drivers – PossibleThreat Articles

Security Sophos

Content updates and product architecture: Sophos Endpoint

August 15, 2024 0 Comments content updates, drivers, featured, Intercept X, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Thu, 15 Aug 2024 16:37:18 +0000

Sophos X-Ops takes a look at the content updates in Intercept X, and how we validate and release them

Security Sophos

Driving lessons: The kernel drivers in Sophos Intercept X Advanced

August 1, 2024 0 Comments cryptoguard, drivers, Intercept X Advanced, kernel, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Thu, 01 Aug 2024 09:42:02 +0000

Operating in kernel-space is necessary, but risky – here’s how we do it in Sophos Intercept X Advanced

Security Sophos

A tumultuous, titanic Patch Tuesday as Microsoft makes some changes

April 15, 2024 0 Comments bitlocker, cve-2024-26234, drivers, Patch Tuesday, secure boot, threat research

Credit to Author: Angela Gunn| Date: Wed, 10 Apr 2024 07:04:39 +0000

The largest CVE count in recent history rolls out

Security Sophos

It’ll be back: Attackers still abusing Terminator tool and variants

March 4, 2024 0 Comments aukill, blackbyte, byovd, drivers, featured, Ransomware, sophos x-ops, terminator, threat research, zam

Credit to Author: Matt Wixey| Date: Mon, 04 Mar 2024 11:00:08 +0000

First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions

Security Sophos

Multiple vulnerabilities discovered in widely used security driver

January 26, 2024 0 Comments cve-2023-6330, cve-2023-6331, cve-2023-6332, drivers, featured, panda software, threat research

Credit to Author: Angela Gunn| Date: Thu, 25 Jan 2024 19:00:52 +0000

A false-alarm incident involving Panda Security software leads to three very real CVEs

Security Sophos

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

July 11, 2023 0 Comments 2023-07, anti-edr, drivers, drivers.stl, EDR, featured, fivesys, fk_undead, fu rootkit, netfilter, Patch Tuesday, Patches, rootkit, sophos x-ops, threat research, uac, wfp, windows filtering platform, windows update

Credit to Author: Andrew Brandt| Date: Tue, 11 Jul 2023 17:20:38 +0000

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-Ops (and others) observed threat actors abusing during attacks. Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than […]

Security Sophos