Articles about Sophos

Word hole patched in 2012 is 'unchallenged' king of Office exploits

Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012. Sophos threat researcher Graham Chantry says the longevity of the dusty bug affecting Office 2003, 2007, and 2010, is thanks to its constant adaptation by exploit kit authors, and a pervasive unwillingness …
Darren Pauli, 05 Jul 2016
Rotten apple. Pic: Shutterstock (http://www.shutterstock.com/pic-29447929/stock-photo-a-rotten-apple-on-a-white-background.html)

AirPort owners: Apple's patched a mystery vuln

Apple has run out a security update for its AirPort routers, to fix a nine-month-old DNS parsing vulnerability. The firmware upgrade is here, and covers 802.11n AirPort Express, Extreme and Time Capsule base stations; and 802.11ac AirPort Extreme and Time Capsule versions. The Apple advisory states only that “A remote …

Smut shaming: Anonymous fights Islamic State... with porn

Elements of the Anonymous hacking collective have switched tactics in a campaign against supporters of the self-style Islamic State by attempting to shame and humiliate jihadists by adding pornographic images to their social media profiles. The smut-smearing follows months of attempting to report jihadist profiles on social …
John Leyden, 16 Jun 2016

Sophos U-turns on lack of .bat file blocking after El Reg intervenes

Sophos' WS1000 web appliance not only fails to include batch files in its download file type block list, but said it would only include the ability to block them as a feature. WS1000 is an enterprise-targeted secure appliance and intends to protect "every user, on every device, everywhere they go" by prohibiting particular end …

It's been a breach-tastic year. And Sophos sales were good, apparently

Operating losses at security software firm Sophos have grown in its first year as a listed company – despite increased sales and an encouraging outlook overall. For the year-ending 31 March 2016, Sophos recorded an operating loss of $32.7 million on revenues of $478.2m. This compares to a loss of $0.5m on revenues of $446.7m …
John Leyden, 26 May 2016

You’re invited to Security SOS Week

Promo Registration is open for Security SOS Week, a short series of live webinars each featuring Sophos expert IT security practitioners. The events range from protecting your business against social engineering to embracing the Internet of Things without letting crooks into your network. You can find out more and sign-up at Security …
David Gordon, 08 Mar 2016

SSL's DROWN not as bad as Heartbleed, still a security ship wreck

Security experts are split on how easy it is for hackers to exploit the high-profile DROWN vulnerability on insecure systems. One-third of all HTTPS websites are potentially vulnerable to the DROWN attack, which was disclosed on Tuesday. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious …
John Leyden, 02 Mar 2016

Locky ransomware is spreading like the clap

Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
John Leyden, 17 Feb 2016
White Hat for Hackers by Zeevveez, Flickr under CC2.0

School network manager wins £10,000 in NCC Group Cyber 10K challenge

The second edition of a business-development focused cyber security challenge, the Cyber 10K, has concluded – with the worthy winner receiving £10,000 to further develop an innovative security dashboard tool. The challenge was run by the information assurance firm NCC Group supported by a judging panel including your …
John Leyden, 11 Feb 2016

Alibaba security fail: Brute-force bonanza yields 21m logins

Up to 21 million accounts on Alibaba e-commerce site TaoBao may have been compromised thanks to stolen credentials reused on breached third-party sites. TaoBao is a seller-to-seller commerce site like Gumtree or eBay where users rely on reputation to secure the most sales. Reuters reports that China's Ministry of Public …
Darren Pauli, 08 Feb 2016

Sophos grabs ATP-thwarter tech firm SurfRight for $32m

Sophos has paid $31.8m in cash to snap up advanced threat prevention firm SurfRight, with the deal allowing traditionally conservative Sophos to integrate SurfRight’s signature-less endpoint threat detection and response tech into its line of endpoint security products and services. The UK-based company claims the two sets of …
John Leyden, 15 Dec 2015

Sophos, Fortinet settle patent lawsuit, allegations of staff poaching

Sophos has settled a patent infringement lawsuit with US competitor Fortinet, in a case that also involved allegations of staff poaching. The recently listed UK company, a cloud and network security solutions outfit, paid an undisclosed sum to Fortinet to settle the dispute, as a brief statement (below) explains. Sophos …
John Leyden, 09 Dec 2015
spies_648

