Security News

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos. The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.

Sophos and ReversingLabs on Monday announced SoReL-20M, a database of 20 million Windows Portable Executable files, including 10 million malware samples. Aimed at driving security improvements across the industry, the database provides metadata, labels, and features for the files within, and enables interested parties to download the available malware samples for further research.

Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam operating system that could remotely add accounts to a CROS device.

British cybersecurity and hardware company Sophos has emailed a small group of customers to alert them that their personal information was exposed following a security breach discovered on Tuesday. "On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support," the company said in the notification email.

"We know what you're thinking:"Another year; another vendor; another threat report. We've combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos AI, and our Cloud Security team, to deliver a comprehensive review of the security landscape.

If you are a regular Naked Security reader, you'll know that we generally steer clear of publishing content that deals specifically with Sophos products and services. That's not only because we want to make sure that Sophos customers know how to get the best out of our own products and services, but also because understanding how we organise our threat research, and why our products work the way they do, is more than just a fascinating story.

Sophos has placed 100 staff at risk of redundancy and is said to be shutting down its Naked Security blog, sources have told The Register - although the private equity-owned biz denied this. Sophos spokeswoman Tilly Travers told The Register: "We can assure you that Naked Security is fully functioning and will remain that way."

Malicious actors targeting a zero-day vulnerability in Sophos XG Firewall appliances last month attempted to deploy ransomware after Sophos started taking measures to neutralize the attack. One of the files deployed by the attackers would act as a "Dead man switch," to launch a ransomware attack when a specific file would be deleted on unpatched firewalls during a reboot or power-cycle, the security company reveals.

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.