Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-02Youtube (OALabs)Sergei Frankoff, Sean Wilson
@online{frankoff:20220302:botleggers:1cb3ac9, author = {Sergei Frankoff and Sean Wilson}, title = {{Botleggers Exposed - Analysis of The Conti Leaks Malware}}, date = {2022-03-02}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=uORuVVQzZ0A}, language = {English}, urldate = {2022-03-07} } Botleggers Exposed - Analysis of The Conti Leaks Malware
Conti
2022-02-28SophosSean Gallagher
@online{gallagher:20220228:conti:bcf09a0, author = {Sean Gallagher}, title = {{Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits}}, date = {2022-02-28}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728}, language = {English}, urldate = {2022-03-02} } Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2022-02-02CNNSean Lyngaas
@online{lyngaas:20220202:us:7122665, author = {Sean Lyngaas}, title = {{US officials prepare for potential Russian cyberattacks as Ukraine standoff continues}}, date = {2022-02-02}, organization = {CNN}, url = {https://edition.cnn.com/2022/02/02/politics/fbi-ukraine-cyber-russia/index.html}, language = {English}, urldate = {2022-02-02} } US officials prepare for potential Russian cyberattacks as Ukraine standoff continues
2022-02-01SophosGabor Szappanos, Sean Gallagher
@online{szappanos:20220201:solarmarker:597b088, author = {Gabor Szappanos and Sean Gallagher}, title = {{SolarMarker campaign used novel registry changes to establish persistence}}, date = {2022-02-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/}, language = {English}, urldate = {2022-02-02} } SolarMarker campaign used novel registry changes to establish persistence
solarmarker
2021-12-20SophosSean Gallagher
@online{gallagher:20211220:logjam:682b229, author = {Sean Gallagher}, title = {{Logjam: Log4j exploit attempts continue in globally distributed scans, attacks}}, date = {2021-12-20}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/20/logjam-log4j-exploit-attempts-continue-in-globally-distributed-scans-attacks/}, language = {English}, urldate = {2021-12-31} } Logjam: Log4j exploit attempts continue in globally distributed scans, attacks
2021-12-17SophosSean Gallagher, Hardik Shah
@online{gallagher:20211217:inside:0da2770, author = {Sean Gallagher and Hardik Shah}, title = {{Inside the code: How the Log4Shell exploit works}}, date = {2021-12-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/17/inside-the-code-how-the-log4shell-exploit-works/}, language = {English}, urldate = {2021-12-31} } Inside the code: How the Log4Shell exploit works
2021-12-12SophosSean Gallagher
@online{gallagher:20211212:log4shell:0609a1c, author = {Sean Gallagher}, title = {{Log4Shell Hell: anatomy of an exploit outbreak}}, date = {2021-12-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/}, language = {English}, urldate = {2021-12-31} } Log4Shell Hell: anatomy of an exploit outbreak
2021-11-18SophosLabs UncutSean Gallagher
@online{gallagher:20211118:new:7fc4407, author = {Sean Gallagher}, title = {{New ransomware actor uses password protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/}, language = {English}, urldate = {2022-03-22} } New ransomware actor uses password protected archives to bypass encryption protection
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-10-24SophosSean Gallagher
@online{gallagher:20211024:node:3619389, author = {Sean Gallagher}, title = {{Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor}}, date = {2021-10-24}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/24/node-poisoning-hijacked-package-delivers-coin-miner-and-credential-stealing-backdoor}, language = {English}, urldate = {2021-11-02} } Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
DanaBot Monero Miner
2021-10-04SophosSean Gallagher, Vikas Singh, Krisztián Diriczi, Kajal Katiyar, Chaitanya Ghorpade, Rahil Shah
@online{gallagher:20211004:atom:782b979, author = {Sean Gallagher and Vikas Singh and Krisztián Diriczi and Kajal Katiyar and Chaitanya Ghorpade and Rahil Shah}, title = {{Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack}}, date = {2021-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/}, language = {English}, urldate = {2021-10-11} } Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike
2021-09-23SophosSean Gallagher
@online{gallagher:20210923:phishing:0753a1d, author = {Sean Gallagher}, title = {{Phishing and malware actors abuse Google Forms for credentials, data exfiltration}}, date = {2021-09-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/}, language = {English}, urldate = {2021-09-28} } Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-09-03SophosSean Gallagher, Peter Mackenzie, Anand Ajjan, Andrew Ludgate, Gabor Szappanos, Sergio Bestulic, Syed Zaidi
@online{gallagher:20210903:conti:db20680, author = {Sean Gallagher and Peter Mackenzie and Anand Ajjan and Andrew Ludgate and Gabor Szappanos and Sergio Bestulic and Syed Zaidi}, title = {{Conti affiliates use ProxyShell Exchange exploit in ransomware attacks}}, date = {2021-09-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/}, language = {English}, urldate = {2021-09-06} } Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-09-02AnomaliGage Mele, Tara Gould, Rory Gould, Sean Townsend
@online{mele:20210902:cybercrime:335c7cb, author = {Gage Mele and Tara Gould and Rory Gould and Sean Townsend}, title = {{Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor}}, date = {2021-09-02}, organization = {Anomali}, url = {https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor}, language = {English}, urldate = {2021-09-09} } Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
2021-09-01SophosSean Gallagher, Yusuf Polat, Anand Ajjan, Andrew Brandt
@online{gallagher:20210901:fake:07752c0, author = {Sean Gallagher and Yusuf Polat and Anand Ajjan and Andrew Brandt}, title = {{Fake pirated software sites serve up malware droppers as a service}}, date = {2021-09-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/}, language = {English}, urldate = {2021-09-09} } Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-17NetcraftSean Gebbett
@online{gebbett:20210817:resurgent:177637f, author = {Sean Gebbett}, title = {{Resurgent FluBot malware targets German and Polish banks}}, date = {2021-08-17}, organization = {Netcraft}, url = {https://news.netcraft.com/archives/2021/08/17/resurgent-flubot-malware-targets-german-and-polish-banks.html}, language = {English}, urldate = {2021-08-20} } Resurgent FluBot malware targets German and Polish banks
FluBot
2021-08-16Trend MicroJett Paulo Bernardo, Jayson Chong, Nikki Madayag, Mark Marti, Cris Tomboc, Sean Torre, Byron Gelera
@online{bernardo:20210816:lockbit:d709d4c, author = {Jett Paulo Bernardo and Jayson Chong and Nikki Madayag and Mark Marti and Cris Tomboc and Sean Torre and Byron Gelera}, title = {{LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK}}, date = {2021-08-16}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html}, language = {English}, urldate = {2021-08-23} } LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
LockBit
2021-08-03SophosYusuf Arslan Polat, Sean Gallagher
@online{polat:20210803:trash:6611883, author = {Yusuf Arslan Polat and Sean Gallagher}, title = {{Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more}}, date = {2021-08-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/}, language = {English}, urldate = {2021-08-06} } Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Raccoon
2021-07-22SophosSean Gallagher, Andrew Brandt
@online{gallagher:20210722:malware:ca3a4e3, author = {Sean Gallagher and Andrew Brandt}, title = {{Malware increasingly targets Discord for abuse}}, date = {2021-07-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse}, language = {English}, urldate = {2021-07-27} } Malware increasingly targets Discord for abuse
2021-07-04SophosMark Loman, Sean Gallagher, Anand Ajjan
@online{loman:20210704:independence:56ff257, author = {Mark Loman and Sean Gallagher and Anand Ajjan}, title = {{Independence Day: REvil uses supply chain exploit to attack hundreds of businesses}}, date = {2021-07-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses}, language = {English}, urldate = {2021-07-26} } Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
REvil