MPs to assess tech feasibility of requirements under draft surveillance laws

IPB The UK government published a draft Investigatory Powers Bill earlier this month in a bid to close gaps it has said exist in the surveillance powers available to the UK's intelligence and security services. The Science and Technology Committee said that it will carry out a "short inquiry into the technology aspects" of the …
OUT-LAW.COM, 18 Nov 2015

Sophos undertakes unified unified threat management unification

Sophos has launched a threat intelligence sharing platform 'XG' for its endpoint and network security firewalls and unified threat management systems. It means kit within homogeneous Sophos houses will be able to share threat intelligence data such as an endpoint screaming to network security boxens whenever an employee runs …
Team Register, 10 Nov 2015
dislike_facebook_648

Dislike: Facebook scammers latch onto anti-Like button calls

Survey scammers have already capitalised on Facebook's tentative plans to develop a "Dislike" button. Last week, Mark Zuckerberg conceded the obvious point that people didn't want to say they "liked" posts about friends' bad fortune, the only single button option available through the social network at present. He …
John Leyden, 22 Sep 2015
Gavel

Quadsys Five fraud case transferred to Crown Court

A case involving the owner and certain employees at security reseller Quadsys, who were last month charged with fraud by Thames Valley Police, is to be elevated to Crown Court. As we revealed last month, the Quadsys Five, including owner Paul Streeter, MD Paul Cox, director Alistair Barnard, account manager Steve Davies and in …
Paul Kunert, 08 Sep 2015
Facepalming statue

Android in user-chosen lockscreen patterns are grimly predictable SHOCKER

People choose predictable Android lock screen patterns just like they pick predictable passwords. Research by Marte Løge, a recent graduate from the Norwegian University of Science and Technology, confirmed that the problems people have in setting up secure passwords and PINs are replicated in the field of Android lockscreen …
John Leyden, 26 Aug 2015

Quadsys Five charged with fraud over data-slurping allegations

The boys in blue have charged Paul Cox, MD at Oxfordshire-based security outfit Quadsys, with fraud after he and others at the firm allegedly hacked into a rival security reseller to take data, including pricing info. Cox was among five bods arrested in March by Thames Valley Police (TVP) in conjunction with the National Crime …
Paul Kunert, 14 Aug 2015
iot_internet_of_things

NSA: Here’s $300,000, people. Go build us a safer Internet of Things

The NSA is funding development of an architecture for a "safer" Internet of Things (IoT), in the hope of incorporating better security at a product's design phase. The controversial US intelligence agency is bestowing a $299,000, one-year grant to the University of Alabama in Huntsville (UAH) for a project that aims to build a …
John Leyden, 13 Aug 2015
virus_1_648

It's not just antivirus downloads that have export control screening

Export control screening for individuals hoping to purchase everyday consumer technologies extends beyond just antivirus software downloads, according to several sources contacted by The Register. Those who share the name of someone on a blacklist have to go through secondary screening (a bureaucratic process generally …
John Leyden, 13 Aug 2015
facebook_shock_648

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go

Hackers and other miscreants are able to access names, telephone numbers, images and location data in bulk from Facebook, using only a cellphone number. The loophole was revealed by software engineer Reza Moaiandin. Moaiandin, technical director at UK-based tech firm Salt.agency, exploited a little-known privacy setting in a …
John Leyden, 12 Aug 2015

'Cops KNOW WHO I AM and I don't believe their hearts were truly in the shootout'

QuoTW It was a week of Firefox flaws, unruly Windows and big game news. Here were our favorite quotes from the past seven days: We may have arrived in the Windows 10 era but over in Wales, IT still parties like it's 2001. NHS systems have been found to still be running the ancient operating system Windows XP on their desktops. …
Team Register, 09 Aug 2015
virus_1_648

Want to download free AV software? Don't have a Muslim name

Exclusive Software export controls are being applied to blacklisted people as well as countries: and these controls apply to routine security packages such as freebie antivirus scanning software, as well as more sensitive technologies, El Reg has concluded. We've come to this way of thinking after investigating why Reg reader Hasan Ali …
John Leyden, 07 Aug 2015

Slippery Windows Updates' SOAP bubbles up SYSTEM priveleges

Blackhat 2015: Microsoft has bungled Windows Server Update Services (WSUS), according to hackers Paul Stone and Alex Chapman, with insecure defaults that let them hijack OS updates. Attackers that have previously gained admin privilege on a target system can elevate themselves to system-level access by skipping the normal signed update …
Darren Pauli, 07 Aug 2015

