On March 2nd, zero-day vulnerabilities affecting Microsoft Exchange were publicly disclosed. These vulnerabilities are being actively exploited in the wild by HAFNIUM, a threat actor believed to be a nation state.
Sophos customers are protected ...
- Overview
- Adversarial Tactics
- Investigation Tips
OverviewPowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions…
Hello Everyone,
Ever got any malicious URLs? Couldn’t figure out what’s going on?
This email documents suspicious DNS query attempts which were allegedly malicious according to an Advisory shared by the Australian Government.
Background:
The Australian Govt. shared an advisory with a customer which has a very competent team of IT security experts.
The only SHA value mentioned in their advisory was a DLL which…
IT Administrators and Security Specialists often run into a suspicious looking PowerShell command; sometimes they succeed in decoding them but often, they are reliant on researchers. This blog should serve as a guidance to identify the purpose of suspicious entries found in:
powershell…
Hi Everyone,
The below article provides details about how we categorize PUA/Adware detections and how to provide us with the information we need to determine if a re-categorization is required.
Hi everyone,
We have just published a new video taking a look at how ransomware works. You can find it here: https://www.youtube.com/watch?v=ajTcYRIwoqU
In this video we are going to show you what happens when Locky Ransomware attacks a computer. You will see what a typical user would see if they were the victim of such an attack. We will then show you several scenarios demonstrating how Sophos protects the computers and…
