Sophos is the same as any other business – we need to keep our employees (and the company) safe, while at the same time we need to give people the freedom to do their jobs.

Our employees want to be helpful, perform well, and give good support to their co-workers, clients and customers. But good nature is exploitable and it’s those easy-to-exploit characteristics that social engineers seek to tap into.

As an attacker, it’s usually easier to try and push past a human than to try and push past a machine. Unless we understand the tactics and techniques of cybercriminals, people may well fall prey to attacks and put the company at risk at the same time.

The best defense for social engineering attacks is a combination of good controls and an awareness program – start with a good, simple, human readable policy and then base training and awareness campaigns around that.

Who you gonna call?

Staff need a single point of contact – it’s vital for people to know they have a specific person or team that they can ask for help from, escalate issues to, or double check something with – no matter how small they think it is.

Remember, the biggest incidents start with the smallest of indicators. We advertise this point of contact through everything we produce for staff – whether it’s an email from HR, a poster in the coffee area or a presentation we give to employees.

Education through awareness

At Sophos we run an internal education campaign called ‘7 deadly sins of security’. This educates employees on basic security topics, including phishing, passwords, scanning and sharing documents.

Our latest campaign, ‘Don’t let your data get ripped – Encrypt!’, coincided with the full launch of our SGN 8 file-level encryption product.

Through this internal education campaign, staff are informed of particular risks and can learn how to combat them through blog posts, banners, and posters throughout the offices.

Not just for new joiners

Security training and awareness shouldn’t just be something to bulk up a new starter’s welcome pack and then left alone forever more. Nor should it be routinely rolled out just to tick a compliance box.

Beginning at the on-boarding stage with simple policy, this training should be a continuous process, delivered through numerous methods to keep staff engaged and informed.

Phishing

One of the techniques we use to build awareness is phishing testing, and we continuously test our co-workers against this type of threat. Based on real phishing threats we receive as a security team, our tests have a good call-to-action with domains that resemble our own. We generally run one a month, and anyone who gets caught out gets some instant automated training explaining what to look out for and why.

With any suspected phishing (whether it’s a test from us or the real deal), we actively encourage staff to send possible threats to the security team as soon as they see them – ideally before their first click.

To encourage this, we have clear and simple paths for reporting phishing, including an Outlook button to escalate directly to the team. This is the most straightforward way of being able to proactively defend against this threat.

Protect those passwords

We also have an active password audit program. We enforce large passwords and encourage the use of password managers, as well as check staff passwords and crack any of them that are deemed too simple. Any users with poor passwords get to re-visit our password education campaign.

That’s not everything

This is just a small subset of how we build a security culture. The main thing to remember is that it should be constant, not just a check box.

Security awareness is fine; security culture is where it’s at.

You can read the original article, here.

The firewall team has been working furiously over the last several months on the latest release of XG Firewall and, after an extensive beta, we’re really pleased to announce that XG Firewall v16 is available now. This release is a major update that includes over 120 new features and enhancements across all areas of the firewall.

It’s easier to use, with new navigation, enhanced logging and troubleshooting tools, and streamlined workflows. It’s more powerful, with new policy tools that make it easy to build sophisticated web, email, and routing policies custom tailored to your needs.

It’s got more innovative, with new Synchronized Security features like dynamic app identification and new Security Heartbeat options that improve protection, response, and visibility into what’s happening on your network.

There’s a complete list of new features below, but you’ll probably prefer to see what’s new first hand: watch the full 8-minute overview video of all the major new features or see the highlights in just two minutes.

How to get it

The new XG Firewall v16 firmware is being rolled out automatically to customer systems, so keep an eye open for the firmware update notification in your firewall. However, if you’re eager to install the update sooner, you can download the firmware update from from the Community Forums (and later via MySophos) and apply it anytime. Watch this video that explains how to update your firmware.

If you’re new to XG Firewall, you can see what all the buzz is about here and you can also sign up for a 30-day free trial.

Tell us what you think

Many of the enhancements in v16 are the result of your feedback and input – so thank you very much for your help in making this a great release! But please don’t stop there. Let us know what’s on your mind by stopping by the XG Firewall Community Forums.

Need help? Have questions? Our Community has the answers.

The XG Firewall Community is also the perfect place to get all your questions answered and is staffed by members of our technical engineering team as well as some very knowledgeable expert members. There’s tons of useful content in the Knowledge Base and, soon, the new How-to Library as well (stay tuned for more on that). I think you’ll be impressed with the quality and quantity of content available there.

