Posts tagged Incident Response

18 min Incident Response

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.

7 min Incident Response

Investigating a SharePoint Compromise: IR Tales from the Field

Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.

10 min Managed Detection and Response (MDR)

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.

8 min Incident Response

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Rapid7 observes ongoing social engineering campaign consistent with Black Basta

7 min Incident Response

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.

5 min SOAR

Grey Time: The Hidden Cost of Incident Response

The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming.

1 min Public Policy

Incident Reporting Regulations Summary and Chart

A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.

9 min Public Policy

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.

5 min Vulnerability Management

How to Strategically Scale Vendor Management and Supply Chain Security

Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.

3 min Detection and Response

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.

4 min Public Policy

New US Law to Require Cyber Incident Reports

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.

3 min Detection and Response

Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components

We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.

3 min Incident Response

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.

2 min Incident Response

Rapid7’s Response to Codecov Incident

Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks. With this in mind, we want to share an update concerning the security incident disclosed by Codecov and its potential impact on our company and customers, and how we managed the

5 min Managed Detection and Response (MDR)

MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support

Having the best threat detection methodologies, a streamlined and efficient process for validating threats, and a rock-solid reporting standard may still leave you open to unexpected costs.