Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-23SophosPankaj Kohli
Android APT spyware, targeting Middle East victims, enhances evasiveness
2021-11-18SophosLabs UncutSean Gallagher
New ransomware actor uses password protected archives to bypass encryption protection
2021-11-18SophosElida Leite, Ferenc László Nagy, Gabor Szappanos, Harinder Bhathal, Kyle Link, Nirav Parekh, Rahul Dugar, Ratul Ghosh, Robert Weiland, Sean Gallagher, Sergio Bestuilic, Vikas Singh
New ransomware actor uses password-protected archives to bypass encryption protection
2021-11-11SophosLabs UncutAndrew Brandt
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-10-24SophosSean Gallagher
Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
DanaBot Monero Miner
2021-10-05SophosAndrew Brandt, Andrew O’Donnell, Mauricio Valdivieso, Rajesh Nataraj
Python ransomware script targets ESXi server for encryption
2021-10-04SophosChaitanya Ghorpade, Kajal Katiyar, Krisztián Diriczi, Rahil Shah, Sean Gallagher, Vikas Singh
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike
2021-09-23SophosSean Gallagher
Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-09-21SophosAndrew Brandt, Chaitanya Ghorpade, Krisztián Diriczi, Shefali Gupta, Vikas Singh
Cring ransomware group exploits ancient ColdFusion server
Cobalt Strike Cring
2021-09-03SophosAnand Ajjan, Andrew Ludgate, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Zaidi
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-09-01SophosAnand Ajjan, Andrew Brandt, Sean Gallagher, Yusuf Polat
Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-27SophosMark Loman
LockFile ransomware’s box of tricks: intermittent encryption and evasion
LockFile
2021-08-23Sophos SecOpsGreg Iddon
ProxyShell vulnerabilities in Microsoft Exchange: What to do
LockFile
2021-08-12SophosAndrew Brandt, Gabor Szappanos
Gootloader’s “mothership” controls malicious content
GootLoader
2021-08-09SophosMark Loman
BlackMatter ransomware emerges from the shadow of DarkSide
BlackMatter BlackMatter
2021-08-06Sophos Naked SecurityPaul Ducklin
Conti ransomware affiliate goes rogue, leaks “gang data”
Conti
2021-08-03SophosSean Gallagher, Yusuf Arslan Polat
Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Raccoon
2021-07-22SophosAndrew Brandt, Sean Gallagher
Malware increasingly targets Discord for abuse
2021-07-09Twitter (@SophosLabs)SophosLabs
Tweet on speed at which Kaseya REvil attack was conducted
REvil
2021-07-05Twitter (@SophosLabs)SophosLabs
Tweet with a REvil ransomware execution demo
REvil