Malicious spam campaign pretends to be from Sophos

Sophos is aware of a widespread malicious email campaign sent out with subject lines like this:

These emails claim to come from addresses such as:

Please note that this attack did not originate from Sophos, and there is no indication that we have been compromised in any way.

Unfortunately, the “From” address in an email is part of the email itself, just like the subject line or the message, so the email sender gets to choose whatever they want.

Continue reading

Follow these best practices to secure your data in the cloud

cloud-aws-best-practicesThere are many misconceptions about cloud security, and it starts with basic misunderstandings about what “the cloud” even is.

Essentially, the cloud is anything hosted and accessed virtually. Webmail systems like Gmail, and social networking sites like Facebook and Twitter are in the cloud. Really, the entire internet is the cloud!

As Sophos experts explain in a new whitepaper describing best practices for cloud security, the most important thing to remember is that when you put data in the cloud, you need to understand how it’s being protected. You shouldn’t assume that security is being taken care of for you.

Continue reading

SophosLabs investigates the most popular Microsoft Office exploit kits

SophosLabs Office exploitsMalware authors have been using Microsoft Office document exploits for quite some time, but in the past couple of years, document malware has experienced a resurgence.

Typically, exploited documents are attached to email messages and sent out to large numbers of random recipients (in the case of cybercrime groups) or a smaller number of selected targets (in the case of APT groups).

Office exploit generators play a crucial role in making Office exploitation available to common cybercriminals. However, despite their significance, most Office exploit kits have not been covered in detail.

In a new research paper, SophosLabs Principal Malware Researcher Gabor Szappanos analyzes some of the most impactful Office exploit generators.

Continue reading

EU Parliament passes the General Data Protection Regulation – why it’s a good thing

EU data protectionAfter four years of preparation to overhaul the European Union’s data protection rules, the members of the EU Parliament gave final approval yesterday to the EU General Data Protection Regulation (GDPR).

The GDPR is a big step forward for better protection of EU residents’ data with a consistent set of regulations across borders.

The GDPR applies to businesses of all sizes, anywhere in the world, that hold information on European residents, and shows that Europe is taking the subject of data protection seriously.

We think the new regulation will make data protection a board-level issue, and it’s a signal to all companies who do business in the EU that they need to protect their customers’ data. Our advice is: don’t ignore the regulation and think “I won’t get fined.”

Continue reading

Announcing Sophos Central: Next-gen security management for partners, admins and (soon!) end users

Sophos CentralThis is a big day for Sophos, our partners, and their customers.

While the security industry has been increasingly trending toward complicated point products – each with their own admin consoles, policy setup, and terminology – we’ve been steadfast in our belief that powerful, feature-filled, and industry-leading security should be integrated and uncomplicated.

You may be aware of our “Security made simple” tagline, but if even if you aren’t, you should absolutely feel it when you use our products. And we believe that we’ve taken a major step forward in that spirit today with the launch of our all-new Sophos Central integrated management platform, formerly known as Sophos Cloud.

Continue reading

Behind-the-Scenes with John Shier, senior security advisor at Sophos

John ShierFor a behind-the-scenes view of what it’s like to be on the frontline of tracking security trends, we interviewed John Shier, senior security advisor and nine-year Sophos veteran.

John works closely with SophosLabs to study and analyze all types of cyberattacks emerging around the world. He’s also an expert on the advanced technology needed to combat these threats.

Continue reading

Sophos named a Top Player in Radicati’s Enterprise Mobility Management Market Quadrant

EMMThe Radicati Group has just released its Enterprise Mobility Management – Market Quadrant 2016 report, and we’re proud that Sophos has earned a place in the Top Players quadrant, demonstrating our leadership in the industry.

Radicati, an independent market research firm not aligned with any vendor, evaluates enterprise mobility management (EMM) vendors based on feature functionality and strategic vision. Radicati says Top Players are “the current market leaders, with products that offer both breadth and depth of functionality,” and have a “solid vision for the future.”

As a Top Player, our EMM product, Sophos Mobile Control, is considered a “complete EMM solution” with “comprehensive feature sets” in the areas of mobile device management (MDM), mobile application management (MAM), mobile security, and mobile content management.

Continue reading