CryptoRom fake iOS cryptocurrency apps hit US, European victims for at least $1.4 million

October 24, 2021

Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor

A hacked NPM account was used to deliver Linux and Windows Monero miners and Windows credential-stealing malware along with a popular node.js library.

SophosLabs UncutThreat Research

October 12, 2021

Exchange Server, Windows Print Spooler get more patches in October’s Patch Tuesday

Threat Research

October 05, 2021

Python ransomware script targets ESXi server for encryption

Configuration errors rapidly escalated to a ransomware attack inside a virtual machine hypervisor

SophosLabs Uncut

September 21, 2021

Cring ransomware group exploits ancient ColdFusion server

The rarely-seen ransomware family leveraged commercial remote access tools to move laterally on the network

SophosLabs UncutThreat Research

September 14, 2021

Big Office bug squashed for September 2021’s Patch Tuesday

Install this month's update to get some relief from the CVE-2021-40444 Office vulnerability

SophosLabs UncutThreat Research

September 03, 2021

Conti affiliates use ProxyShell Exchange exploit in ransomware attacks

Security OperationsThreat Research

September 01, 2021

Fake pirated software sites serve up malware droppers as a service

Sites advertising "cracked" software packages lead into a network that serves up downloads full of malware instead.

SophosLabs UncutThreat Research

August 27, 2021

LockFile ransomware’s box of tricks: intermittent encryption and evasion

A new ransomware family leveraging the ProxyShell attack uses intermittent encryption of files in an attempt to defeat detection by anti-ransomware tools.

SophosLabs UncutThreat Research

August 25, 2021

How PetitPotam hijacks the Windows API, and what you can do about it

The PetitPotam attack method is rapidly gaining attention from security researchers and threat actors

SophosLabs UncutThreat Research