Security Operations | Process-IT

Confluence exploits used to drop ransomware on vulnerable servers

par user-sophos | 16 Juin, 2022 | atlassian, Cerber, confluence, CryptoGuard, cve-2022-26134, featured, Intercept X, News-Sophos, Powershell, Ransomware, Security Operations, Sophos Managed Threat Response (MTR), SophosLabs Uncut, Threat Research, Tomcat, webshell

Automated attacks are now widely exploiting the Atlassian vulnerability

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

par user-sophos | 15 Juin, 2022 | cobalt strike, Cryptomining, cve-2017-11357, cve-2017-1137, cve-2019-18935, News-Sophos, Powershell, Security Operations, SophosLabs Uncut, telerik, Threat Research, XMRig

Attacker targets bugs in a popular web application graphical interface development tool

Move fast, unbreak things: About the Sophos Active Adversary Playbook 2022

par user-sophos | 7 Juin, 2022 | Active Adversary Playbook, News-Sophos, Security Operations, SophosLabs Uncut, Threat Research

Our latest report shows that the most pleasant way to learn from Rapid Response mayhem is to read about how it worked out for someone else