The Rotten Tomato Campaign: New SophosLabs research on APTs

rotten-tomato-150An advanced persistent threat (APT) malware campaign seen in August and September 2014 is the subject of new research by one of our threat analysts at SophosLabs.

Just like other recent examples of APTs, this malware campaign was based in China, which tends to get a lot of media attention and hype.

Sophos is calling this malware campaign “Rotten Tomato,” in reference to the Tomato Garden campaign; and because some of the samples were rotten in the sense that they were not effectively executed.

Continue reading

What do IT managers rate as their #1 firewall issue today? Our survey says…

Back in the summer we ran a little survey on SpiceWorks and almost 400 Small and Medium Business IT managers gave us their view on the main challenges they have with their current firewall. But some of the results weren’t exactly what we were expecting.

The #1 rated issue was the lack of reporting options

35% of respondents said their firewall provides insufficient reporting and 22% also cited lack of visibility into infected machines which speaks to a lack of useful insight too. Users are hungry for bandwidth and regulatory compliance is Insufficient reportingbecoming increasingly important so it’s not really surprising that IT managers crave a better view into what’s happening on their network.

What is surprising is that so few firewall vendors offer their users what they need. Compare the leading UTM/Firewall vendors and you’ll find just one who has over 1000 reports available built-into the appliance. I’ m sure you can guess who check here if you can’t!  At Sophos we prioritize  reporting and in addition to the on-box reports we also offer Sophos iView our dedicated virtual reporting appliance for those that simply need more reports or want to correlate reporting across multiple appliances.

Continue reading

UTM Up2Date 9.208 Released

nsg

Today we made available  a new Up2Date package for Sophos UTM which will introduce a security fix for CVE-2014-6271 .

Please note, that to date we are not aware that the Sophos UTM is exposed to the described vulnerabilities and this release is a precautionary update.

Please read on to see the full details of this release.

 

Continue reading

How to set up Dynamic Host Configuration Protocol (DHCP) on your UTM

firewall-150Last time we talked about how to set up your firewall. This week we’ll continue looking at some other things that happen in the background but that you can also control and benefit from.

When you set up the UTM for the first time you may have chosen not to enable DHCP, or Dynamic Host Configuration Protocol. You may have chosen not to enable it because you already have a DHCP server on your network or you just don’t know what it is.

In layman’s terms, a DHCP server manages the handing out of IP addresses to devices as they come and go on your network.

Continue reading

What is Shellshock? This infographic explains how a Shellshock attack works and how to stay safe

Bash-Shellshock-150Shellshock, a serious vulnerability affecting Linux, UNIX and OS X computers, is making life difficult for IT admins, as vendors rush out patches to stay ahead of the cybercriminals trying to exploit this bug.

Like the Heartbleed bug in OpenSSL, Shellshock has a nasty-sounding name, far-reaching impact, and major consequences for security. Yet Shellshock is worse than Heartbleed in one important way — it could allow an attacker to take complete control of vulnerable machines.

If you’re looking for a little tutorial on Shellshock, we’ve created a simple infographic to explain the bug, how an attacker might exploit it, and what you can do to stay safe.

Continue reading