Operating in kernel-space is necessary, but risky – here’s how we do it in Sophos Intercept X Advanced Contact us today for more information about SOPHOS cyber security solutions
Continue Reading-
July Patch Tuesday Unleashes a Torrent of Updates
Microsoft fixes 138 bugs in Windows and other products this month Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Phishing, BEC attackers target candidates in local election, among others
An escalating series of email-borne attacks were sent to candidates, including the author Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
RD Web Access abuse: Fighting back
Investigation insights and recommendations from a recent welter of incident-response cases Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
June Patch Tuesday squares up with 49 patches
Just one critical-severity issue addressed, but don’t sleep on an industry-wide DNS issue Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
‘Junk gun’ ransomware: Peashooters can still pack a punch
A Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development […]
Continue Reading -
Smoke and (screen) mirrors: A strange signed backdoor
Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary […]
Continue Reading -
Remote Desktop Protocol: Exposed RDP (is dangerous)
Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data […]
Continue Reading -
Remote Desktop Protocol: How to Use Time Zone Bias
Where in the world is your attacker? Presenting a less-known but useful event to look for in your logs Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Remote Desktop Protocol: Queries for Investigation
How can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’ toolkits Contact us today for more information about SOPHOS cyber […]
Continue Reading -
Remote Desktop Protocol: Executing the 4624_4625 Login Query
Keeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay off on multiple fronts Contact us today for more information […]
Continue Reading -
Remote Desktop Protocol: Executing the External RDP Query
On the hunt for successful RDP connections that have entered your network from outside? A step-by-step guide (and a query to get you started) Contact us today for more information […]
Continue Reading -
The 2024 Sophos Threat Report: Cybercrime on Main Street
Ransomware remains the biggest existential cyber threat to small businesses, but others are growing. Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
It’ll be back: Attackers still abusing Terminator tool and variants
First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions […]
Continue Reading -
ConnectWise ScreenConnect attacks deliver malware
Multiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments Contact us today for more information about SOPHOS cyber security […]
Continue Reading
You must be logged in to post a comment.