What’s new

Control Center and navigation

• Enhanced Control Center widgets: Several widgets have improved flip-card views or drill-down results including Reports, Interfaces, and Security Heartbeat.
• Navigation: Left navigation has been expanded to improve access and gain consistency with Sophos Central. Menu items are grouped logically on the left side by task or activity. Second level navigation is now tab-based, enabling quicker two-clicks-to-anywhere access to the most frequently used configuration options. (Note: final tab layout and organization is still being worked on for a subsequent beta build.)

Firewall, network and device configuration

• NAT business rule creation: Improved DNAT, Full NAT, and server load balancing rule creation.
• Firewall to firewall RED tunnels: Site-to-site RED tunnel support.
• Cloning: Enables easy cloning of existing firewall rules, objects and policies.
• Firewall hostname: You can now assign a custom hostname to your firewall.
• Policy routes: Route select traffic to a custom gateway based on source, destination or layer-4 service.
• Country filtering improvements: Streamlined implementing country or continent-based filtering in firewall rules.
• DHCP server and relay: Support for concurrent DHCP Server and Relay configurations at the same time.

Authentication and diagnostics

• Direct live log viewer access: Open the live log viewer in a separate window directly from the Control Center using the magnifying glass at the top of any screen.
• Two-factor authentication: Improved access security with support for OATH-TOTP one-time passwords directly on the firewall, eliminating the need for a separate 2FA solution. Support for IPSec, SSL VPN, User Portal, and WebAdmin access. We recommend using the free Sophos Authenticator app for iOS and Android.
• STAS (Sophos Transparent Authentication Suite) UI: STAS configuration has been added to the GUI enabling easy setup without requiring the CLI.
• Live log viewer enhancements: An improved live log viewer which conveniently opens in a new window, with a 5-second refresh option, color-coded log lines, and the option to activate packet capture.

Web and email protection

• New anti-spam features (HELO/RDNS): Added anti-spam technology to identify non-legitimate mail sending servers.
• Email per-domain routing: Route incoming mail to the correct destination server, based on the target domain.
• Creative Commons enforcement: Reduce the risk of exposure to inappropriate images by enforcing search engine filters for content with a Creative Commons license.
• Unscannable content handling: Options to allow or block content that cannot be scanned due to encryption or containers.
• Redesigned web policy model: Flexible new user and group policy creation and in-line editing tools with inheritance that make web policies more intuitive and easy to maintain while dramatically reducing firewall rule count in many situations.
• Warn action: A new web filtering action in addition to Block or Allow that enables users to proceed to websites only after acknowledging a warning that the site belongs to an inappropriate or undesirable category. This option can be ideal in situations where user education, awareness, and monitoring is desired without strictly prohibiting access.
• Google Apps control: Limit access to a selected Google Apps domain to reduce the risk of data loss from users transferring documents to their personal Google Apps.
• External URL lists: Import external URL lists that require enforcement in certain organizations or jurisdictions.
• Full email MTA – store and forward support: Enable business continuity, allowing the firewall to store mail when target servers are unavailable.
• Email SPX Encryption reply portal: Enable recipients of SPX encrypted emails generated by the firewall to reply securely using a portal on the firewall to draft and send a response.

Synchronized Security

• Real-time application visibility: Enables the firewall to solicit information from the endpoint to determine the application responsible for generating uncategorized network traffic. This is valuable for gaining insights into network traffic that is unrecognized by other firewall solutions.
• Missing Security Heartbeat: Enables the firewall to detect when a previously healthy Endpoint is generating network traffic with a missing Security Heartbeat and automatically identify the system and respond. This may be an indication that the endpoint AV has been tampered with or disabled.
• Destination-based Security Heartbeat: Enables the firewall to limit access to destinations and servers based on the status of their Heartbeat, further bolstering protection from potentially compromised systems until they can be cleaned up. Combined with regular Heartbeat policy enforcement, this can effectively isolate a compromised system completely – both inbound and outbound.

Deployment and hardware

• AP 15C support: Adds support for the entry-level AP 15C ceiling mount access point.
• Improved Security Audit Report: Improved layout, presentation and information for the customer facing Security Audit Report provided after a TAP-mode or Inline-mode Proof-of-Concept deployment.
• Microsoft Azure platform support: Support for deployment in Microsoft Azure as a preconfigured virtual machine from the Microsoft Azure Marketplace with pay-as-you-go or bring-your-own-licensing (BYOL) options.
• High availability enhancements: HA support for configurations using dynamic (DHCP/PPPoE) interfaces.
• RED 15w support: Adds support for the RED 15w with integrated wireless.
• 4x10G 4-Port Flexiport module support for 1U XG Series appliances

Issues addressed

• Open issues addressed: In addition to new features, this release has closed hundreds of open issues identified since the release of v15 across all areas of the product. Check the release notes for details.
• Vulnerabilities addressed: A number of vulnerabilities have also been closed with this release, improving the security of your Firewall

What’s next

Now, of course, we’re not done yet by any means. There’s still lots of great things we want to do, but I think you’re going to love the improvements in this release so I encourage you to check it out.

