Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and guidance for customers, researchers, investigators and incident responders. This information is based on observation and analysis of attacks by SophosLabs, Sophos Managed Detection and Response (MDR) and Sophos Incident Response (IR), in which the ScreenConnect […]
Video Here’s how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals 16 Feb 2024 Cyber-insurance has been an increasingly hot topic lately, with the cyber-insurance industry growing of 62 percent last year, which largely appears to be attributable to […]
Feb 11, 2024NewsroomMalware / Cybercrime The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were “used to sell computer malware used by cybercriminals to secretly access and steal data from […]
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Prioritizing cybercrime intelligence for effective decision-making in cybersecurityIn this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Proactive cybersecurity: A strategic approach to cost efficiency and crisis managementIn this Help […]
The most recent ISC2 Cybersecurity Workforce Study found a shortfall of 111,000 professionals in the Middle East and Africa region. While that number pales in comparison to other parts of the world like the US, where the gap is at 522,000 — it’s a significant deficit that has inspired one controversial solution. Chidiebere Ihediwa, an […]
In July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due to the rise in legitimate driver abuse with the goal of disabling EDR products (an […]
Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. “UNC3886 has a track record of utilizing zero-day vulnerabilities […]
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog (KEV). It is not known whether the vulnerability is being exploited by ransomware groups, and CISA does […]
Video The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings 19 Jan 2024 The job of a chief information security officer (CISO) is becoming increasingly stressful, to the point that some security leaders are seeking out more peaceful career paths. […]
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial compromise. The end goal of the campaign is to steal credentials to high-profile applications such as Amazon Web Services, […]