Sophos products and the GHOST vulnerability affecting Linux

nsgIn the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.

The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.

Continue reading

Why security is failing #3: It lacks coordination

cloud-150Last week, I posited that the security industry is, by and large, failing to meet the needs of today’s businesses. I introduced two reasons for this failure: security solutions are incomplete, and security is overly complex.

Today, I’ll wrap up with the third challenge businesses face: inconsistent and uncoordinated security.

While attackers continue to evolve and become more sophisticated, security technology struggles to keep up. How else to explain the 48% increase in the number of security incidents reported by businesses worldwide in 2014 compared to the year before?

Continue reading

Firewalls, encryption, and next-generation endpoint protection – the Sophos ASEAN webinar series

roadshowWe’re excited to announce the line-up for our Sophos ASEAN webinar series — a virtual platform for end users and channel partners to get up to date on computer security news, opinion and advice on how to navigate the ever-evolving cybersecurity landscape.

This webinar series features our top security experts in the ASEAN region, and covers three of the most pressing concerns IT departments are facing in 2015, showing you how to manage issues of firewall performance, what to expect from the next generation of endpoint security, and how to use encryption to protect data without slowing down users.

Learn more about these webinars below, and be sure to reserve your seat!

Continue reading

SophosLabs research spotlights rising threat of Vawtrak financial malware

SophosLabsA type of data-stealing malware called Vawtrak is spreading in countries around the world, controlling thousands of computers while silently draining the bank accounts of its victims.

Analysis of the malware by James Wyke, Senior Threat Researcher with SophosLabs UK, indicates that the people behind Vawtrak are targeting banks and other companies in a very methodical way in a number of countries, including some that aren’t commonly targeted by banking malware.

In his fascinating new research paper on the subject, Vawtrak – International Crimeware-as-a-Service, James enlightens us about the mechanics of this cybercriminal enterprise, and the steps taken by this crafty and deceptive malware as it steals account details and transaction tokens directly from victims when they visit the websites of their financial institutions.

Continue reading

The top 6 retail threats and how to stop them

hackers-retail-dataThe weeks leading up to Christmas are the busiest for the retail industry all year, which makes this a really opportune time for cybercriminals to break in and steal credit card and other personal data from all those online and in-store shoppers.

Recently we surveyed a bunch of IT professionals at UK retailers and found that many of them are concerned they won’t be prepared for attacks against them.

Well, we’ve got some simple security advice that retail businesses of any size and anywhere in the world can follow to keep this season a merry one. Here are the top 6 retail threats, and what to do about them.

Continue reading