You can read the original article, here.

According to a variety of industry reports, cyber security spending is measured in Billions of dollars, and it’s projected to grow – driven by a number of market factors including cloud, mobile, IoT and other “elements of digital business.”

But as organizations move quickly to shore up their security systems, motivated attackers continue to innovate and evolve their tactics just as rapidly. From sophisticated phishing attacks, software flaws and reverse-engineering, to protocol analysis, misuse of cryptography, side-channel attacks and even attacks on physical security measures, attackers often have little trouble getting into an organization’s network. Remember – attackers are patient – always looking for a crack to enter enterprise networks.

This is one reason why layered security is critical – ideally including proactive controls such as encryption and detection systems to identify malicious behavior. Yet security systems can be largely ineffective without privileged account security in place as a safeguard.

Think of it this way: privileged accounts are embedded within every piece of security, database and network technology – used for installation and management. As such, they represent a gateway into your organization’s most valuable assets. If you deploy a million dollars’ worth of next-gen firewalls but don’t secure their privileged accounts, an attacker can obtain those credentials and go right through your firewall. Attackers are experts in spotting “cracks,” including small vulnerabilities that only exist for a few hours. Even the smallest “crack” of one stolen credential can be enough to make your million-dollar firewall investment nearly worthless—or worse, take down your entire organization.

Today’s reality is that the IT infrastructure is not fully protected unless privileged accounts and their credentials (accessed by both humans AND applications) are secured.

To maintain the credibility and efficacy of your security solutions, put privileged account security in place before you deploy any other security controls or detection solutions. For other reasons to prioritize privileged account security today, download our new At-a-Glance Guide.

You can read the original article, here.

Cab rides, airport security, busy cafes, hotel rooms, airplanes; all can be very treacherous places for laptop computers. Each year, millions of laptops are lost, stolen or simply left behind, with many of them containing important and sensitive data.

Full-disk encryption is the essential first line of defense for protecting data in any of these events and, plainly speaking, it should be used for all business computers.

Traditionally, the catch with full-disk encryption has been that in order to use it efficiently across an organization, a bit of effort is needed: data protection policies need to be created, management servers must be installed, key recovery processes need to be put in place, users have to be trained, and so on.

We figured you don’t have time for all that, so let’s make it simple: We’re very excited to announce Sophos Central Device Encryption, which is our full-disk encryption for Windows managed from Sophos Central – our single, integrated, web-based administration interface.

Sophos Central Device Encryption offers a three-click policy setup, no key management servers to install, compliance and reporting features, and self-service key recovery for your users. It’s the easiest way to manage BitLocker encryption for all your Windows users.

With installation and setup done in minutes, it’s an extremely powerful addition to your data protection strategy.

Why not see for yourself? Take Sophos Central Device Encryption for a spin today with a free 30-day trial.

Read more about Sophos Central Device Encryption here or see it in action below.

You can read the original article, here.

For more than a decade, CyberArk has focused on helping companies to protect high value assets inside the network. Over the years, privileged account security has evolved from compliance-driven projects to thoughtful strategic programs adopted enterprise wide.

Along the way, we have innovated and enhanced our offering to stay ahead of ever-changing advanced threats, but our focus remains on helping our customers to proactively protect privileged accounts. Today our platform delivers new a layer of security inside the network – designed to help organizations build and maintain trust in their IT systems and protect what matters. This is not only our mission, it’s our passion. Working closely with customers and educating the market about best practices is not only important, but essential for the entire business community. Best practices are not static –they advance as new insights are available. We listen, observe, collaborate and advise as threats emerge and evolve.

CyberArk works with security teams at companies in virtually every industry, and there is a growing recognition that privileged account security must be a top priority. Cyber attack headlines extend well beyond hospitals, government and financial institutions. All organizations have valuable assets – data about employees, customers, IP, financial information – and all organizations have privileged accounts that need to be secured in order for those assets to be protected.

Credentials -and, in particular, privileged credentials- give attackers the permissions necessary to access servers and steal data or go after the domain controllers and take control of the IT environment. They are the gateway to an organization’s most valuable assets and are the common denominator in the cyber attack life cycle. Securing privileged accounts and credentials must be at the top of the enterprise security agenda. In fact, it’s time to put privilege first.

With this in mind, we’ve highlighted five reasons to make privileged account security your first priority, and each is detailed in our new guide, which I encourage you to read.

