“Double agent”: a MacOS bundleware installer that acts like a spy

Credit to Author: Sergei Shevchenko| Date: Tue, 17 Mar 2020 08:00:58 +0000

Security software frequently blocks “bundleware” installers &#8211; software distribution tools that bundle their advertised applications with (usually undesired) additional software &#8211; as potentially undesirable applications. But one widely-used software distribution tool for MacOS applications goes to great lengths to avoid being blocked as “bundleware” &#8211; using a number of anti-forensics techniques that are more common [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/n8Txqmat4RA” height=”1″ width=”1″ alt=””/>

Read more

Harden your public cloud environment against APT-style attacks

Credit to Author: Editor| Date: Tue, 25 Feb 2020 13:36:43 +0000

A new APT-style attack combines a bypassing technique with a multi-platform payload to target both Windows and Linux cloud workloads. Stop the attack with technical advice from Sophos.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/q61MwUx5OsI” height=”1″ width=”1″ alt=””/>

Read more

Living off another land: Ransomware borrows vulnerable driver to remove security software

Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2020 15:22:24 +0000

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack. The signed driver, part of a now-deprecated software package published by Taiwan-based motherboard manufacturer Gigabyte, [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/uepwaOU8_Ek” height=”1″ width=”1″ alt=””/>

Read more

Ausblick auf die Cybersicherheit im Jahr 2020 – es kommt zu Turbulenzen

Credit to Author: Jörg Schindler| Date: Wed, 18 Dec 2019 11:01:15 +0000

Die Bedrohungslandschaft hat sich im abgelaufenen Jahr mehrfach stark verändert. Anlass genug also, immer wieder neu in die Zukunft zu blicken, um das Verständnis dieser Trends zu schärfen und um sich als Unternehmen in der Cybersicherheit gut aufzustellen. Fünf Experten von Sophos haben einen genauen Blick auf die wichtigsten Security-Faktoren geworfen, die sich 2020 maßgeblich [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/9IQwSaFgKHY” height=”1″ width=”1″ alt=””/>

Read more

Applying Threat Intelligence to Iranian Cyberattack Risk

Credit to Author: J.J. Thompson| Date: Wed, 15 Jan 2020 13:01:37 +0000

As geopolitical interest increases, discussions of threat intelligence increase which increases pressure on security operations teams to provide answers to customers and to senior leadership.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/pQqkg_WT2eU” height=”1″ width=”1″ alt=””/>

Read more

Compiling Open Source Threat Intelligence for Threat Hunts

Credit to Author: Mat Gangwer| Date: Wed, 15 Jan 2020 10:02:05 +0000

In addition to normal tradecraft adaptations, any time a change in the geopolitical landscape takes place, cyberattack campaigns and adversary behaviors typically shift as well. The recent events with Iran and the United States offer a relevant use case for organizations and have highlighted the benefit of having a threat intelligence driven hunting process. The [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/SIgRbmduM5E” height=”1″ width=”1″ alt=””/>

Read more