RIG exploit kit scum pop 27,000 machines a day

The authors of the RIG exploit kit have bounced back after a source code leak and are now again happily infecting computers at the rate of around 27,000 machines a day. The exploit kit, widely available at underground cybercrime markets, had its source code leaked in February. Trustwave Spiderlabs researchers say that since …
Darren Pauli, 04 Aug 2015

Flash zero-day monster Angler dominates exploit kit crime market

SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly competitive underground malware market: Angler's market share has exploded from a quarter to 83 per cent within nine months. The growth occurred between September and May this year, we'e told. Angler emerged in 2013 to become one of the …
Darren Pauli, 23 Jul 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015

Link farmers bust Google search algos

Sophos threat hunter Dmitry Samosseiko says internet lowlife are implanting hundreds of thousands of malicious PDF files a day on compromised websites to build a new cloaking system that foils Google's search algorithm analysis. Samosseiko says the blackhat search engine optimisation method applies old keyword-stuffing and …
Darren Pauli, 09 Jul 2015

Heart of Darkness: Mass of clone scam sites appear

Security watchers are warning about a fresh wave of cloned sites on the TOR network, evidence that cybercrooks are setting themselves up to fleece other ne'er-do-well on the so-called dark web. The latest attack of the clones marks the reappearance of an issue that cropped up before. For example, during Operation Ononymous, …
John Leyden, 07 Jul 2015

Sophos' putrid patch snuffs Citrix kit, kills call centre

A Sophos Web Appliance update has crashed users' PC fleets including knocking offline the Australian call centre of a global company for two days after support was quietly revoked for SSL 3.0 ciphers used in Citrix Receiver. The British security firm pushed out update version 4.0.2.3 last week to correct four non-critical issues …
Darren Pauli, 29 Jun 2015
Stock market. Pic: Alberto Carrasco Casado

Sophos: We'll have a market cap of £1bn when we IPO

Brit security slinger Sophos’s listing on the London Stock Exchange went live today, giving the firm a market cap of around £1bn – a valuation that has caused a stir among analysts. The intent to float was confirmed weeks ago, with the Oxford-based firm expecting to raise cash to fund the next phase of biz development and rub …
Paul Kunert, 26 Jun 2015
man_from_uncle_648

GCHQ: Security software? We'll soon see about THAT

The UK's spook agency GCHQ has been working with the National Security Agency to subvert anti-virus software, according to the latest piece of spoon-fed Snowden info reported on The Intercept. According to Glenn Greenwald's rag, spooks reverse-engineered software products in order to obtain intel – a tactic that will surely come …
Kat Hall, 23 Jun 2015

Pew, pew, pew! Sammy shoots out updates to plug mobile keyboard snooping bug

Samsung has promised to deploy updates to resolve a serious mobile keyboard snooping bug, with security policy fixes expected in the coming days, the company said on Thursday – while simultaneously downplaying the issue. As previously reported, researchers at security firm NowSecure warned that a problem involving the keyboard …
John Leyden, 19 Jun 2015
Cloudy sky

Sophos buys cloudy email security outfit Reflexion Networks

Sophos has acquired cloud-based email security firm Reflexion Networks. Financial terms of the deal, announced on Tuesday, were undisclosed. Reflexion markets archiving, email encryption and business continuity services. Reflexion Total Control blocks spam and viruses before they ever get to the corporate network. Archiving, …
John Leyden, 09 Jun 2015
Skull image

Kaspersky says air-gap industrial systems: why not baby monitors, too?

I wasn't at AusCERT this year, but watching the Tweet-stream and chatting to fellow Vulture Darren Pauli kept me clued-in, and I was interested to hear that Eugene Kaspersky thinks air-gaps are a good way to protect SCADA systems. Because you won't convince the industrial sector to reverse the cost savings it got from connecting …
Stock ticker board

Sophos looks to raise £65m with IPO

Security software outfit Sophos is to imminently float on the London Stock Exchange, a move it estimates will raise $100m (£65m), the company announced today. The Oxford-based biz is thought to be targeting a valuation of £1bn, according to The Sunday Times (subscription required). Richard Holway, analyst at TechMarketView …
Kat Hall, 03 Jun 2015
Collection of antique keys

