SophosLabs Uncut – Computer Security Articles

Security Sophos

BlackCat ransomware attacks not merely a byproduct of bad luck

July 14, 2022 admin blackcat, Citrix, esxi, Featured, SophosLabs Uncut, threat research, VMware, VPN

Credit to Author: Andrew Brandt| Date: Thu, 14 Jul 2022 11:05:03 +0000

Older hardware and outdated operating systems contribute to attacks

Security Sophos

Rapid Response: The Ngrok Incident Guide

July 14, 2022 admin Incident Response, mtr•rapid response, ngrok, SophosLabs Uncut, threat research

Credit to Author: Angela Gunn| Date: Thu, 14 Jul 2022 08:01:51 +0000

Ngrok is a legitimate remote-access tool. It is regularly abused by attackers, who use its capabilities and reputation to maneuver while bypassing network protections. This incident guide shows Security Operations Centers (SOCs) and response teams how to detect and respond to the suspicious presence or use of ngrok on the network.

Security Sophos

July Patch Tuesday is Rich in Azure, Windows Issues

July 12, 2022 admin 2022-07, Patch Tuesday, SophosLabs Uncut, threat research

Credit to Author: Angela Gunn| Date: Wed, 13 Jul 2022 03:20:43 +0000

Windows-facing issues make up the bulk of the 85 CVEs addressed, with one vulnerability under active exploit in the wild

Security Sophos

Confluence exploits used to drop ransomware on vulnerable servers

June 16, 2022 admin atlassian, Cerber, confluence, CryptoGuard, cve-2022-26134, Featured, Intercept X, Powershell, ransomware, security operations, sophos managed threat response (mtr), SophosLabs Uncut, threat research, Tomcat, webshell

Credit to Author: Andrew Brandt| Date: Thu, 16 Jun 2022 11:00:03 +0000

Automated attacks are now widely exploiting the Atlassian vulnerability

Security Sophos

Sophos uncovers how APT groups carried out highly targeted attack

June 15, 2022 admin APT, ELF, products & services, SophosLabs Uncut, Targeted Attacks, threat research

Credit to Author: Andrew Brandt| Date: Wed, 15 Jun 2022 21:16:52 +0000

Two groups with common task targeted network security devices in two-stage attacks, dropping remote access tools.

Security Sophos

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

June 15, 2022 admin cobalt strike, cryptomining, cve-2017-11357, cve-2017-1137, cve-2019-18935, Powershell, security operations, SophosLabs Uncut, telerik, threat research, XMRig

Credit to Author: Matt Wixey| Date: Wed, 15 Jun 2022 11:00:05 +0000

Attacker targets bugs in a popular web application graphical interface development tool

Security Sophos

Lighter Patch Tuesday for June remains rich in LDAP vulns

June 14, 2022 admin 2022-06, Patch Tuesday, SophosLabs Uncut, threat research

Credit to Author: Angela Gunn| Date: Tue, 14 Jun 2022 18:24:12 +0000

The second-lightest set of updates so far in 2022 goes heavy on RCEs, brings along four Intel patches for company

Security Sophos

‘Follina’ Word doc taps previously unknown Microsoft Office vulnerability

June 8, 2022 admin cve-2022-30190, Featured, follina, Microsoft Office, ms-msdt, msdt, msdt.exe, SophosLabs Uncut, threat research, Vulnerability, Zero-Day

Credit to Author: Andrew Brandt| Date: Tue, 31 May 2022 00:41:42 +0000

MSDT.exe misuse in May makes for Memorial Day Monday mayhem

← Previous