Security Operations

Practical insights for defenders from the Sophos X‑Ops detection and response specialists

Featured Articles

RSS

August 10, 2022

Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack

After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point.

Security Operations

August 09, 2022

Multiple attackers increase pressure on victims, complicate incident response

Security Operations Threat Research

July 20, 2022

OODA: X-Ops Takes On Burgeoning SQL Server Attacks

Security Operations Threat Research

July 20, 2022

Behind the Research: The Making of “OODA: X-Ops Takes on Burgeoning SQL Server Attacks”

Security Operations Threat Research

July 14, 2022

Rapid Response: The Ngrok Incident Guide

Security Operations

June 16, 2022

Confluence exploits used to drop ransomware on vulnerable servers

Security Operations SophosLabs Uncut Threat Research

June 15, 2022

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

Security Operations Threat Research

June 07, 2022

Move fast, unbreak things: About the Sophos Active Adversary Playbook 2022

Security Operations SophosLabs Uncut Threat Research

June 07, 2022

The Active Adversary Playbook 2022

Security Operations

April 12, 2022

Attackers linger on government agency computers before deploying Lockbit ransomware

Security Operations Threat Research

March 30, 2022

Second vulnerability in Spring Cloud casts shadow on popular Java framework

Security Operations

March 29, 2022

Reconstructing PowerShell scripts from multiple Windows event logs

Security Operations

Subscribe to get the latest updates in your inbox.

You’re now subscribed!