Category: Threat Research
-
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar gallagherseanm Go to sophos
-
The Bite from Inside: The Sophos Active Adversary Report
The Bite from Inside: The Sophos Active Adversary Report A sea change in available data fuels fresh insights from the first half of 2024 Angela Gunn Go to sophos
-
December Patch Tuesday arrives bearing 71 gifts
December Patch Tuesday arrives bearing 71 gifts Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins Angela Gunn Go to sophos
-
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise Sophos X-Ops looks at the realism of this year’s MITRE ATT&CK Evaluations Michael Wood Go to sophos
-
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign The Internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization. gallagherseanm Go to sophos
-
VEEAM exploit seen used again with a new ransomware: “Frag”
VEEAM exploit seen used again with a new ransomware: “Frag” Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was used as part of a…
-
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to…