The Bite from Inside: The Sophos Active Adversary Report
A sea change in available data fuels fresh insights from the first half of 2024
Similar Posts
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
Bys s
For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10…
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Bys s
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely…
Breaches have consequences (sometimes)
Bys s
Connor Smith reports: Six months after a massive data breach that impacted students, families and school staff around the country – including each school district in Southeastern North Carolina – the North Carolina Department of Public Instruction (NCDPI) has renewed part of its contract with the company at the center of the breach. On Monday,…
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Bys s
Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. “These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full…
Germany suspects Russian cyber attack on research group
Bys s
Richard Connor with dpa reports: Intelligence officials in Germany on Tuesday said they were probing a suspected Russian online attack on the German Association for East European Studies (DGO). The research group, specializing in foreign policy and international relations, is among several operating in Germany that Moscow has deemed “undesirable.” What the intelligence agencies said Both Germany’s…
A Brief Reminder About the Florida Information Protection Act
Bys s
Joseph Lazzarotti of JacksonLewis writes: According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including the Sunshine State. Perhaps more troubling is that class action litigation is more…