LockFile ransomware attempts to evade protection with 'intermittent encryption' and making Windows write the encrypted documents for them, throwing off statistical content analysis and runtime behavior detection. Get the lowdown in our dissection 101: https://t.co/utPdAeRnZx

Waar zit je aanvaller écht? Mijn onderzoek met de CTU toont hoe cloud VM's "rogue insiders" worden: 1️⃣ Geo-blocking omzeilen 🌍 2️⃣ Via RDP/VPN je infra in; de VM wordt deel van jouw netwerk 3️⃣ Remote encryptie via SMB (geen lokale signalen!) Details: https://t.co/2BVmovObCO

It started with #WantToCry and machine names WIN-J9D866ESIJ2 & WIN-LIVFRVQFMKO turned out to be a rabbit-hole of baddies https://t.co/a7EvJrPiCJ

.@StealaBrainrotR Security concern: Unknown player appeared in our private server during Gingerbread Town Event and last night during Christmas Eve admin event, a paid Festive 67 was removed from my son's base while allowed players were asleep. Looks like an exploit. Please act.

A Chinese APT leveraged Claude AI to run an end-to-end intrusion — recon, exploit generation, lateral movement — all executed via Anthropic’s own systems. Defenders are officially in a new era.

Threat actors regularly look for ways to disable security products. Tamper protection – a mechanism designed to stop threat actors from interfering with security products – is therefore a critical part of any security suite.

At the end of 2023, Sophos X-Ops noted a 62% year-on-year increase in ‘remote encryption’ attacks – where ransomware attackers compromise an unmanaged or under-protected endpoint, and leverage that access to encrypt data on managed, domain-joined machines.

Everyone says Europe can't compete with America in tech. But 48 hours ago, Mistral's 'Le Chat' just proved them wrong: • 13x faster than ChatGPT • 100% open-source • Completely free (vs $20/month) The European AI breakthrough Silicon Valley didn't see coming 🧵:

Ik bestelde een McCrispy, niet een McPlastic. Is dit wat jullie bedoelen met transparantie over voeding, want dit is zeker ‘kraakhelder’ zoals jullie het zelf noemen, @McDonaldsNL 🤷‍♀️🍔

Chester Wisniewski, Director and Global Field CTO, shares insights from a five-year operation countering state-sponsored adversaries. Listen to our latest Inside Pacific Rim entry as Chester and Joe Levy, CEO, discuss key findings in this six-part series: https://t.co/hHpOe0jX4F

Inside a Firewall Vendor's 5-Year War With Chinese Hackers Hijacking Its Devices: Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work, revealing a glimpse into China's R&D pipeline of intrusion techniques:

For 5 years, Sophos has been engaged in defensive and counter-offensive operations against China-based #NationState adversaries targeting perimeter devices like #firewalls for surveillance and sabotage. For the full story, please see our landing page:

This week, Sophos participated in Microsoft’s Windows Endpoint Security Ecosystem Summit. This article provides context and general information about the landscape: Standing on the Windows platform, waiting for change

🚨 Ransomware still beats up-to-date protection - even decade-old strains! Want to know how? See @AltShiftPrtScn in "Know the Enemy". Wednesday, August 7, 11:25 am – 12:15 pm (Business Hall Theater A) More: https://t.co/w4xcG4qJBR #BlackHat

Apparently, Apple and Microsoft have been discussing how to visualize when AI is operating on their devices: through the use of a 'rainbow'-colored border!

Windows 11's Recall AI feature, which records and stores all activities on your PC locally, poses a significant risk for data exfiltration.

Wanneer een staatshacker een rootkit nodig heeft om specifiek jouw software lam te leggen dan doe je toch iets goed. Raising the bar met technologie ontwikkeld in Twente! #HitmanPro #Lazarus #rootkit https://t.co/r2PClrQs2P

We’ve also seen other ScreenConnect abuse in our telemetry, some delivering AsyncRAT (via WSF script execution); infostealers; and SimpleHelp Remote Access Client

While the world digests what, precisely, the LockBit takedown this week entails and how much it’s likely to kneecap the ransomware gang, we’d just like to point out how prevalent the family is – literally, what Conti was to 2021, LockBit was to 2023. 1/11

There have been several shifts in ransomware tactics over the past few years: new RaaS models, new languages and TTPs, and attacking after hours and at weekends. But maybe one of the most substantial is remote ransomware.

CryptoGuard: An asymmetric approach to the ransomware battle. In the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques: