sophos x-ops – Page 6 – PossibleThreat Articles

Into the tank with Nitrogen

July 26, 2023 0 Comments featured, initial access, malvertising, nitrogen, sideloading, sophos x-ops, threat research

Credit to Author: Gabor Szappanos| Date: Wed, 26 Jul 2023 10:00:04 +0000

The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques

Security Sophos

Bad ad fad leads to IcedID, Gozi infections

July 20, 2023 0 Comments batloader, fakebat, featured, gozi, icedid, malvertising, mdr, security operations, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Thu, 20 Jul 2023 10:00:07 +0000

Malvertising campaigns using paid ads result in infostealer and backdoor attacks

Security Sophos

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

July 11, 2023 0 Comments 2023-07, anti-edr, drivers, drivers.stl, EDR, featured, fivesys, fk_undead, fu rootkit, netfilter, Patch Tuesday, Patches, rootkit, sophos x-ops, threat research, uac, wfp, windows filtering platform, windows update

Credit to Author: Andrew Brandt| Date: Tue, 11 Jul 2023 17:20:38 +0000

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-Ops (and others) observed threat actors abusing during attacks. Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than […]

Security Sophos

And I Shall Call It Mini-Me GPT: Using Large Language Models to Classify the Uncharted Web

June 22, 2023 0 Comments ai research, bert, featured, gpt-3, large language models, sophos x-ops, t5 large llm, web filtering, website categorization

Credit to Author: gallagherseanm| Date: Thu, 22 Jun 2023 11:30:10 +0000

Sophos AI team employs GPT and other large language models as teachers to train smaller models to label websites.

Security Sophos

The Phantom Menace: Brute Ratel remains rare and targeted

May 18, 2023 0 Comments brute ratel, cobalt strike, featured, havok, meterpreter, post-exploitation tools, sliver, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 May 2023 11:00:58 +0000

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

Security Sophos

“FleeceGPT” mobile apps target AI-curious to rake in cash

May 17, 2023 0 Comments #chatgpt, Android, featured, fleeceware, iOS, sophos x-ops, threat research

Credit to Author: Jagadeesh Chandraiah| Date: Wed, 17 May 2023 10:00:36 +0000

Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype

Security Sophos

A doubled “Dragon Breath” adds new air to DLL sideloading attacks

May 3, 2023 0 Comments dll sideloading, featured, sophos x-ops, threat research

Credit to Author: Gabor Szappanos| Date: Wed, 03 May 2023 10:00:12 +0000

Exploits of the venerable vulnerability gain in complexity

Security Sophos

Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders

April 25, 2023 0 Comments active adversary playbook, coinminer, conti, data breach, exfiltration, extortion, featured, Incident Response, loader, lockbit, Ransomware, sophos x-ops, threat research, web shells

Credit to Author: Angela Gunn| Date: Tue, 25 Apr 2023 10:00:03 +0000

A deep dive into over 150 incident-response cases reveals both attackers and defenders picking up the pace

Security Sophos

‘AuKill’ EDR killer malware abuses Process Explorer driver

April 19, 2023 0 Comments active adversary, active adversary playbook, anti-edr, aukill, backstab, EDR, edr killer, featured, malware, process explorer, procexp, sophos x-ops, targeted attacks, threat research

Credit to Author: Andrew Brandt| Date: Wed, 19 Apr 2023 10:00:43 +0000

Driver based attacks against security products are on the rise

Security Sophos

3CX Desktop Attack: Sophos Customer Information

March 30, 2023 0 Comments 3cx, products & services, sophos endpoint, sophos mdr, sophos x-ops, sophos xdr

Credit to Author: Editor| Date: Thu, 30 Mar 2023 08:44:21 +0000

Overview Sophos X-Ops is tracking an attack against the 3CX Desktop application, possibly undertaken by a nation-state-related group. The affected software is 3CX – a legitimate software-based PBX phone system available on Windows, Linux, Android, and iOS. The application has been abused by the threat actor to add an installer that communicates with various command-and-control […]