Security News

If you are a regular Naked Security reader, you'll know that we generally steer clear of publishing content that deals specifically with Sophos products and services. That's not only because we want to make sure that Sophos customers know how to get the best out of our own products and services, but also because understanding how we organise our threat research, and why our products work the way they do, is more than just a fascinating story.

Sophos has placed 100 staff at risk of redundancy and is said to be shutting down its Naked Security blog, sources have told The Register - although the private equity-owned biz denied this. Sophos spokeswoman Tilly Travers told The Register: "We can assure you that Naked Security is fully functioning and will remain that way."

Malicious actors targeting a zero-day vulnerability in Sophos XG Firewall appliances last month attempted to deploy ransomware after Sophos started taking measures to neutralize the attack. One of the files deployed by the attackers would act as a "Dead man switch," to launch a ransomware attack when a specific file would be deleted on unpatched firewalls during a reboot or power-cycle, the security company reveals.

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.

Attackers have been targeting the Sophos XG Firewall using a zero-day exploit, according to the security firm - with the ultimate goal of dropping the Asnarok malware on vulnerable appliances. Firewalls manually configured to expose a firewall service to the WAN zone that shares the same port as the admin or user portal were also affected," the firm explained.

Aside from plugging the security hole, the hotfix detects if the firewall was hit by attackers and, if it was, stops it from accessing any attacker infrastructure, cleans up remnants from the attack, and notifies administrators about it so that they can perform additional remediation steps. The zero-day affects all versions of XG Firewall firmware on both physical and virtual Sophos firewalls.

Cybersecurity company Sophos informed customers over the weekend that it has patched a zero-day vulnerability that has been exploited to deliver malware to its XG Firewall appliances. An investigation revealed that attackers have been exploiting a previously unknown SQL injection vulnerability to hack exposed physical and virtual firewalls.

Sophos XG Firewall hacked in the wild - hotfix available. Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability - after hackers were spotted exploiting the hole in the wild.

In September last year, Sophos made Sandboxie free, while also announcing that it was transitioning the tool to open source. "Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool! We're excited to give the code to the community," the company announced on its forums.