Nearly a quarter of malware now communicates using TLS

Credit to Author: Luca Nagy| Date: Tue, 18 Feb 2020 13:30:07 +0000

Encryption is one of the strongest weapons malware authors can leverage: They can use it to obfuscate their code, to prevent users (in the case of ransomware) from being able to access their files, and for securing their malicious network communication. As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/XXvUtjG7XVU” height=”1″ width=”1″ alt=””/>

Read more

February, 2020 Patch Tuesday brings a century of updates to Microsoft, Adobe products

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Feb 2020 20:50:22 +0000

For this second Patch Tuesday of 2020, Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. In addition, Adobe also published updates for its Flash Player, Acrobat, Framemaker, Experience Manager, and Digital Editions products in notifications timed to coincide with Microsoft&#8217;s [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zpsWY9HeJhU” height=”1″ width=”1″ alt=””/>

Read more

Living off another land: Ransomware borrows vulnerable driver to remove security software

Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2020 15:22:24 +0000

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack. The signed driver, part of a now-deprecated software package published by Taiwan-based motherboard manufacturer Gigabyte, [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/uepwaOU8_Ek” height=”1″ width=”1″ alt=””/>

Read more

January 2020 Patch Tuesday delivers fixes for 50 bugs

Credit to Author: SophosLabs Offensive Security| Date: Tue, 14 Jan 2020 18:15:18 +0000

This month’s big security news from Microsoft is the end of support for Windows 7, and a patch of a cryptographic library<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/wiyw9sHJyLE” height=”1″ width=”1″ alt=””/>

Read more

Fleeceware apps persist on the Play Store

Credit to Author: Jagadeesh Chandraiah| Date: Tue, 14 Jan 2020 13:30:10 +0000

Fleeceware remains a problem on Google Play, where Android users still run the risk of being charged hundreds of dollars or euros for “subscriptions” to apps<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/LoJDdyoq4vs” height=”1″ width=”1″ alt=””/>

Read more

Gozi V3: tracked by their own stealth

Credit to Author: sophoslabsbehavioural| Date: Tue, 24 Dec 2019 09:00:32 +0000

Gozi, also known as Ursnif or ISFB, is a banking trojan which has been around for a long time and currently multiple variations of the trojan are circulating after its source code got leaked. Every variant that is distributed has interesting aspects, with Gozi version 3 the most eye-catching in the field of detection evasion. [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/LaetYrage7Q” height=”1″ width=”1″ alt=””/>

Read more