Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
33 résultats taggé sophos  ✕
It takes two: The 2025 Sophos Active Adversary Report https://news.sophos.com/en-us/2025/04/02/2025-sophos-active-adversary-report/?amp=1
02/04/2025 18:21:42
QRCode
archive.org
thumbnail

The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you

sophos EN 2025 Active Adversary Report 2024
Gootloader inside out https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/
20/01/2025 07:31:02
QRCode
archive.org
thumbnail

The Gootloader malware family uses a distinctive form of social engineering to infect computers: Its creators lure people to visit compromised, legitimate WordPress websites using hijacked Google search results, present the visitors to these sites with a simulated online message board, and link to the malware from a simulated “conversation” where a fake visitor asks a fake site admin the exact question that the victim was searching for an answer to.

sophos EN 2025 analysis Gootloader
Gootloader inside out – Sophos News https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/
17/01/2025 11:37:28
QRCode
archive.org
thumbnail

Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware – without needing a lawyer afterward

sophos EN 2025 Gootloader analysis SEO-driven
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces – Sophos News https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/
20/12/2024 09:18:33
QRCode
archive.org
thumbnail

A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar 

sophos EN 2024 research analysis phishing-as-a-service Rockstar FlowerStorm
VEEAM exploit seen used again with a new ransomware: “Frag https://news.sophos.com/en-us/2024/11/08/veeam-exploit-seen-used-again-with-a-new-ransomware-frag/
11/11/2024 22:39:33
QRCode
archive.org
thumbnail

Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently…

sophos EN 2024 VEEAM ransomware Frag CVE-2024-40711
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/
07/11/2024 16:39:31
QRCode
archive.org
thumbnail

The Internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization.

sophos EN 2024 Australia Bengal Google-driven Gootloader
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/
31/10/2024 16:27:18
QRCode
archive.org
thumbnail

Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices

sophos EN 2024 investigation China-based perimeter devices TTPs China APT
Qilin ransomware caught stealing credentials stored in Google Chrome https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/
23/08/2024 10:31:13
QRCode
archive.org
thumbnail

Familiar ransomware develops an appetite for passwords to third-party sites

sophos EN 2024 ransomware Qilin Chrome passwords
Ransomware attackers introduce new EDR killer to their arsenal https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/
16/08/2024 09:50:38
QRCode
archive.org
thumbnail

Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks

sophos EN 2024 Ransomware attackers EDRKillShifter RansomHub
Don’t get Mad, get wise https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/
13/08/2024 15:30:10
QRCode
archive.org
thumbnail

The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for

sophos EN 2024 MadLiberator ransomware group social-engineering
Operation Crimson Palace: A Technical Deep Dive – Sophos News https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-a-technical-deep-dive/
06/06/2024 20:40:09
QRCode
archive.org
thumbnail

Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) side-loading on one customer’s network. In a search for similar incidents in telemetry, MDR ultimately uncovered a complex, persistent cyberespionage campaign targeting a high-profile government organization in Southeast Asia. As described in the first part of this report, we identified at least three distinct clusters of intrusion activity present in the organization’s network from at least March 2023 through December 2023.

The three security threat activity clusters—which we designated as Alpha (STAC1248), Bravo (STAC1870), and Charlie (STAC1305) – are assessed with high confidence to operate on behalf of Chinese state interests. In this continuation of our report, we will provide deeper technical analysis of the three activity clusters, including the tactics, techniques, and procedures (TTPs) used in the campaign, aligned to activity clusters where possible. We also provide additional technical details on prior compromises within the same organization that appear to be connected to the campaign.

sophos EN 2024 TTPs VMware cyberespionage Alpha STAC1248 Bravo STAC1870 Charlie STAC1305
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find https://therecord.media/cheap-ransomware-for-sale-dark-web
20/04/2024 09:38:42
QRCode
archive.org
thumbnail

Cheap ransomware is being sold for one-time use on dark web forums, allowing inexperienced freelancers to get into cybercrime without any interaction with affiliates.

Researchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.

therecord EN 2024 Crude Sophos ransomware tools DarkWeb
It’ll be back: Attackers still abusing Terminator tool and variants https://news.sophos.com/en-us/2024/03/04/itll-be-back-attackers-still-abusing-terminator-tool-and-variants/?ref=news.risky.biz
06/03/2024 06:44:17
QRCode
archive.org
thumbnail

First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions

sophos EN Terminator EDR-killer Zemana driver
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit. https://www.securityweek.com/sophos-patches-eol-firewalls-against-exploited-vulnerability/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
18/12/2023 11:24:18
QRCode
archive.org

UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL).

The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall.

Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).

securityweek EN 2023 Sophos CVE-2022-3236 critical-severity EOL Firewall patch
Sophos backports RCE fix after attacks on unsupported firewalls https://www.bleepingcomputer.com/news/security/sophos-backports-rce-fix-after-attacks-on-unsupported-firewalls/
12/12/2023 18:58:12
QRCode
archive.org
thumbnail

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

bleepingcomputer En 2023 Actively-Exploited Firewall RCE Remote-Code-Execution Security-Update Sophos
Attacker combines phone, email lures into believable, complex attack chain https://news.sophos.com/en-us/2023/08/10/image-spam-attack/
13/09/2023 21:44:02
QRCode
archive.org
thumbnail

A social engineering phone call lends authenticity to the attacker’s malicious email

sophos EN 2023 switzerland phone email lures phishing
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News https://news.sophos.com/en-us/2023/08/23/active-adversary-for-tech-leaders/
25/08/2023 08:34:38
QRCode
archive.org
thumbnail
  • Compromised credentials are a gift that keeps on giving (your stuff away)
  • MFA is your mature, sensible friend
  • Dwell time is sinking faster than RMS Titanic
  • Criminals don’t take time off; neither can you*
  • Active Directory servers: The ultimate attacker tool
  • RDP: High time to decline the risk
  • Missing telemetry just makes things harder
sophos EN 2023 report adversary
Using WinRAR? Be sure to patch against these code execution bugs… – Naked Security https://nakedsecurity.sophos.com/2023/08/23/using-winrar-be-sure-to-patch-against-these-code-execution-bugs/
24/08/2023 08:36:22
QRCode
archive.org
thumbnail

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead…

nakedsecurity sophos WinRAR CVE-2023-40477
Into the tank with Nitrogen https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/
31/07/2023 15:09:05
QRCode
archive.org
thumbnail

The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques

sophos analysis EN 2023 Nitrogen Malvertising initial-access
Microsoft Revokes Malicious Drivers in Patch Tuesday Culling https://news.sophos.com/en-us/2023/07/11/microsoft-revokes-malicious-drivers-in-patch-tuesday-culling/
12/07/2023 09:33:30
QRCode
archive.org
thumbnail

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-…

sophos EN 2023 malicious drivers Microsoft-signed
page 1 / 2
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio