What healthcare orgs should know about the Anthem breach and HIPAA compliance

Anthem data breach and what it means for HIPAA compliance.The cyber attack on Anthem BlueCross BlueShield is being called the largest data breach ever in the healthcare industry, and a warning of things to come as criminal gangs and even nation states take aim at valuable health data stored by insurers, hospitals, doctors’ offices and others.

Anthem said the breach affected approximately 80 million customers and employees, and the haul for cybercriminals included records that could be very valuable to the thieves – names, taxpayer IDs, birthdays, medical IDs, street addresses, email addresses, and employment data, including income.

Just as the massive breach of Sony last year sent shockwaves of concern throughout industry and government, the Anthem incident is raising awareness of just how vulnerable healthcare organizations are.

Continue reading

SophosLabs research uncovers new developments in PlugX APT malware

SophosLabsThe notorious PlugX APT group is continuing to evolve and launch campaigns, most recently a five-month-long campaign targeting organizations in India.

PlugX now uses a new backdoor technique – hiding the payload in the Windows registry instead of writing it as a file on disk – according to a new technical paper from SophosLabs Principal Researcher Gabor Szappanos.

Although not unique to PlugX, this backdoor approach is still uncommon and limited to a few relatively sophisticated malware families.

Continue reading

Deadly IT Sin #1 – are you guilty of mobile negligence?

mobile-negligence-150Smartphones and tablets are multiplying in your IT environment like crazy – whether it be the iPad Air used by your CEO, the latest Samsung Galaxy smartphone with its exposure to leaky Android apps, or the iPhone 6 your users are pestering you to configure for corporate use.

All those shiny new devices are a security and data loss risk you can’t afford to ignore.

You’ve heard of the seven deadly sins. Well, we think the 7 Deadly IT Sins are pretty bad too – and the sin of mobile negligence is number one our list of “thou shalt nots” if you want to keep out the hackers who are increasingly targeting these handheld security threats.

Continue reading

Sophos wins Best Usability Award from AV-Test

AV-Test Best Usability 2014 AwardWe’re pleased to announce that Sophos has been recognized with the AV-Test Best Usability 2014 Award!

AV-Test regularly tests endpoint protection products, including the Windows component of our Endpoint Protection product, which we call Endpoint Security and Control.

Across multiple tests in 2014, “Sophos Endpoint Security and Control excelled consistently and thus earned the 2014 Award in the category of Usability,” said Andreas Marx, CEO of AV-Test.

Continue reading

Sophos Mobile Security aces AV-Test review with 100% Android malware detection

av-test-150The expert product reviewers at AV-Test handed out awards for the best antivirus software for Android in January, and once again Sophos has aced the test with 100% malware detection.

Our Free Antivirus and Security for Android (Sophos Mobile Security) accurately detected and blocked every one of the 2,950 samples of malicious Android apps used in the test – and without a single false positive.

AV-Test recognized our app with a Protection Score of 6.0 (out of a possible score of 6.0), and we also garnered the highest rank of 6.0 in Usability.

Continue reading

The top 3 ways public sector orgs benefit from IT security vendor consolidation

uk-public-sector-150Public sector organisations face constant pressure to provide crucial services within tight budgets. Even essential items like IT security can come under the budget boss’s knife.

At Sophos, we believe you can reduce the cost of IT security, see greater efficiencies, and save time – without compromising on the quality of protection.

Here are three big ways public sector organisations – from local governments and schools to police, fire and emergency services – can benefit from consolidation with Sophos.

Continue reading

SophosLabs: Elite APT hackers aren’t always elite coders

SophosLabsMany highly effective hacking groups associated with malware and advanced persistent threats (APTs) appear to lack an understanding of the technical exploits they use. They also fail to adequately test their exploits for effectiveness before unleashing them on their victims.

Gabor Szappanos of SophosLabs evaluated the malware and APT campaigns of several groups that all leveraged a particular exploit — a sophisticated attack against a specific version of Microsoft Office.

In a just-published technical paper, Gabor details how none of the groups he analyzed were able to modify the attack enough to infect other versions of Office, even though several versions were theoretically vulnerable to the same type of attack.

Continue reading