Pinned Tweet
Mark Loman
@markloman
Computer Doctor | We stop ransomware, exploits, hacker techniques on-device (low carbon footprint) | Sophos HitmanPro & Intercept X dev | Tweets are my own
Mark Loman’s Tweets
Ferrari wordt afgeperst met gestolen klantgegevens buitgemaakt bij ransomware aanval
1
1
Sophos CryptoGuard - our zero-trust architecture against ransomware - thwarts unknown data exfiltration via legitimate but vulnerable Avast executable, leading to side-loaded PlugX USB worm touching ten timezones. More here:
3
3
Don't miss your chance to win a free license key for HitmanPro Alert! Enter the Christmas Giveaway at now:
2
OpenSSL has pre-announced the release of OpenSSL version 3.0.7 to be made available on Tuesday 1st November 2022 between 1300-1700 UTC.
This version is a security-fix release rated CRITICAL. 1/2
1
14
19
Show this thread
In een brief waarschuwt Team High Tech Crime van de politie de hostingsector voor de gevaren & risico’s van het in zee gaan met bepaalde hosting resellers. Het gaat om een specifieke groep hosting resellers die aangeven bulletproof diensten te leveren.
1
19
26
After nine months of killing and in many cases torturing civilians; after razing whole towns; the Russians call blowing up a bridge "terrorism." That takes the fucking cake.
3,436
34.1K
170.8K
This is how a very good and decent human being - a real American leader - behaves.
To anyone who isn’t moved by this, I feel truly sorry for your broken soul.
I am so proud to support
0:24
18.4M views
From
Arun Chaudhary
4,628
20.2K
125.7K
I talked to and with yesterday about organizations being hit by multiple #ransomware groups at the same time, IABs, average attacker dwell time and much, much more. Take a listen:
10
13
3 attackers, 2 weeks – 1 entry point...
Lockbit, Hive, and BlackCat attack an automotive supplier in this triple #ransomware attack.
After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups.
1/17
3
91
163
Show this thread
My summary of investigating hundreds of ransomware attacks: Users are sensors that need monitoring, not blaming. It wasn't them that gave everyone domain admin, built a flat network, didn't patch Exchange, forgot to enforce MFA, or decided to open RDP to the world.
6
133
562
Pas op! Er gaat een valse e-mail uit naam van de Berichtenbox-app van MijnOverheid rond. Klik niet op de link en vul geen gegevens in op de phishingpagina. De mail is niet van MijnOverheid en de valse link komt uit op hxxps://20711-3425.s1.webspace.re/
1
3
1
Show this thread
Update (2022-05-31)
SophosLabs has updated endpoint protection signatures for static, dynamic, and behavioral detection of CVE-2022-30190 maldocs and payloads; Microsoft guidance to disable MSDT is linked in the article.
GIF
Quote Tweet
NEW: Malicious Word doc taps previously unknown #Microsoft Office #vulnerability
MSDT.exe misuse in May makes for Memorial Day Monday mayhem...
1/13
Show this thread
5
9
3
30
85
Interessante draad over nepnieuws:
4
1
NEW: Countermeasures and observability key to defending against attackers trying to buy security products
The leak of #Conti #ransomware's internal chat logs revealed the attackers tried to buy security software so they could figure out how to bypass it and avoid detection… 1/7
3
39
81
Show this thread
Strong product endorsement from Conti crew: "софос жрёт всё че роняется"
("Sophos eats everything that drops")
5
21
97
Show this thread
Heeft Willem Engel al getweet dat al die dode Russische militairen waarschijnlijk gevaccineerd zijn? #dtv
36
46
737
Two ransomware gangs entered a healthcare org through the same vulnerability. One “just” stole data and dropped a note. The other…encrypted everything, including the first gang’s note.
11
211
418
Show this thread
2:58
3.5M views
922
12K
21.6K
Show this thread
Question: when the latest update of a popular wallpaper app starts descrambling your Chrome/Edge browser secrets, like MFA session cookies and web credentials, what would you want us do?
2
NEW ransomware actor uses password-protected archives to bypass encryption protection
Calling themselves "Memento team", actors use Python-based ransomware that they reconfigured after setbacks...
1/13
2
60
121
Show this thread
Would you be able to validate the policy being applied?
With "Prevent credential theft" enabled, I'm observing LSASS access being blocked as expected. There is not an alert that will pop-up, but no file will be written.
Full Disclosure: I work at Sophos
3
6
42
2021-11-01: 👁️🔥#Conti #Ransomware | Peculiar File & Folder Whitelist
🆕File “CONTI_LOG.txt” & Folder Avoid “…HitmanPro”
1⃣File/Extension
{readme.txt, CONTI_LOG.txt}
2⃣Folder
{Trend Micro,Sophos, HitmanPro}
3⃣Usual Mutex "kasKDJSAFJauisiudUASIIQWUA82" 🛡️
2
33
67
We looked into the most common ways #ransomware gangs put pressure on their victims. Including calling them on the phone. We include a voicemail from SunCrypt in this article.
1
52
69
Here's what we can tell you about that Linux & Windows Monero Miner / Windows credential stealer spread through a hijacked NPM repo:
6
11
PSA: If you or someone you know got hit by BlackMatter in the past couple of months, please reach out. More details can be found here:
4
78
127
3
78
136
10
120
301
Python ransomware script targets ESXi server for encryption 🐍🐍🐍
Configuration errors rapidly escalated to a ransomware attack inside a virtual machine hypervisor...
1/12
2
76
173
Show this thread
If I looked like David Beckham or had a voice like Beyoncé, I'd endorse HitmanPro.Alert for FREE. Pretty robust detection of [safe] mfeann.exe trying to execute mfc.ini (bad beacon) via LockDown.dll in-memory. No statics, no generics, wins at what it does.
4
9
Show this thread
I was having streaming issues for months 🤬. Annoying hiccups and sometimes unable to stream songs at all. I finally figured out that DNS is the issue. Turns out I am not the only one
1
3
4
Show this thread
Looks like during the takedown of parts of the REvil infrastructure several months ago LEA got their hands on the secret key required to decrypt the ransom note key blobs which include the secret key for the system. Great news for older victims who can decrypt their files now. :)
2
57
159
LockFile ransomware’s box of tricks: intermittent encryption and evasion news.sophos.com/en-us/2021/08/ #proxyshell #petitpotam #lockfile
5
7