SophosLabs Uncut – Page 4 – Computer Security Articles

How I learned to stop worrying and love ‘grey hat’ tools

February 25, 2020 admin cobalt strike, empire, evasion, hercules, hydra thc, kali, koadic, metasploit, nishang, Phantom, Powershell, shelter, SophosLabs Uncut, thefatrat, veilevasion

Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000

A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there’s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>

Security Sophos

‘Cloud Snooper’ Attack Bypasses Firewall Security Measures

February 25, 2020 admin SophosLabs Uncut

Credit to Author: Sergei Shevchenko| Date: Tue, 25 Feb 2020 13:30:43 +0000

In the course of investigating a malware infection of cloud infrastructure servers hosted in the Amazon Web Services (AWS) cloud, SophosLabs discovered a sophisticated attack that employed a unique combination of techniques to evade detection and that permits the malware to communicate freely with its command and control (C2) servers through a firewall that should, […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/IHnT34CbOqM” height=”1″ width=”1″ alt=””/>

Security Sophos

Nearly a quarter of malware now communicates using TLS

February 18, 2020 admin dridex, IcedID, malware, SophosLabs Uncut, SSL, ssl inspection, tls, trickbot

Credit to Author: Luca Nagy| Date: Tue, 18 Feb 2020 13:30:07 +0000

Encryption is one of the strongest weapons malware authors can leverage: They can use it to obfuscate their code, to prevent users (in the case of ransomware) from being able to access their files, and for securing their malicious network communication. As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/XXvUtjG7XVU” height=”1″ width=”1″ alt=””/>

Security Sophos

February, 2020 Patch Tuesday brings a century of updates to Microsoft, Adobe products

February 11, 2020 admin Acrobat, adobe, Flash, microsoft, Patch Tuesday, SophosLabs Uncut, windows

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Feb 2020 20:50:22 +0000

For this second Patch Tuesday of 2020, Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. In addition, Adobe also published updates for its Flash Player, Acrobat, Framemaker, Experience Manager, and Digital Editions products in notifications timed to coincide with Microsoft’s […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zpsWY9HeJhU” height=”1″ width=”1″ alt=””/>

Security Sophos

Living off another land: Ransomware borrows vulnerable driver to remove security software

February 6, 2020 admin SophosLabs, SophosLabs Uncut

Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2020 15:22:24 +0000

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack. The signed driver, part of a now-deprecated software package published by Taiwan-based motherboard manufacturer Gigabyte, […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/uepwaOU8_Ek” height=”1″ width=”1″ alt=””/>

Security Sophos

CVE-2020-0601 Q&A

January 22, 2020 admin chain of fools, Corporate, curveball, SophosLabs, SophosLabs Uncut

Credit to Author: Andrew Brandt| Date: Thu, 23 Jan 2020 00:22:26 +0000

The SophosLabs Offensive Security team answers your questions about the CVE-2020-0601 (aka Chain of Fools and Curveball) vulnerability.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/682tR8CBAA8″ height=”1″ width=”1″ alt=””/>

Security Sophos

January 2020 Patch Tuesday delivers fixes for 50 bugs

January 14, 2020 admin chromium, Edge, elevation of privilege, Exploits, microsoft, Patch Tuesday, RDP, SophosLabs Uncut, Updates, Vulnerability, windows

Credit to Author: SophosLabs Offensive Security| Date: Tue, 14 Jan 2020 18:15:18 +0000

This month’s big security news from Microsoft is the end of support for Windows 7, and a patch of a cryptographic library<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/wiyw9sHJyLE” height=”1″ width=”1″ alt=””/>

Security Sophos

Fleeceware apps persist on the Play Store

January 14, 2020 admin Android, fleeceware, free trial, go keyboard, SophosLabs Uncut, subscription scam

Credit to Author: Jagadeesh Chandraiah| Date: Tue, 14 Jan 2020 13:30:10 +0000

Fleeceware remains a problem on Google Play, where Android users still run the risk of being charged hundreds of dollars or euros for “subscriptions” to apps<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/LoJDdyoq4vs” height=”1″ width=”1″ alt=””/>