks, cyber intruders used the flaw to gain initial access, move laterally, and establish persistence across…
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response
Secure your secrets with GitGuardian’s new one-click revocation. Instantly neutralize exposed secrets to close the attack window and automate your incident response. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/gitguardian-introduces-one-click-secret-revocation-to-accelerate-incident-response/