Defenders assemble: Time to get in the game
Ransomware often feels like an insurmountable problem that will plague us forever, but recent data suggests we may be finally...
threat—research
Malware campaign attempts abuse of defender binaries
We are investigating a ransomware campaign that abuses legitimate Sophos executables and DLLs by modifying their original content, overwriting the...
‘Junk gun’ ransomware: Peashooters can still pack a punch
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation...
A tumultuous, titanic Patch Tuesday as Microsoft makes some changes
Several months of relative calm are over for Windows administrators, as Microsoft on Tuesday released 147 patches affecting ten product...
Smoke and (screen) mirrors: A strange signed backdoor
In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid...
It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024
The first Sophos Active Adversary Report of 2024 presents what the Sophos X-Ops Incident Response (IR) team has learned about...
Remote Desktop Protocol: The Series
Remote Desktop Protocol (RDP) was developed by Microsoft to allow users, administrators, and others to connect to remote computers over...
59 CVEs primed for Microsoft’s March Patch Tuesday
On Tuesday Microsoft released 59 CVEs, including 41 for Windows. A remarkable 20 other product groups or tools are also...
The 2024 Sophos Threat Report: Cybercrime on Main Street
Cybercrime affects people from all walks of life, but it hits small businesses the hardest. While cyberattacks on large companies...
It’ll be back: Attackers still abusing Terminator tool and variants
BYOVD (Bring Your Own Vulnerable Driver) is a class of attack in which threat actors drop known vulnerable drivers on...
ConnectWise ScreenConnect attacks deliver malware
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and...
LockBit: Lessons learned on winning the war on cybercrime
Late on February 19, 2024, the main website of LockBit, the most prolific ransomware group in recent memory, was seized...
February’s Patch Tuesday treats customers to 72 patches
After a light start to the year, February delivered 72 patches and 21 advisories to Microsoft customers. The CVEs addressed...
Cryptocurrency scams metastasize into new forms
In the spring of 2023, a recent retiree was drawn into what would become a horrifically expensive “relationship.” Lured through...
Multiple vulnerabilities discovered in widely used security driver
In July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access...