Popular crypto app uses single-byte XOR and nowt else, hacker says

A programmer claims the makers of a popular encryption app have failed to implement its core feature: encryption. The hacker, using the alias NinjaDoge24, analyzed the NQ Vault app, which supposedly encrypts files on smartphones and other gadgets. Ninja claims the software used only XOR (exclusive or) and a single-byte key to …
Darren Pauli, 07 Apr 2015

Favicons used to update world's 'most dangerous' malware

Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network. The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence. He …
Darren Pauli, 25 Mar 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction already …
John Leyden, 13 Feb 2015
Young hipster man wearing hat, suspenders, bow-tie and fake-looking tattoo-sleeve. Image via shutterstock

About that UK digital biz renaissance? Not so fast

Guest Opinion The Gibson Index business database has been surveying UK businesses since 2003. Here, founder Marcus Gibson explains why the Tech City quango’s "Tech Nation" survey touting the success of "digital" Britain is deeply flawed. The Tech City quango last week claimed to conduct the "first national" survey of the UK’s digital …
Marcus Gibson, 10 Feb 2015

APT devs are LOUSY coders, says Sophos

The most infamous advanced persistent threat groups write exploits that fail more often than they work, malware bod Gabor Szappanos says. The malware prober with SophosLabs Hungary office examined 15 exploit writing groups and rated six as having only basic skills. Szappanos found one popular exploit (CVE-2014-1761) used as a …
Darren Pauli, 05 Feb 2015
Mouse man

DARPA: We KNOW WHO YOU ARE... by the WAY you MOVE your MOUSE

The US's mad-tech military boffin unit is developing a form of biometric measurement based on how user handles a mouse. Behaviour-based biometrics, for example how a computer user handles their mouse or crafts an email, would add to the existing repertoire of authentication techniques. Existing authentication techniques include …
John Leyden, 03 Feb 2015
blackmail

DANGER: Is that 'hot babe' on Skype a sextortionist?

North Yorkshire police have issued a general warning after three men in the York area fell victim to sextortionists. Someone posing as a woman called Cathy Wong befriended each of the victims on Facebook before asking them to Skype her. During the online chat session, she enticed each of them into performing an indecent act, …
John Leyden, 14 Jan 2015
Headshot of Trojan horse

Vawtrak challenges almighty ZeuS as king of the botnets

Crooks behind Vawtrak, a dangerous banking Trojan, are ramping up its reach and sophistication, security firms have warned. Vawtrak currently ranks as the single most dangerous threat, according to PhishLabs. Only Zeus and its many variants (GameOver, KINS, ZeusVM, Zberp, etc.) taken as a single malware "family" would outrank …
John Leyden, 27 Dec 2014

US parking operator: YEP, hackers got your names, credit card numbers, secret codes...

Point-of-Sale systems have been hacked at major US parking garage operator SP+. The breach has resulted in the exposure of customer financial information, SP+ explained at an advisory on Friday. SP+ said it had learned of the breach from the firm that handles its payment card processing. The firm operates about 4,200 parking …
John Leyden, 02 Dec 2014
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

+Comment The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014
iCloud brute force

Apple's OS X Yosemite slurps UNSAVED docs into iCloud

Apple's OSX 10.10 – aka Yosemite – is silently uploading users' unsaved documents and the email addresses of their contacts to Apple's iCloud, according to security researcher Jeffrey Paul. Berlin-based Paul said the discovered the document auto-syncing without consent issue, and another hacker expanded the point by discovering …
John Leyden, 27 Oct 2014
IT Crowd. Source: Channel 4 / 2entertain

Sophos to offshore American support operations

Exclusive Sophos plans to offshore support operations from the US to Canada and the Philippines as part of a wide-ranging restructuring of its support operations. The plans were outlined in an internal email to staff from Mary Winfield, SVP Global Support, leaked to El Reg by an anonymous tipster. "Another year, another round of layoffs …
John Leyden, 20 Oct 2014
cloud

Sophos gulps down hot Mojave, will puff out more secure clouds

Sophos has slurped up the security firm Mojave Networks in a bid to develop the world's strongest and most secure cloud. You should probably now get excited about data security. "Mojave Networks is a young innovative company that has built a leading platform right at the intersection of three cutting-edge areas of security: …
Jasper Hamill, 08 Oct 2014