Sophos news in review: OpenSSL Heartbleed, what is it and what does it mean for security?

Sophos-in-the-newsThe big story in security news right now is Heartbleed – a serious bug in the software responsible for encrypting traffic on the Internet, called OpenSSL.

OpenSSL is open source software used by websites, including Google, Gmail, Facebook, Yahoo and many thousands more, to encrypt all of our data. But the Heartbleed bug, just recently discovered by two researchers, left the door wide open to data attacks on vulnerable web servers.

We also found out that the Heartbleed bug is in a version of the OpenSSL software that’s two years old — so this vulnerability could have been attacked for a very long time by someone with the resources to exploit it.

Continue reading

New research on Android, rootkits, and malware: SophosLabs papers accepted for Virus Bulletin 2014

Virus-Bulletin-2014Our SophosLabs threat researchers had four papers accepted for the Virus Bulletin 2014 conference in Seattle coming up in September. We’ll be there, alongside the best minds in the security industry.

SophosLabs researchers will share their discoveries and analysis of some cutting-edge topics, including Android malware, kernel rootkits, and new strategies used by malware to evade detection and capture by sandboxing.

Continue reading

Sophos in the news: Microsoft Word zero-day, email privacy, and data encryption (Video and Podcast)

Sophos-in-the-newsThis week we had several more reminders that our data is only as secure as we make it, because we sure can’t rely on others to secure our data for us. Plus, we talked about encryption as the only way to make sure your data isn’t being seen by snoops.

In security news, a new zero-day threat caused Microsoft to issue a security alert and a short-term fix for a vulnerability in Word that was being exploited in targeted attacks.

On the privacy front, meanwhile, Google and Microsoft were fighting back and forth about who has the most secure free webmail.

Continue reading

Will NSA spying hurt the U.S. tech industry? (Video and Podcast)

NSA-spyingThe U.S. tech industry, represented by the likes of Facebook, Google, and the other titans of Silicon Valley, has been a bright spot in the American economy. But could revelations of mass surveillance by the U.S. National Security Agency (NSA) boomerang on American economic interests?

NSA blowback is not just a strong possibility, it’s already happening, according to Chester Wisniewski, senior security adviser at Sophos. In multiple media interviews this week, Chet explained that businesses are deeply worried about the NSA’s data collection programs.

Continue reading

Sophos in the news: Coinbase phished, Firefox pwned, and a big CRN award for our Partner Program

Sophos-in-the-newsThis was a big week for prizes. We scored another big award for our Partner Program, which earned a five-star rating from CRN in its annual Partner Programs Guide.

Meanwhile, some security researchers won close to a million dollars in prize money at the PWN2OWN contest for successfully hacking all of the major web browsers with new exploits.

And proving that some prizes are a curse disguised as a blessing, a widespread spam email campaign blasted out last week claimed that recipients had received an unsolicited deposit of Bitcoins to their online account. Oh, really? Free money? It turns out it was a phishing attack aimed at stealing user credentials for Coinbase, a San Francisco-based Bitcoin bank.

Continue reading

Sophos in the news: UTM Accelerated 9.2, APTs, and the NSA’s blurred lines

Sophos-in-the-newsThis week we announced the software release of Sophos UTM Accelerated (9.2), our best UTM release ever, with more than 100 new features including Advanced Threat Protection that provides a multi-layered approach to stop so-called advanced persistent threats (APTs).

Meanwhile, our researchers at SophosLabs have uncovered a disturbing trend in APTs — methods formerly seen only in espionage-style attacks are now increasingly common in malware attacks from money-making cybercriminals.

And in a shocking development, newly reported leaks from former NSA contractor Edward Snowden revealed that the NSA is engaged in surveillance practices that appear to borrow tactics we once thought were only likely to be employed by cybercriminals.

Continue reading

SophosLabs: Techniques from APTs showing up in money-making Zbot/Zeus malware

Credit-card-targetedMalware targeting financial accounts is increasingly borrowing techniques formerly seen only in targeted attacks designed for espionage and intelligence gathering, according to new research from SophosLabs.

These techniques, including the use of booby-trapped Word documents, had been telltale signs of so-called advanced persistent threats (APTs). But our research shows that cybercriminals behind financial malware such as Zbot (Zeus) are now borrowing the same attack methods to spread money-making malware.

Continue reading

Sophos in the news: Gameover malware gets harder to kill; will Windows XP live on after death?

Sophos-in-the-newsWe often talk about inanimate things as if they live and die — maybe to feel better about them having power over us. Just look at Windows XP, which is now on extended life support until Microsoft finally pulls the plug in April, and which critics would gladly see die.

On Patch Tuesday in April, Microsoft will officially end support for the aging Windows XP with its final security patch. But with millions of people still relying on this long-in-the-tooth operating system, will it live on even after Microsoft has essentially killed it off?

Along these same lines, one of our superb researchers at SophosLabs discovered recently a new variant of the Gameover banking Trojan that borrows code from a rootkit in order to stay hidden, making it much harder to kill. And when it comes to matters of crime and punishment, some cybercriminals are finding that their malicious code will live long after they have gone away.

Continue reading

Credit card data for sale in cybercrime market shows Sally Beauty was breached

credit-card-securityU.S. beauty supply chain Sally Beauty is apparently the latest victim of a credit card data breach, according to security blogger Brian Krebs, who discovered a new batch of credit card numbers for sale in an underground cybercrime market that had recently been used at Sally Beauty stores.

A spokesperson for Sally Beauty said the company is investigating an intrusion of its network, but found no evidence that credit card numbers had been breached. However, several banks contacted by Krebs said they had made targeted purchases of credit card numbers from the recent online “dump” by cybercriminals to find a common source for the stolen card data — which pointed them back to Sally Beauty stores.

Continue reading

RSA Rewind: All the buzz from Sophos at RSAC in San Francisco (Podcast)

RSA-2014There’s just so much going on in the IT security world right now — from NSA spying to blockbuster data breaches — that it’s hard to say enough about it. Last week at RSA Conference 2014 in San Francisco, Sophos sparked the conversation with our exciting threat research, product development and security awareness efforts.

Our chatty experts Chester Wisniewski and John Shier spoke “live” from RSAC for a Conference Special edition of the weekly Chet Chat podcast. Leading the conversation, our expert host Paul Ducklin asked about this year’s most buzz-worthy words and phrases at RSA. Listen to our podcast for the word from Duck, Chet and John about the big themes of data security and privacy.

Continue reading