5 top reasons to prioritize privileged account security:

• Single solution to protect against insider threats and external attackers
• Privileged accounts represent the express lane to your domain controllers.
• Privilege is the road most traveled.
• Your security systems need to be secure.
• Securing privileged accounts is the first action following an attack

Prioritizing privilege will put you on the fast-track to reducing your organization’s risk profile with measurable return on your investment.

You can read the original article, here.

How do things stand with you in terms of protection for personal PCs and Macs? Do the following situations sound familiar? Missed updates? Calls from your mother when the PC has once again been hit by a virus? Complicated installation processes?

If you answer „Yes“ to some or all of these questions, then we have just the rescue package you need: Sophos Home, our free security solution for private users that guarantees you all-round protection.

With Sophos Home you will get the same award-winning technology that IT professionals trust to protect their businesses – for free, for your personal devices. You will get:

• A fully-featured security tool for up to 10 PCs and Macs
• A free full version, not trialware or adware that you constantly need to renew
• Anti-virus, anti-malware and web content filtering

Sophos Home is extremely easy to use – you really don’t have to be a security expert. To register, just visit www.sophos.com/home and create an account.
We hope that you enjoy using Sophos Home and that the fall season gets off to a relaxing start for you!

At Sophos, we’re no strangers to next-generation security. You can see it across our entire product line, from our powerful Security Heartbeat technology that leverages Sophos Central to facilitate communication between endpoints and the network, to our advanced behavioral analytics and malicious traffic detection features (and a whole lot more).

Today, with the introduction of Sophos Intercept X, we’re taking a massive leap forward in next-generation protection – not just for Sophos, but across the entire security industry as a whole.

Sophos Intercept X ushers in a new era of endpoint protection for modern threats, featuring signatureless anti-exploit, anti-ransomware, and anti-hacker technology that includes beautiful visual root-cause analysis and advanced malware cleanup – all managed via the Sophos Central Admin console.

No other solution on the market offers so many features in a single package. Use it alongside our Sophos Central Endpoint Advanced protection or as additional protection to augment and double-check the antivirus coverage from your current vendor, all with minimal impact to system performance: no signatures, no scanning, and no meaningful CPU usage until we’ve intercepted and eliminated something malicious.

You’ve undoubtedly seen countless headlines about crippling ransomware attacks that cost people billions of dollars each year. With Sophos Intercept X, we’ve integrated powerful ransomware protection that’s capable of not only automatically stopping ransomware attacks as soon as they’re detected, but rolling back damaged files to known and safe states as well.

While ransomware seems to grab all the headlines these days, our ransomware-killing technology is made possible by the advanced anti-exploit technology that serves as the foundation of Intercept X. It blocks zero-day and patient-zero threats without the need for traditional file scanning or signature updates. In other words: even if we don’t know about it yet, we can still stop it.

In addition, we’ve added automated forensic reporting that traces attacks back to their origins, pinpoints additional infection points, and offers prescriptive guidance for strengthening your organization’s security posture in the future. Sophos Intercept X also includes comprehensive deep-cleaning technology, which hunts spyware down that other traditional AV misses and rips out deeply embedded, lingering malware to make remediation a snap. Again, no other vendor offers this much protection in a single package.

We invite you to take Intercept X for a free 30-day spin alongside our advanced endpoint protection or your current vendor’s. If you’re already a Sophos Central customer, simply contact your partner to get set up; if you’re new to Sophos, sign up for a free 30-day trial account of Sophos Central, which includes Intercept X. Please visit the Sophos Intercept X product page for more details.

We hope you enjoy using Intercept X as much as we’ve enjoyed building it. This is the first in a new line of incredibly powerful next-generation solutions from Sophos. We’re extremely excited with how far we’ve come and with what’s still on the horizon.

Υou can read the original article here.

Just like the visible stars in any night sky, the number of IoT devices may soon be countless and with that, count on at least one vulnerability and probably more for each device. IoT is exacerbating concerns over mobile security threats, as well as exploits that lack a mobile component. IoT will play a role in more than one-fourth of all cyberattacks by 2020.

The sheer number of connected devices forming an attack surface globally and the degree to which these devices and our increasingly connected culture are so easily compromised will continue to compound the issue. A lot of research is going into methods for exploiting IoT. Organizations need to be equally aware of the threats and attack vectors in order to form plans for protection, detection and response.

IoT attack vectors

Enterprise data stores of intellectual property and customer data can seem far removed from a smart home’s intelligent fridge or thermostat. Yet black hat crackers absolutely can spoof that fridge, launch a man-in-the-middle attack, gain control of your employee’s smartphone and from there, potentially gain access into your organization.

The same kinds of IoT devices and hardware that provide efficiencies and conveniences in the home do likewise at the office. The path to your data treasures is greatly abridged when these gadgets are plugged directly into the office.

