Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
Sophos Threat Research
The Bite from Inside: The Sophos Active Adversary Report
A sea change in available data fuels fresh insights from the first half of 2024
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise
Sophos X-Ops looks at the realism of this year’s MITRE ATT&CK Evaluations
December Patch Tuesday arrives bearing 71 gifts
Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. The […]
November Patch Tuesday loads up everyone’s plate
Fourteen product families affected as 2024 passes an unfortunate milestone
VEEAM exploit seen used again with a new ransomware: “Frag”
Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was used as part of a threat activity cluster we named STAC 5881. Attacks leveraged compromised […]
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
The Internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization.
From QR to compromise: The growing “quishing” threat
Attackers leverage QR codes in PDF email attachments to spearphish corporate credentials from mobile devices
October Patch Tuesday harvest hauls in 117 CVEs
Bumper crop of Windows vulns leads the way; 15 product groups represented
Standing on the Windows platform, waiting for change
In the wake of a gathering of industry leaders at Microsoft to discuss the endpoint-security ecosystem, some thoughts
September Patch Tuesday addresses 79 CVEs
Seven critical-severity vulnerabilities addressed, including an extraordinary (but narrow) Windows Update flaw
Crimson Palace returns: New Tools, Tactics, and Targets
Chinese cyberespionage campaign renews efforts in multiple organizations in Southeast Asia, blending tactics and expanding efforts
Atomic macOS Stealer leads sensitive data theft on macOS
Sophos X-Ops explores the distribution and capabilities of the Atomic macOS Stealer (AMOS)
Attack tool update impairs Windows computers
An EDR killer Sophos X-Ops has tracked for three years continues to bedevil organizations targeted by ransomware gangs.
Qilin ransomware caught stealing credentials stored in Google Chrome
Familiar ransomware develops an appetite for passwords to third-party sites
Content updates and product architecture: Sophos Endpoint
Sophos X-Ops takes a look at the content updates in Intercept X, and how we validate and release them
August Patch Tuesday goes big
Monthly security release hauls out 85 CVEs… and that’s before the advisories
Ransomware attackers introduce new EDR killer to their arsenal
Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks
Don’t get Mad, get wise
The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for
The Sophos Blog