Sophos

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders

In H1 2023, compromised credentials accounted for 50% of root causes, whereas exploiting a bug came in at 23%. We can’t conclusively say that attackers are favoring compromised credentials over vulnerabilities, but it can’t be denied either.

Firefox Fixes a Flurry of Flaws in the First of Two Releases This Month

Mozilla has released a new version of Firefox, marking the first of two upgrades for the month. The patched flaws are tracked as CVE-2023-4045, CVE-2023-4047, CVE-2023-4048, CVE-2023-4050, CVE-2023-4051, CVE-2023-4057, and CVE-2023-4058.

Ghostscript Bug Could Allow Rogue Documents to Run System Commands

Ghostscript reads in PostScript program code, which describes how to construct the pages in a document, and converts it, or renders it, into a format more suitable for displaying or printing, such as raw pixel data or a PNG graphics file.

Deep dive into the Pikabot cyber threat

Pikabot operates as a backdoor, enabling remote access to compromised systems, and receives commands from a C2 server. It uses anti-analysis techniques and deploys an injector to run tests before injecting its core module into a specified process.

‘AuKill’ EDR killer malware abuses Process Explorer driver

The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system.

Cambodia-Based "Sour Grapes" Pig Butchering Scam Targets Southeast Asia

The teams running these scams include a young man or woman acting as the face of the scam, keyboarders who keep the victim engaged, and a team generating and repurposing media content with fabricated proof of their backstory.

Qakbot Mechanizes Distribution of Malicious OneNote Documents

Qakbot began using OneNote .one documents (also called “Notebooks” by Microsoft) in their attacks on January 31. On Tuesday, Sophos researchers observed two parallel spam campaigns.

BlackByte Ransomware Abuses Driver Vulnerability to Disable Security Products

Attackers use a sophisticated technique to bypass security products by abusing a known vulnerability in the legitimate vulnerable driver RTCore64.sys. The evasion technique supports disabling a whopping list of over 1,000 drivers.

Facebook 2FA phish arrives just 28 minutes after scam domain created

Apart from the incorrect URL, which is disguised by the fact that it starts with the text facebook.contact, so it might pass muster if you’re in a hurry, there aren’t any obvious spelling or grammatical errors in the phishing message.

Beware the Smish! Home delivery scams with a professional feel…

“Evri” is a recent UK-specific rebrand of the German company “Hermes”, so that UK customers may very well still be getting used to the new look and feel of the rebranded website, and to the new domain name. This could favor the scammers.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags