Phishing, BEC attackers target candidates in local election, among others
Credit to Author: Andrew Brandt| Date: Thu, 13 Jun 2024 10:02:56 +0000
An escalating series of email-borne attacks were sent to candidates, including the author
Read moresophos x-ops
RD Web Access abuse: Fighting back
Credit to Author: Angela Gunn| Date: Wed, 12 Jun 2024 18:59:54 +0000
Investigation insights and recommendations from a recent welter of incident-response cases
Read moreJune Patch Tuesday squares up with 49 patches
Credit to Author: Angela Gunn| Date: Wed, 12 Jun 2024 01:21:01 +0000
Just one critical-severity issue addressed, but don’t sleep on an industry-wide DNS issue
Read more‘Junk gun’ ransomware: Peashooters can still pack a punch
Credit to Author: Matt Wixey| Date: Wed, 17 Apr 2024 10:00:08 +0000
A Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development and the wider threat landscape
Read moreSmoke and (screen) mirrors: A strange signed backdoor
Credit to Author: Matt Wixey| Date: Tue, 09 Apr 2024 19:08:05 +0000
Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely
Read moreRemote Desktop Protocol: The Series
Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:18:21 +0000
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report
Read moreRemote Desktop Protocol: Exposed RDP (is dangerous)
Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:16:34 +0000
Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data answers, loud and clear
Read moreRemote Desktop Protocol: Queries for Investigation
Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:15:12 +0000
How can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’ toolkits
Read moreRemote Desktop Protocol: How to Use Time Zone Bias
Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:13:08 +0000
Where in the world is your attacker? Presenting a less-known but useful event to look for in your logs
Read moreRemote Desktop Protocol: Executing the 4624_4625 Login Query
Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:11:40 +0000
Keeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay off on multiple fronts
Read more