Attackers are including smart home and smart office IoT in botnets to attack the enterprise. Due to limited security for IoT, black hat crackers can readily use these devices in the same way they do zombie computers, building and maintaining significantly larger botnets and enabling their botnet armies and C&C servers with more power and an extended grasp to launch more efficient and effective attacks.

As with other DDoS attacks, these can be used to overwhelm cybersecurity while another much more damaging attack takes place. Furthermore, with their added size and strength, these IoT botnets (or botnets combining IoT gadgets and zombie computers) can send many times more Phishing emails, exploding the likelihood that someone will fall prey and infect the organization. There are many examples of how weaponized IoT devices that form botnets for DDoS attacks can do harm.

Black hats have demonstrated attacks where the successful manipulation of IoT can lead to hacks on gmail. With so many business personnel using gmail, this is another potential path into the enterprise for the hungry attacker.

Don’t forget the IIoT (Industrial Internet of Things) and SCADA devices that industry is increasingly connecting to the Internet. An internet connection is all attackers need to find and manipulate IIoT and SCADA devices and bring affected parties to their knees through the compounding repercussions of their acts.

Cybersecurity for IoT: Where to Begin

To secure IoT, begin now to select and design IoT assets, deployments, and infrastructure with centralized monitoring and management in mind. This way, you can start to secure IoT hardware from a central system rather than by doling out nonuniform security measures here and there a bit at a time. Read about increasing your secuirty posture for better IoT defense.

You can read the original article here.

SophosLabs has just released a research paper on a new way that cybercriminals are distributing malware that makes money by “borrowing” your computer to mine cryptocurrency.

The report by Attila Marosi, Senior Threat Researcher at Sophos, investigates the Mal/Miner-C malware, which criminals are using to mine the cryptocurrency Monero.

In this paper, Marosi examines how Mal/Miner-C quietly infects victims’ computers and communicates with host servers to run mining operations covertly in the background.

Alone, one computer may not make a big impact on cryptocurrency mining, but the criminals aim to infect as many computers as possible with their malware so they can reap the cumulative financial reward from hundreds of thousands of infected computers.

Marosi investigates how NAS devices are used as a distribution server for the Mal/Miner-C malware, and explores the criminals’ mining activities and how much money this racket is potentially worth to them.

Download this new technical paper today to learn about Mal/Miner-C, how it is used to mine cryptocurrencies, and how you can help to stop the crooks.

You can read the original article here.

Apple has made iOS 10 available and will push upgrade notifications out to devices over the next few days. Some early adopters even have iOS 10 already installed!

Good news – Sophos Mobile Control is ready with same-day support of iOS 10. Once iOS 10 is loaded onto your users’ devices, it’ll be supported by all components of Sophos Mobile Control.

For a comprehensive list of iOS 10 features, please visit Apple’s iOS product page. Another good source of information about iOS 10 and the newly-announced Apple gadgets is Digg.com’s live blog from Apple’s recent iPhone 7 keynote.

As long as your users are using the latest versions of Sophos Mobile Control apps, there’s nothing you need to do to fully support iOS 10 across your Sophos Mobile Control estate. We’ve already tested against the various alpha and beta versions of iOS 10 and have modified Sophos Mobile Control to be compatible whenever your users are ready to update their devices.

You can read the original article here.

We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management* is out, and Sophos is positioned in the Leaders Quadrant for the fifth year running.

We continue to be one of only three vendors in the Leaders Quadrant. And we think that says a lot about our standing in the eyes of customers, partners and industry analysts.

The Magic Quadrant is based on an assessment of a company’s ability to execute and completeness of vision.

Our strategy for the mid-market and our channel is clearly working very well as we deliver on our promise to make security simple with unique innovations that make our UTM products easy to deploy, manage and use. As a result, more and more partners and customers are turning to Sophos for their next firewall and UTM. In fact, the momentum in our growth is outstanding – more than triple the industry growth rate.

With the launch of our new and innovative XG Firewall and Synchronized Security we are also delivering on our vision for the future of IT Security where security components work better together to improve protection and respond to incidents. And with more and more IT infrastructure moving to the cloud, our leadership in protecting IaaS further reinforces our ability to anticipate important trends impacting your business and ensure your network is secure everywhere.

As the only IT security company to be positioned as a Leader across both Unified Threat Management* and Endpoint Protection Platforms** – we think our complete security offerings uniquely position us to deliver on the next generation of protection – Synchronized Security.

You can access the Magic Quadrant for Unified Threat Management report here (registration required).

You can read the original article here.

The Shadow Brokers are a self-styled hacker group that recently kicked off a tongue-in-cheek media campaign claiming that they’d penetrated the NSA (or someone like that – they’re referring to the victim as the Equation Group).

Shadow Brokers say they’ve made off with a virtual warehouse of tip-top “cyberweapons” that they plan to auction off.

