Items tagged with Sophos
After a cybercriminal manages to breach a network, it is not all about immediately attacking the target. New research shows that these black hat hackers may lie dormant or lurk on a network for around 250 hours on average before an attack kicks off or they are detected. This means that organizations should know that the clock is always ticking to quarantine a problem before it turns into a nightmare, like the recent Colonial Pipeline attack. Defending an organization from cyberattacks is no small feat when the threat constantly adapts to new evasion techniques and evolves the attack toolset. Generally, these adversaries like to try and stay one step ahead of the security team and often are; however,...
Read more...
Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product. The patch plugs a hole that was being abused in the wild by hackers. Sophos says that it learned of the zero-they exploit on Wednesday of last week, after receiving a report from one of its customers. The customer reported that it had seen "a suspicious field value visible in the management interface." After investigation, Sophos determined that it was an active attack on both physical and virtual XG Firewall systems, and not a misconfiguration in its product. The hackers were abusing an SQL injection bug in its database to steal passwords. Sophos says that the attack...
Read more...
The number of malicious Android apps that make it to the Google Play store continues to grow at an alarming rate. Sophos has issued a new report regarding 15 apps on Google Play that are abusive and designed to do nothing but serve ads to smartphone users. On top of spamming users with ads on their mobile devices, they hide their app icons in the launcher to make it hard for users to find and remove the apps. Sophos says that some of the apps take things a bit further and disguise themselves in the Phone app settings page. In total, these apps have been installed on more than 1.3 million devices globally. One of the apps that Sophos has discovered goes so far as to launch the first time and seemingly...
Read more...
A remote desktop exploit in Windows known as BlueKeep is no joke, and to prove it, security researchers at Sophos have created a proof-of-concept demonstration showing how easy it would be for an unpatched RDP (Remote Desktop Protocol) server to be compromised. The researchers hope that the demonstration will essentially scare companies into patching Windows. BlueKeep is viewed as especially dangerous because it affects multiple different versions of Windows and is wormable, meaning it can rapidly spread to other vulnerable systems in a network in similar fashion to the WannaCry malware attacks that wreaked havoc a couple of years ago. Not to be taken lightly, BlueKeep has drawn the attention...
Read more...
Apple users have generally eschewed anti-malware software and safe online practices, because “Macs don’t get viruses”. We’ve learned that’s a fallacy, of course, and Mac users would be wise to heed some advice about malware safety, but Sophos found that Macs were actually more likely to spread malware than be infected by it. In a blog post that veered sharply and irretrievably into disturbing comparisons between computer malware and Chlamydia, security firm Sophos announced a study that found that of the 100,000 computers they surveyed (that were equipped with Sophos software), one in five had some kind of Windows malware lurking onboard. (Yes, Sophos can benefit...
Read more...
If you should happen to run across a USB flash drive on the subway, you may want to leave it there, assuming you weren't planning to take it to lost and found to begin with. There's a good chance it's infected with malware, and that doesn't just apply to USB keys you find on the ground, but ones you buy at auction, too. Security firm Sophos said it studied 50 USB keys bought at a major transit authority's Lost Property auction, and of those 50, two-thirds were infected with malware. That's bad news for the buyer, and the previous owner doesn't get off scot-free either. The study also revealed that drives were filled with information about many of the former owners, including their family, friends,...
Read more...
Hackers are taking advantage of another highly publicized event to push spam on end users. In this case, Google+. Invitations to the new service are no long available, but even though the new social networking service is in "field test mode" (meaning somewhat imcomplete), an invitation to the service is a hot item. Pharmaceutical spammers have recently begun attempting to spoof invitations to the Google+ social service to get some views of their sites. Sophos Senior Technology Consultant Graham Cluley in a Friday blog post, "The messages look similar to the real emails that users may receive from friends who are already members of Google+. However, clicking on the links will not take you to the...
Read more...
Security firm Sophos warned on Friday that the new Android Market website, as currently configured, could present a security hole for Android users. However, given the way this website works, in reality it's not really that much of a concern. As noted by Sophos, when you select an app from the Android Market, and approve its installation on your phone, it is more or less immediately downloaded to your smartphone. While a user has to approve the permissions an app requires on a device after the installation on the website, when it downloads to the Android phone, no user intervention is required. As Sophos notes, this means that if an end user has their password stolen, a hacker could install...
Read more...
Although still in its infancy, data loss prevention software is becoming increasingly important for companies who wish to protect the accidental and intentional release of sensitive information. To assist, Sophos introduced free programs that will prevent sensitive data from getting outside of corporate firewalls. In a move that will take on products sold by competitors Symantec and McAfee, Sophos plans to offer its data-loss prevention program for no charge to customers who purchase the company's anti-virus programs. Sophos, the world's biggest privately held maker of security software, hopes to boost sales of its anti-virus software for both business and personal computers with the offering....
Read more...
