The operators of Gootloader continually refine their obfuscation techniques. Sophos X-Ops identified heavily obfuscated scripts, with key capabilities like string decryption and counter loops spread across multiple functions.

Frag ransomware allows attackers to choose the percentage of each file to encrypt, potentially to avoid detection or delay file recovery. Files encrypted by Frag are renamed with a .frag extension.

This new attack campaign uses SEO poisoning to trick users looking for information on Bengal cat ownership laws into downloading malware disguised as relevant information.

The PoorTry Windows driver, originally used to disable EDR solutions, has now evolved into an EDR wiper, deleting crucial files to make system restoration harder. Sophos has confirmed actual EDR wiping attacks in the wild.

A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.

A cybercrime group linked to RansomHub ransomware has been seen using a new EDR-killing tool, named EDRKillShifter, to disable endpoint detection and response software on compromised hosts.

In H1 2023, compromised credentials accounted for 50% of root causes, whereas exploiting a bug came in at 23%. We can’t conclusively say that attackers are favoring compromised credentials over vulnerabilities, but it can’t be denied either.

Mozilla has released a new version of Firefox, marking the first of two upgrades for the month. The patched flaws are tracked as CVE-2023-4045, CVE-2023-4047, CVE-2023-4048, CVE-2023-4050, CVE-2023-4051, CVE-2023-4057, and CVE-2023-4058.

Ghostscript reads in PostScript program code, which describes how to construct the pages in a document, and converts it, or renders it, into a format more suitable for displaying or printing, such as raw pixel data or a PNG graphics file.

Pikabot operates as a backdoor, enabling remote access to compromised systems, and receives commands from a C2 server. It uses anti-analysis techniques and deploys an injector to run tests before injecting its core module into a specified process.