#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Sophos | Breaking Cybersecurity News | The Hacker News

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

May 06, 2023 Advanced Persistent Threat
An advanced persistent threat (APT) actor known as  Dragon Breath  has been observed adding new layers of complexity to its attacks by adopting a novel  DLL side-loading  mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher Gabor Szappanos  said . "The latest campaigns add a twist in which a first-stage clean application 'side'-loads a second clean application and auto-executes it. The second clean application side-loads the malicious loader DLL. After that, the malicious loader DLL executes the final payload." Operation Dragon Breath, also tracked under the names APT-Q-27 and Golden Eye, was  first   documented  by QiAnXin in 2020, detailing a watering hole campaign designed to trick users into downloading a trojanized Windows installer for Telegram. A  subsequent   campaign  un
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Sep 24, 2022
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers' network. The issue, tracked as  CVE-2022-3236  (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company  said  it "has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities. As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version - v19.5 GA v19.0 MR2 (19.0.2) v19.0 GA, MR1, and MR1-1 v18.5 MR5 (18.5.5) v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4 v18.0 MR3, MR4,
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Mar 29, 2022
Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as  CVE-2022-1040 , is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal and Webadmin interface that, if successfully weaponized, allows a remote attacker to execute arbitrary code. "Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region," the company  noted  in a revised advisory published Monday. "We have informed each of these organizations directly." The flaw has been addressed in a hotfix that's automatically installed for customers who have the " Allow automatic installation of hotfixes " setting enabled. As a workaround, Sophos is recommending
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo
SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems

SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems

Feb 01, 2022
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in November 2021. Boasting of information harvesting and backdoor capabilities, the .NET-based malware has been linked to at least three different attack waves in 2021. The first set,  reported in April , took advantage of search engine poisoning techniques to trick business professionals into visiting sketchy Google sites that installed SolarMarker on the victim's machines. Then in August, the malware was  observed  targeting healthcare and education sectors with the goal of gathering credentials and sensitive information.
Cybersecurity
Expert Insights
Cybersecurity Resources