The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate Contact us today for more information about SOPHOS cyber security solutions
Continue Reading-
The scammers who scam scammers on cybercrime forums: Part 1
A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the first of a four-part series, we look at the […]
Continue Reading -
Detection Tools and Human Analysis Lead to a Security Non-Event
A look at how MDR turned a targeted attack into a non-event, in which no high-value credentials are compromised and several dozen employees are not tricked into letting a bad […]
Continue Reading -
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Sophos 2023 Threat Report: the continued evolution of “Crime-as-a-Service”
Maturing marketplaces, capabilities-for-hire continue to proliferate professional tools, techniques and practices across the threat spectrum. Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Microsoft patches 62 vulnerabilities, including Kerberos, and Mark of the Web, and Exchange…sort of
Still no fix for ProxyNotShell, but two MOTW bypasses get squashed Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Family Tree: DLL-Sideloading Cases May Be Related
A threat actor’s repeated use of DLL-hijack execution flow makes for interesting attack results, including omnivorous file ingestion; we break down five cases and find commonalities Contact us today for […]
Continue Reading -
Sophos X-Ops finds Attackers Using Covert Channels in Backdoor Against Devices
Newly discovered attack combines custom and commodity malware Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Are threat actors turning to archives and disk images as macro usage dwindles?
Following Microsoft’s announcement that macros from the internet will be disabled by default, threat actors are using alternative file types for malware delivery. This shift brings both challenges and opportunities […]
Continue Reading -
You can’t always get what you want on Patch Tuesday
No joy for Exchange admins looking to seal off two widely reported Server vulns Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability Contact us today for more information about SOPHOS cyber security […]
Continue Reading -
Two Exchange Server vulns veer dangerously close to ProxyShell
A chained pair of vulnerabilities, plus PowerShell, affects the Microsoft messaging platform well in advance of Patch Tuesday; Sophos customers are protected Contact us today for more information about SOPHOS […]
Continue Reading -
A lighter Patch Tuesday, but one heavy with remote code execution bugs
There are fewer bugs in September’s update than in previous months, with RCE vulns making up the bulk of the addressed CVEs Contact us today for more information about SOPHOS […]
Continue Reading -
Cookie stealing: the new perimeter bypass
As organizations move to cloud services and multifactor authentication, cookies tied to identity and authentication give attackers a new path to compromise. Contact us today for more information about SOPHOS […]
Continue Reading -
Microsoft squares away 121-CVE Patch Tuesday for August
Another tough month for Azure admins; meanwhile, Windows takes a long road to a Dogwalk Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Multiple attackers increase pressure on victims, complicate incident response
Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers Contact us today for more information about SOPHOS cyber security solutions
Continue Reading
You must be logged in to post a comment.