“Double agent”: a MacOS bundleware installer that acts like a spy

Credit to Author: Sergei Shevchenko| Date: Tue, 17 Mar 2020 08:00:58 +0000

Security software frequently blocks “bundleware” installers &#8211; software distribution tools that bundle their advertised applications with (usually undesired) additional software &#8211; as potentially undesirable applications. But one widely-used software distribution tool for MacOS applications goes to great lengths to avoid being blocked as “bundleware” &#8211; using a number of anti-forensics techniques that are more common [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/n8Txqmat4RA” height=”1″ width=”1″ alt=””/>

Read more

Patch now! Microsoft releases fixes for the serious SMB bug CVE-2020-0796

Credit to Author: alexandrebecholey| Date: Thu, 12 Mar 2020 15:34:59 +0000

Microsoft issues its latest set of cumulative updates for Windows and other Microsoft products this week, but the March, 2020 Patch Tuesday is notable not only because of the sheer volume of fixes, but because it will prevent one very serious bug in its Server Message Block (SMB) technology (download the patch right now) that [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/d5Hn2Ie7ee4″ height=”1″ width=”1″ alt=””/>

Read more

How I learned to stop worrying and love ‘grey hat’ tools

Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000

A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there&#8217;s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>

Read more

‘Cloud Snooper’ Attack Bypasses Firewall Security Measures

Credit to Author: Sergei Shevchenko| Date: Tue, 25 Feb 2020 13:30:43 +0000

In the course of investigating a malware infection of cloud infrastructure servers hosted in the Amazon Web Services (AWS) cloud, SophosLabs discovered a sophisticated attack that employed a unique combination of techniques to evade detection and that permits the malware to communicate freely with its command and control (C2) servers through a firewall that should, [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/IHnT34CbOqM” height=”1″ width=”1″ alt=””/>

Read more

Nearly a quarter of malware now communicates using TLS

Credit to Author: Luca Nagy| Date: Tue, 18 Feb 2020 13:30:07 +0000

Encryption is one of the strongest weapons malware authors can leverage: They can use it to obfuscate their code, to prevent users (in the case of ransomware) from being able to access their files, and for securing their malicious network communication. As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/XXvUtjG7XVU” height=”1″ width=”1″ alt=””/>

Read more

February, 2020 Patch Tuesday brings a century of updates to Microsoft, Adobe products

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Feb 2020 20:50:22 +0000

For this second Patch Tuesday of 2020, Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. In addition, Adobe also published updates for its Flash Player, Acrobat, Framemaker, Experience Manager, and Digital Editions products in notifications timed to coincide with Microsoft&#8217;s [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zpsWY9HeJhU” height=”1″ width=”1″ alt=””/>

Read more

Living off another land: Ransomware borrows vulnerable driver to remove security software

Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2020 15:22:24 +0000

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack. The signed driver, part of a now-deprecated software package published by Taiwan-based motherboard manufacturer Gigabyte, [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/uepwaOU8_Ek” height=”1″ width=”1″ alt=””/>

Read more