This group requires membership for participation - click to join
Subscribe by email
Subscribe by email
By view count
By comment count
8 May 2020
Malicious DNS Queries by APT - A Case Study
Hello Everyone, Ever got any malicious URLs? Couldn’t figure out what’s going on? This email documents suspicious DNS query attempts which were allegedly malicious according to an Advisory shared by the Australian Government. Background : The Australian Govt. shared an advisory with a customer which has a very competent team of IT security experts. The only SHA value mentioned in their advisory...
14 Feb 2020
Decoding Malicious PowerShell Activity - A Case Study
IT Administrators and Security Specialists often run into a suspicious looking PowerShell command; sometimes they succeed in decoding them but often, they are reliant on researchers. This blog should serve as a guidance to identify the purpose of suspicious entries found in: Scheduled Tasks RUN Keys in the Registry Static PowerShell Scripts Proxy Logs if a Web Server is exploited for a Remote Code Execution...
23 Oct 2019
Requests to re-categorize by third parties for PUA/Adware detections (possible Deceptor component)
Hi Everyone, The below article provides details about how we categorize PUA/Adware detections and how to provide us with the information we need to determine if a re-categorization is required.
23 Jan 2017
Watch Locky Ransomware in action and learn how Sophos stops it
Hi everyone, We have just published a new video taking a look at how ransomware works. You can find it here: https://www.youtube.com/watch?v=ajTcYRIwoqU In this video we are going to show you what happens when Locky Ransomware attacks a computer. You will see what a typical user would see if they were the victim of such an attack. We will then show you several scenarios demonstrating how Sophos protects the computers...