To help you believe they have some good stuff in the auction files, they’ve released a bunch of hacked data for free, including documents, programs, scripts, exploit code and so on.

Interestingly, there’s more free stuff (191MB compressed) than there is data up for auction (134MB compressed):

-rw-rw-r–  1 bloke staff  134289064 25 Jul 10:49 eqgrp-auction-file.tar.xz.gpg
-rw-rw-r–  1 bloke staff  191282372 25 Jul 10:50 eqgrp-free-file.tar.xz.gpg

We can only assume that the “auction” is supposed to be interpreted as a giant lampoon of the buying-and-selling-of-exploits scene, because the terms of the auction are absurd:

• There’s no cutoff time for bidding. The crooks will stop collecting bitcoins and pick a winner if and when they choose, which could be any time (or never).
• You’re not allowed to know what you’re buying. It’s a secret.
• The crooks keep every bid you submit, whether you end up winning or not.
• Once the total of all bids gets to BTC 1M (over $0.5B), everyone in the world gets everything for free.

Actually, for all the tongue-in-cheek here, the Shadow Brokers crew make an excellent point when they explain why they aren’t giving away the list of cybermaterial:

Q. What is in auction files? A: Is secret. Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins.

That’s a common problem after a data breach: not knowing quite how bad it really was, with the result that in your official breach disclosure you have to assume and describe the worst that could have happened.

When a crook breaks into your flat and steals your widescreen TV, you can tell, because there’s a huge area of blank wall where the TV used to be.

But when a crook wanders into your network and steals your data, it’s a different sort of theft: all your data’s still there, as well as being in any number of other places as well.

What we know

What we do know from the Shadow Brokers eqgrp-free-file.tar archive is that something was stolen or leaked by someone, at some unknown earlier time.

Whether it’s only being leaked now by the original thieves, or whether it’s been re-stolen by a new lot of crooks, we don’t know.

But at least one of the exploitable vulnerabilities amongst the free files, found in the Firewall/EXPLOITS/EXBA/ directory, not only works, but also turns out to have been a zero-day bug.

EXBA is short for EXTRABACON, and the EXBA script is documented like this:

#CISCO ASA SNMP exploit script
#Works on most 8.x(y) versions through 8.4(4).
#Do not use against unknown or unsupported versions

The files in the archive are timestamped June 2013, for what that’s worth, and the affected Cisco ASA versions listed date from 2007 to the start of 2012.

ASA is short for Adaptive Security Appliance, one of Cisco’s firewall products.

The bug was obviously news to Cisco, who quickly and creditably responded with a detailed analysis of the flaw.

What to do?

As far as we can see, the exploit and shellcode that Shadow Brokers published for this vulnerability almost certainly won’t work as they stand against any recent version of the Cisco ASA product.

Nevertheless, because the bug was never disclosed, it remained in Cisco’s code.

That means a determined attacker has a huge head start at finding an exploit for recent Cisco ASA products, even if both the EXTRABACON script and its associated attack code needs work.

In other words, check out Cisco’s writeup to check if you’re at risk and, if so, what to do about it.

You can read the original article here.

Being an IT security professional isn’t easy these days; the cyber threat landscape is constantly evolving. Ransomware, Trojans, Malware, and distributed denial of service (DDoS) attacks are some of the most common types of threats. Each has different vectors and flavors, and each brings its own risks and costs. IT pros clearly need multiple layers of security, but which layers are most important? Common solutions range from firewalls to anti-virus software and network intrusion and advanced persistent threat tools.

With all those threats, we understand it must be hard to prioritize which security solutions are the most important to implement. However, DDoS attacks are increasingly common and growing more dangerous and sophisticated, so if you don’t have an anti-DDoS solution in place, consider the risks. Can your network threat defense handle a DDoS attack? It’s proven that intrusion prevention systems and firewalls are no match for DDoS attacks.

If you think your organization is unlikely to be a DDoS target, think again; you don’t have to be a high-profile company or organization to be a victim of DDoS. When most people think of DDoS, they think in terms of the incidents that make headline news, when attacks take a website or application offline. However, DDoS hackers seldom launch attacks to take a website offline. An overwhelming majority (93%) of DDoS attacks are under 1Gbps, and last less than 30 minutes. That may sound harmless, but it’s not. Increasingly hackers use “Dark DDoS” attacks as a smokescreen for more destructive, stealthy cyber-attacks.

Sometimes IT security staff don’t even realize when their website or application is undergoing a DDoS attack. Other times, the attack is noticed, but while the IT security staff are busily investigating why their network performance is dragging, the cyber criminals are equally busy behind that smokescreen, testing for network vulnerabilities, installing malware, stealing intellectual property or exfiltrating sensitive data from your network. By the time IT security staff discover the true source of the problem, the hackers probably did plenty of damage. Even if security staff “swing” the traffic out to a cloud-based scrubbing service, that usually takes 10-30 minutes to enforce.

