threat research – Page 15 – PossibleThreat Articles

Credit to Author: Matt Wixey| Date: Tue, 08 Nov 2022 18:05:18 +0000

Still no fix for ProxyNotShell, but two MOTW bypasses get squashed

Family Tree: DLL-Sideloading Cases May Be Related

November 4, 2022 0 Comments dll side-load, featured, sophos x-ops, threat research, x-ops

Credit to Author: Gabor Szappanos| Date: Thu, 03 Nov 2022 12:03:13 +0000

A threat actor’s repeated use of DLL-hijack execution flow makes for interesting attack results, including omnivorous file ingestion; we break down five cases and find commonalities

Security Sophos

Family Tree: Related DLL-Sideloading Cases Bear Strange Fruit

November 3, 2022 0 Comments dll side-load, featured, sophos x-ops, threat research, x-ops

Credit to Author: Gabor Szappanos| Date: Thu, 03 Nov 2022 12:03:13 +0000

A threat actor’s repeated use of DLL-hijack execution flow makes for interesting attack results, including omnivorous file ingestion; we break down five cases and find commonalities

Security Sophos

Sophos X-Ops finds Attackers Using Covert Channels in Backdoor Against Devices

October 19, 2022 0 Comments security operations, threat research

Credit to Author: gallagherseanm| Date: Wed, 19 Oct 2022 14:00:46 +0000

Newly discovered attack combines custom and commodity malware

Security Sophos

Are threat actors turning to archives and disk images as macro usage dwindles?

October 12, 2022 0 Comments archives, bumblebee, featured, macros, malspam, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Wed, 12 Oct 2022 11:00:28 +0000

Following Microsoft’s announcement that macros from the internet will be disabled by default, threat actors are using alternative file types for malware delivery. This shift brings both challenges and opportunities for organizations.

Security Sophos

You can’t always get what you want on Patch Tuesday

October 11, 2022 0 Comments Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Tue, 11 Oct 2022 17:47:47 +0000

No joy for Exchange admins looking to seal off two widely reported Server vulns

Security Sophos

Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse

October 4, 2022 0 Comments blackbyte, EDR, featured, Ransomware, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Tue, 04 Oct 2022 11:00:33 +0000

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

Security Sophos

Two Exchange Server vulns veer dangerously close to ProxyShell

October 3, 2022 0 Comments exchange server, featured, proxyshell, ssrf, threat research

Credit to Author: Angela Gunn| Date: Mon, 03 Oct 2022 22:03:02 +0000

A chained pair of vulnerabilities, plus PowerShell, affects the Microsoft messaging platform well in advance of Patch Tuesday; Sophos customers are protected

Security Sophos

A lighter Patch Tuesday, but one heavy with remote code execution bugs

September 13, 2022 0 Comments Microsoft, Patch Tuesday, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Tue, 13 Sep 2022 18:38:14 +0000

There are fewer bugs in September’s update than in previous months, with RCE vulns making up the bulk of the addressed CVEs

Security Sophos

Cookie stealing: the new perimeter bypass

August 18, 2022 0 Comments active adversary, cookie theft, featured, information stealers, infostealer malware, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 Aug 2022 11:00:50 +0000

As organizations move to cloud services and multifactor authentication, cookies tied to identity and authentication give attackers a new path to compromise.