Gootloader inside out – Sophos News
Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware – without needing a lawyer afterward
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces – Sophos News
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
Into the tank with Nitrogen
The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques
The Phantom Menace: Brute Ratel remains rare and targeted
The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.
Akira Ransomware is “bringin’ 1988 back”
A new recently observed ransomware family dubbed Akira uses a retro aesthetic on their victim site very reminiscent of the 1980s green screen consoles and possibly takes its namesake from the popular 1988 anime film of the same name.
Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)
CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.