That’s why investing in automated, inline network threat protection may be your wisest move; it detects and blocks even the smallest DDoS traffic packets. There are many security issues that beg for attention, but DDoS attacks pose a double threat because while they sometimes cripple a website, they more often mask more nefarious and damaging network infiltrations. IT security professionals can cover two bases by having an anti-DDoS appliance in place.

You can read the original article here.

In many parts of the world right now we are right in the middle of back-to-school season. Kids are getting excited to see their friends again and head back to the classroom, and are preparing for the best possible experience in school this year.

But what about at home? With so much of a child’s social life, homework and playtime happening online nowadays, you want to make sure their experience on the internet is as safe and fun as possible.

We have a number of tips that your kids can use to be safer online and on social media. But no matter how careful or internet-savvy your kids might be, criminals are always coming up with new ways to cause problems and find their way into your home computers.

Thankfully, Sophos Home can help. It brings our commercial-grade security straight to your home computers, completely for free. And, it’s just been given a great rating by Tom’s Guide!

Here are 6 ways Sophos Home can protect your kids this school year:

1) Web filtering: Sophos Home offers 28 web filter options, giving you the ability to allow, warn, or block entire categories of websites from your children’s computers. Categories range from blogs and chat sites to gambling and pornography.

2) Web and phishing protection: Even if kids are surfing good sites online, bad things can still happen. We can prevent access to sites that have been unknowingly compromised by malware and prevent kids from being redirected to fake websites posing as the real thing.

3) Potentially Unwanted Application protection: Worried your kids could be downloading apps and programs on their computer that are full of ads, spyware and other issues? Sophos Home can detect and prevent these applications and programs from installing or running.

4) Antivirus/Antimalware: Sophos Home can stop and remove malware that would allow cybercriminals to steal information and spy on your children.

5) Management: Multiple kids in multiple places? Sophos Home can manage and protect up to 10 Macs and PCs on one account, no matter where in the world they are located.

6) Money: Kids cost a lot of money. Sophos Home can protect them all without a penny, shilling, kopek, cent or any other currency you can think of.

We’re a little bit biased, but we think Sophos Home is the ideal way to keep your kids safe online this year, and give you one less thing to worry about.

Try Sophos Home today!

You can read the original article here.

Sophos officially announced the release of Sophos Email, our brand new secure email gateway solution, as an addition to our Email product range and our Sophos Central management platform.

It’s engineered to provide our leading threat and spam protection to users of Microsoft Exchange Online, Office 365, Google Apps for Work and many other email services. And from what we heard in our recent email security survey, users of cloud-based email services like these are in desperate need of the extra protection it delivers.

We conducted the survey among our Spiceworks community and readers of Naked Security.

We’re just starting to analyze some of the results and they make for interesting reading.

First, they confirmed that businesses are rapidly shifting to cloud-based email with a total of 38% using it today as their primary email platform.

Many are also choosing to use the cloud for security too, with 43% of respondents using a cloud-based service for email security – almost double the percentage of those using the next most popular solution of dedicated email hardware appliances (22%).

18% of our respondents are using email protection as part of their UTM hardware appliance. Virtualized dedicated appliances (12%) were also a popular option, although only 5% were using a virtualized UTM.

When we asked users of the most popular cloud-based email platform – Microsoft Office 365 – about their biggest concerns, system reliability (fear of service downtime or outages) and lack of security came top of the list.

It’s not surprising reliability was a top concern – recent outages are clearly in people’s thoughts.

In terms of security, it’s clear that IT teams are not confident in the security they are getting with Office 365 – 50% of Office 365 users agreed that third party security solutions are essential to extend Office 365 security.

This tallies clearly with Gartner’s prediction that, by 2018, 40% of Office 365 deployments will rely on third party protection – an increase from under 10% in 2015.

Ransomware, malicious attachments, malicious URLs, viruses and phishing were the top five security threats people were worried about, with over half the respondents saying they were very concerned about these threats. Despite this recognition of email-borne threats, over a quarter of respondents admit that they rarely or never review their email security policy to check if it is effective.

We also asked our participants which features are most needed to improve their current solutions. It seems advanced sandboxing solutions, such as Sophos Sandstorm, and data protection features, including encryption and data loss prevention, are the most sought after.

Time-of click protection, which checks URLs in emails as people click them and not just when the email is received, was also a highly requested addition to counter those worries about malicious URLs.

