Sophos

PJobRAT Makes a Comeback, Takes Another Crack at Chat Apps

In the latest campaign, Sophos X-Ops researchers found PJobRAT samples disguising themselves as instant messaging apps. As per their telemetry, all the victims appeared to be based in Taiwan.

Scalable Vector Graphics Files Pose a Novel Phishing Threat

Attackers have been observed using the graphics file format scalable vector graphics (SVG) for this purpose. SVGs contain Extensible Markup Language (XML)-like text instructions to draw resizable, vector-based images on a computer.

Gootloader inside out

The operators of Gootloader continually refine their obfuscation techniques. Sophos X-Ops identified heavily obfuscated scripts, with key capabilities like string decryption and counter loops spread across multiple functions.

Frag Ransomware Exploits Veeam Vulnerability

Frag ransomware allows attackers to choose the percentage of each file to encrypt, potentially to avoid detection or delay file recovery. Files encrypted by Frag are renamed with a .frag extension.

Bengal Cat Lovers in Australia Lured in Google-driven GootLoader Campaign

This new attack campaign uses SEO poisoning to trick users looking for information on Bengal cat ownership laws into downloading malware disguised as relevant information.

PoorTry Windows Driver Deletes Crucial Files to Impairs Windows Computers

The PoorTry Windows driver, originally used to disable EDR solutions, has now evolved into an EDR wiper, deleting crucial files to make system restoration harder. Sophos has confirmed actual EDR wiping attacks in the wild.

Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome

A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.

Ransomware Attackers Introduce New EDR Killer to Disable Protection on Compromised Hosts

A cybercrime group linked to RansomHub ransomware has been seen using a new EDR-killing tool, named EDRKillShifter, to disable endpoint detection and response software on compromised hosts.

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders

In H1 2023, compromised credentials accounted for 50% of root causes, whereas exploiting a bug came in at 23%. We can’t conclusively say that attackers are favoring compromised credentials over vulnerabilities, but it can’t be denied either.

Firefox Fixes a Flurry of Flaws in the First of Two Releases This Month

Mozilla has released a new version of Firefox, marking the first of two upgrades for the month. The patched flaws are tracked as CVE-2023-4045, CVE-2023-4047, CVE-2023-4048, CVE-2023-4050, CVE-2023-4051, CVE-2023-4057, and CVE-2023-4058.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags