This makes me want to be Canadian. I know nothing about counterfeting passports but surely this has got to be at the extreme difficulty end of the scale. youtube.com/watch?v=GvoD0i…

Last year, after stopping a #ransomware attack, X-Ops discovered the attackers had managed to sabotage endpoint protection tools using a malicious driver signed by Microsoft. We reported the issue the Microsoft and continued to investigate.

Powerful The true dangers of sharing content online. The people that figures out how to combat this will become billionaires.

There's a recruitment poster if ever I saw one. Almost makes me want to be American (almost) #GSP

Cybersecurity vendor Sophos’ new retainer option offering seeks to expedite cyber incident response engagements and stand out from other retainers with its fixed-cost agreement, Sophos President Joe Levy told CRN. Sophos Partners bit.ly/3QQVCUZ

If you are using Cisco AnyConnect VPN please enforce MFA the #Akira / #Powerranges ransomware lot are heavily targeting them at the moment for initial access.

⚠️Watch out for your #SharePoint environments in the upcoming weeks... There is now enough info out there to implement a full #exploit chain using #CVE-2023-29357 and #CVE-2023-24955. If SharePoint is anything like Exchange in patchratio we are approaching dangerous waters.

If you work in DFIR and recognize b64 starting with "JABz" we can be friends.

Most ransomware IR's

#HuntersInternational IOCs - Cobalt: virustotal.com/gui/ip-address… & virustotal.com/gui/ip-address…, Other C2s: virustotal.com/gui/ip-address… & virustotal.com/gui/ip-address…. Rclone->SFTP: virustotal.com/gui/ip-address…. Filnames include vmware.exe, vmware.dll, vm.dll in ProgramData and Windows\Temp.

#AlphV files an SEC complaint against #MeridianLink for not disclosing a breach to the SEC #Ransomware databreaches.net/alphv-files-an…

Lots of IOCs and intel just published on the #ScreenConnect exploits. news.sophos.com/en-us/2024/02/…

Working in DFIR and dealing with encrypted VMDKs? here is how we have been extracting forensic evidence from them. Well done to everyone involved in developing these methods. news.sophos.com/en-us/2024/05/…

news.sophos.com/en-us/2024/06/… 👀

🚨 Ransomware still beats up-to-date protection - even decade-old strains! Want to know how? See PeterM🌻 in "Know the Enemy". Wednesday, August 7, 11:25 am – 12:15 pm (Business Hall Theater A) More: blackhat.com/us-24/sponsore… #BlackHat

⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍

I get asked a lot "how do you prepare for a ransomware attack". I always give the same answer; have an Incident Response Plan and practice it in advance. But how do you do that easily? well I highly recommend the NCSC's Exercise in a box, it's free! exerciseinabox.service.ncsc.gov.uk

Another great article full of technical info!👏 Great job by Morgan Demboski and security_dumpster as always for this blog! Chinese State-sponsored TAs have become the punching bag for Sophos this year lol 😂 It inspired me to illustrate how they must be feeling right now😆🎬👇

This is amazing! Sophos' transparency should be lauded; pretty much all big security vendors have swept things like this under the rug, but this shows the industry could be driving a lot more value if vendors were just willing to be accountable. sophos.com/en-us/content/…

Nice post about exfil tools: Ransomware-driven data exfiltration: techniques and implications blog.sekoia.io/ransomware-dri…