June 16, 2022 Confluence exploits used to drop ransomware on vulnerable servers Automated attacks are now widely exploiting the Atlassian vulnerability Security Operations SophosLabs Uncut Threat Research
May 30, 2022 ‘Follina’ Word doc taps previously unknown Microsoft Office vulnerability MSDT.exe misuse in May makes for Memorial Day Monday mayhem SophosLabs UncutThreat Research
May 17, 2022 Liquidity mining scams add another layer to cryptocurrency crime Organized rings use fake apps, malicious smart contracts, and lure of big returns to swindle victims out of their savings. SophosLabs UncutThreat Research
June 07, 2022 Move fast, unbreak things: About the Sophos Active Adversary Playbook 2022 Our latest report shows that the most pleasant way to learn from Rapid Response mayhem is to read about how it worked out for someone else Security OperationsSophosLabs UncutThreat Research
June 01, 2022 Analyzing CVE-2022-0778: When Square Root Results in a Denial of Service How could a humble SSL certificate entirely gridlock a system? Walk with us through the math Sophos SecOpsSophosLabs UncutThreat Research
May 04, 2022 Attacking Emotet’s Control Flow Flattening Sweeping aside one obfuscation technique in a notorious strain of malware SophosLabs Uncut
April 12, 2022 RPC Vulnerability Stands Out in a Field of 128 in April This month’s Patch Tuesday is more about quantity than severity, with one flashback-inducing exception SophosLabs UncutThreat Research
March 16, 2022 CryptoRom Bitcoin swindlers continue to target vulnerable iPhone and Android users Abuse of iOS TestFlight and WebClips—along with social engineering and lookalike web pages—lead to double- and triple-dipping by criminals into victims' pockets. SophosLabs UncutThreat Research
March 10, 2022 Qakbot injects itself into the middle of your conversations The heavily distributed botnet delivers a wide variety of payloads - and scans your network for weaknesses SophosLabs UncutThreat Research
March 08, 2022 Microsoft patches 71 vulnerabilities including RDP Client, Exchange Server, Intune Just two Critical-class vulnerabilities, but Windows Update doesn’t handle every package this month SophosLabs UncutThreat Research
February 28, 2022 Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted. SophosLabs UncutThreat Research
February 23, 2022 Dridex bots deliver Entropy ransomware in recent attacks Some code used in the ransomware bear a resemblance to code used in Dridex malware, hinting at a common origin SophosLabs UncutThreat Research