Credit to Author: gallagherseanm| Date: Wed, 21 Oct 2020 12:30:09 +0000
Using renamed copies of PowerShell and Windows’VBscript host and scripts based on PowerShell pen-testing tool, LockBit actors searched for systems with valuable data to hit at small organizations.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/rPN_OaRbtnE” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Eric Avena| Date: Thu, 11 Jun 2020 17:00:05 +0000
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
The post Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation appeared first on Microsoft Security.
Read more
Credit to Author: Sally Adam| Date: Mon, 11 May 2020 16:06:14 +0000
ColdLock ransomware is devastating organizations, but Intercept X can help to freeze it out.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gU60MQ7dhYQ” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000
A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there’s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000
With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…
Read more
Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000
SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise’s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000
We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.
The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security.
Read more
Credit to Author: Sophos Italia| Date: Thu, 02 May 2019 08:30:19 +0000
Intercept X Advanced con EDR ora è in grado di fermare tutte le esecuzioni di PowerShell in modo che possano essere controllate e analizzate<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/yVbV_8cXDmE” height=”1″ width=”1″ alt=””/>
Read more