sophos x-ops – Page 8 – PossibleThreat Articles

Are threat actors turning to archives and disk images as macro usage dwindles?

October 12, 2022 0 Comments archives, bumblebee, featured, macros, malspam, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Wed, 12 Oct 2022 11:00:28 +0000

Following Microsoft’s announcement that macros from the internet will be disabled by default, threat actors are using alternative file types for malware delivery. This shift brings both challenges and opportunities for organizations.

Security Sophos

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

October 4, 2022 0 Comments blackbyte, EDR, featured, Ransomware, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Tue, 04 Oct 2022 11:00:33 +0000

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

Security Sophos

Six months on: Looking back at the role of cyberattacks in the Ukraine War

September 14, 2022 0 Comments featured, geopolitics, russia, security operations, sophos x-ops, ukraine

Credit to Author: Chester Wisniewski| Date: Wed, 14 Sep 2022 13:00:39 +0000

When Russia invaded Ukraine on February 24th 2022, none of us knew what role cyberattacks might play in a full-scale invasion. Russia had been conducting cyberattacks against Ukraine since it had occupied Crimea back in 2014 and it seemed inevitable that these tools would play a role, especially after the attacks on Ukraine’s power grid […]

Security Sophos

A lighter Patch Tuesday, but one heavy with remote code execution bugs

September 13, 2022 0 Comments Microsoft, Patch Tuesday, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Tue, 13 Sep 2022 18:38:14 +0000

There are fewer bugs in September’s update than in previous months, with RCE vulns making up the bulk of the addressed CVEs

Security Sophos

Cookie stealing: the new perimeter bypass

August 18, 2022 0 Comments active adversary, cookie theft, featured, information stealers, infostealer malware, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 Aug 2022 11:00:50 +0000

As organizations move to cloud services and multifactor authentication, cookies tied to identity and authentication give attackers a new path to compromise.

Security Sophos

Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack

August 10, 2022 0 Comments active adversary playbook, blackcat, featured, hive, lockbit, Ransomware, security operations, sophos x-ops

Credit to Author: Matt Wixey| Date: Wed, 10 Aug 2022 11:00:50 +0000

After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point.

Security Sophos

Multiple attackers increase pressure on victims, complicate incident response

August 9, 2022 0 Comments active adversary playbook, blackcat, conti, cryptominers, featured, hive, iabs, karakurt, lockbit, Ransomware, security operations, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Tue, 09 Aug 2022 11:00:04 +0000

Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers

Security Sophos

SophosAI presentations at Black Hat, BSides LV and DEF CON AI Village

August 8, 2022 0 Comments ai research, blackhat, bsideslv, DEF CON, sophos x-ops

Credit to Author: gallagherseanm| Date: Mon, 08 Aug 2022 11:30:11 +0000

Six presentations in Las Vegas this week cover multiple cybersecurity applications of machine learning

Security Sophos

Genesis Brings Polish to Stolen-Credential Marketplaces

August 4, 2022 0 Comments cybercriminals, genesis, iabs, Ransomware, sophos x-ops, threat research

Credit to Author: Yusuf Polat| Date: Thu, 04 Aug 2022 11:00:02 +0000

Four years on, Genesis Marketplace remains the go-to underground market for easy access to other people’s data

Security Sophos

Behind the Research: The Making of “OODA: X-Ops Takes on Burgeoning SQL Server Attacks”

July 20, 2022 0 Comments behind the research, security operations, sophos x-ops, threat research

Credit to Author: Christopher Budd| Date: Wed, 20 Jul 2022 11:00:25 +0000

Today, we released new Sophos research into a series of Microsoft SQL Server attacks. We also released a new piece outlining our vision of how security operations can and will be enhanced and improved by machine learning and artificial intelligence: “Building the AI-Driven SOC: Sophos’ 5-Year Perspective.” Finally, today we announced the launch of Sophos […]