all InfoSec news
Rorschach ransomware deployed by misusing a security tool
Help Net Security www.helpnetsecurity.com
An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks’ Cortex XDR, whose Dump Service Tool the attackers appropriated and are now misusing to side-load the DLL that decrypts and injects the (newly labeled) Rorschach ransomware. Rorschach’s execution flow (Source: Check Point) The peculiarities of Rorschach … More
The post …
alto attackers check check point commercial cortex cortex xdr dll don't miss flow hot stuff malware analysis networks palo palo alto palo alto networks point product question ransomware researchers rorschach rorschach ransomware security security product service solution tool xdr