SophosLabs Uncut – Computer Security Articles

Conti ransomware: Evasive by nature

February 16, 2021 admin cobalt strike, conti, ransomware, Shellcode, SMB, SophosLabs Uncut

Credit to Author: Andrew Brandt| Date: Tue, 16 Feb 2021 13:30:54 +0000

The attackers spreading Conti have switched gears to a completely fileless attack method<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ky1nSp-M-0k” height=”1″ width=”1″ alt=””/>

Security Sophos

Frag out: four remote attack bugs fixed in Microsoft’s February Patch Tuesday

February 9, 2021 admin 2021-02, cve-2021-1732, cve-2021-24074, cve-2021-24078, cve-2021-24086, cve-2021-24094, Patch Tuesday, SophosLabs Uncut, tcpip.sys

Credit to Author: SophosLabs Offensive Security| Date: Tue, 09 Feb 2021 18:00:44 +0000

Three TCP/IP bugs and a flaw in Microsoft’s DNS server could be leveraged to crash systems or remotely execute code.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/30dpZid3RTM” height=”1″ width=”1″ alt=””/>

Security Sophos

Agent Tesla amps up information stealing attacks

February 2, 2021 admin Agent Tesla, amsi, SophosLabs Uncut, telegram, Tor

Credit to Author: gallagherseanm| Date: Tue, 02 Feb 2021 13:30:13 +0000

Recent updates to this common RAT add new communications methods and subvert the operating system’s own defenses<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/Llm28oSVnOs” height=”1″ width=”1″ alt=””/>

Security Sophos

MrbMiner: Cryptojacking to bypass international sanctions

January 21, 2021 admin Cryptojacking, cryptominer, mrbminer, SophosLabs Uncut, XMRig

Credit to Author: Gabor Szappanos| Date: Thu, 21 Jan 2021 13:30:23 +0000

Iran-based “garage startup” cryptojacking operation targets SQL servers<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/8Ecad2ph2gg” height=”1″ width=”1″ alt=””/>

Security Sophos

First Patch Tuesday of 2021 brings fix to Windows Defender bug already being exploited

January 12, 2021 admin cve-2021-1647, cve-2021-1709, microsoft windows defender, Patch Tuesday, SophosLabs Uncut

Credit to Author: gallagherseanm| Date: Tue, 12 Jan 2021 18:00:09 +0000

Remote code execution vulnerability in Windows’ built-in malware protection allows an attacker to execute code when a crafted file is scanned—one of seven critical bugs addressed in Microsoft’s January fix release.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gkqUXXvRz9I” height=”1″ width=”1″ alt=””/>

Security Sophos

New Android spyware targets users in Pakistan

January 12, 2021 admin Android malware, Fake App, pakistan, pakistan citizen portal, pmdu, prime minister's delivery unit, SophosLabs Uncut, spyware

Credit to Author: Pankaj Kohli| Date: Tue, 12 Jan 2021 14:00:07 +0000

The apps seem focused on stealing sensitive data from the phones of Pakistani residents<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/9UQSxDRP-Cc” height=”1″ width=”1″ alt=””/>

Security Sophos

How SunBurst malware does defense evasion

December 21, 2020 admin defense evasion, solarwinds, SophosLabs Uncut, sunburst

Credit to Author: sophoslabsbehavioural| Date: Mon, 21 Dec 2020 17:00:45 +0000

In an effort that has been attributed by many to actors working for or on behalf of a national government, an unknown adversary compromised the software supply chain of the enterprise IT management firm SolarWinds in order to distribute malicious code. The success of that attack, dubbed Sunburst, gave the actors wide-ranging access to corporate […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/uszGQKkVDzo” height=”1″ width=”1″ alt=””/>

Security Sophos

Fishy French COVID contact tracing app is a data thief pest

December 18, 2020 admin Android, anticovid, Cerberus, contact tracing, France, malware, Mobile, Rat, SophosLabs Uncut, tousanticovid

Credit to Author: Andrew Brandt| Date: Fri, 18 Dec 2020 13:30:08 +0000

An unknown threat actor attempts to scam people with a credential-stealing malware app<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/3m3DKACTFW4″ height=”1″ width=”1″ alt=””/>

← Previous