Sophos
TamperedChef serves bad ads, with infostealers as the main course
The TamperedChef campaign is a sophisticated malvertising operation leveraging Google Ads to distribute infostealer. This campaign targets users searching for PDF software, redirecting them to malicious sites.
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
Sophos MDR recently responded to a targeted attack involving a MSP. In this incident, a threat actor gained access to the MSP’s RMM tool, SimpleHelp, and then used it to deploy DragonForce ransomware across multiple endpoints.
Inside Shanya, a packer-as-a-service fueling modern attacks
Near the end of 2024, the Sophos research team found references on underground forums to a new offering, VX Crypt, credited to an entity called ‘Shanya’ (also the name of a river in western Russia).
Microsoft Patches 63 Vulnerabilities in November Patch Tuesday Including Critical RCE and Privilege Escalation Flaws
Microsoft’s November Patch Tuesday addresses 63 vulnerabilities across 13 product families, including:
Windows (38)
Office (12), 365 (11), Excel (7), Visual Studio (4)
Dynamics 365 (3), Azure (1), Configuration Manager (1)
and more.
Locking it down: A new technique to prevent LLM jailbreaks
A new technique called LLM salting has been introduced to counteract jailbreak attacks on LLMs such as LLaMA-2-7B and Vicuna-7B. These attacks exploit the reuse of precomputed adversarial prompts across similar model deployments.
GOLD SALEM’s Warlock operation joins busy ransomware landscape
GOLD SALEM, also known as the Warlock Group, is an emerging ransomware threat actor active since March. The group has targeted a wide range of organizations across North America, Europe, and South America, deploying its Warlock ransomware.
Velociraptor incident response tool abused for remote access
Threat actors have been observed abusing the legitimate Velociraptor digital forensics and incident response (DFIR) tool to establish remote access and execute further malicious payloads.
Shared secret: EDR killer in the kill chain
A new wave of sophisticated EDR killer tools, often packed with HeartCrypt, is being deployed by multiple ransomware groups to disable endpoint defenses and facilitate ransomware execution.
GOLD BLADE Remote DLL Sideloading Attack Deploys RedLoader
A new campaign by the GOLD BLADE threat group leverages remote DLL sideloading technique to deploy RedLoader malware. This attack chain combines malicious LNK files and WebDAV-based delivery mechanisms to evade detection and establish persistence.
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
A recent targeted ransomware attack leveraged vulnerabilities in SimpleHelp remote monitoring and management (RMM) software to compromise a Managed Service Provider (MSP) and its clients.
Defend Against Threats with Cyber Fusion
Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.
Learn More
Trending Tags