We’ll look more closely into the numbers over the coming weeks. For now, the message is pretty clear – IT teams recognize that email is a primary threat vector, infrastructure and security is moving to the cloud, and businesses are looking for extra protection to make sure they don’t fall foul of the ever-increasing number and sophistication of threats.

So we believe Sophos Email is great for those who are looking to move their email infrastructure and security to the cloud.

And, because Sophos Email is part of Sophos Central, it can be managed right alongside Endpoint, Mobile, Server, Web and Wireless, meaning better security is matched by increased efficiency too.

If you haven’t moved to the cloud just yet, a Sophos Email Appliance or UTM solution may help give you peace of mind.

If you’d like to take a look at Sophos Email or any of our Email products, simply start a free 30-day trial.

You can read the original article here.

We’re honored to announce that Sophos has won three distinguished categories in CRN’s 2016 Annual Report Card (ARC).

Following on from last year’s success, we were named overall winners in both the Network Security category and the Data Security category, as well as receiving the highly regarded Product Innovation award in the Endpoint Security category.

CRN’s study recognizes those technology vendors most highly praised by their solution provider partners, and for over three decades has been a benchmark for quality within the IT channel.

Using the feedback of more than 2,480 solution providers, this year’s honorees were chosen from the results of an extensive, invitation-only survey by The Channel Company’s research team. Participants were asked to evaluate their satisfaction with 80 vendor partners in 24 major product categories.

Kendra Krause, vice president of global channels at Sophos, said she’s delighted with the win:

“We are a next-generation security company with an unparalleled dedication to our channel partners and I am honored that once again our efforts are recognized by those we serve. Winning CRN’s ARC awards validates Sophos as a channel leader that continues to drive the IT security market forward.”

You can read the original article here.

We’ve just updated Sophos Server Protection in Sophos Central, adding next-generation malware prevention and detection techniques for server environments. Solid server security starts with good operational hygiene, which includes restricting who and what can reach the server, and what applications can run.

We’ve now made that easier in Sophos Central Server Protection with the inclusion of:

Malicious Traffic Detection on both Linux and Windows servers: Malware frequently connects to remote servers for further instructions, updates or uploads of data. Malicious Traffic Detection, or MTD, monitors traffic for signs of connectivity to known bad URLs. If malicious traffic is detected, suspect executables are scanned on all servers licensed with Sophos Central Server Protection Advanced and can be blocked on Windows servers.

Peripheral Control: For physical servers, good operational hygiene should include limiting access via peripheral devices, including removable storage, modems and devices such as phones, tablets and cameras. With Sophos Central Server Protection, customers can monitor (Standard license) and block (Advanced license) the use of peripheral devices for their servers with ease.

Application Control: You can now define policies to allow or block certain categories of known applications on servers. This is in addition to our Server Lockdown feature, which doesn’t allow any applications to run other than those explicitly allowed. (Applicable for Windows servers with Advanced licenses).

Download Reputation: We provide a trustworthiness score for each downloadable file, based on SophosLabs research, giving you reassurance that you are downloading only safe files to your server. This is now available with either the Standard or Advanced licenses on Windows servers.

You can get a free trial of Central Server Protection Advanced here. Customers of Central Server Protection Advanced will automatically receive these updates.

You can read the original article here.

Sophos Endpoint Protection has been awarded 2 AAA awards from SE Labs. The top awards come in the latest round of independent tests conducted for Enterprise and SMB companies looking for endpoint protection.

We make every effort to participate in several independent tests, so you don’t have to take the word of us or any other vendor about our products’ efficacy.

SE Labs was created by Simon Edwards, the former technical director of the now-defunct Dennis Technology Labs. Simon is also the former chairman of the Anti-Malware Testing Standards Organization (AMTSO), to which SE Labs and Sophos both belong. In other words, he knows a thing or two about testing security products.

SE Labs’ tests expose products to a variety of malware and simulated exploits. They attempt to use realistic methods to deliver the threats (e.g. email attachments, web downloads, etc.). The lab produces three separate reports: Small Business, Enterprise, and Consumer Endpoint Protection. Sophos Endpoint Protection was included in both the Small Business and Enterprise reports.

Sophos earned a “total accuracy” score of 98% in both the Small Business and Enterprise reports. Total accuracy is a calculated score that accounts for the degree of protection and the rate of false positives.

The SE Labs tests are very relevant to buyers of endpoint protection, as they highlight the need for multiple prevention and detection technologies. The Enterprise report noted that the products which achieved the best results did so “due to a combination of their ability to block malicious URLs, handle exploits and correctly classify legitimate applications and websites.”

Choosing an endpoint protection product that uses multiple techniques to help you prevent, detect and respond to threats is a vital part of your security strategy, and we are delighted that the SE Labs tests have independently verified Sophos’ capabilities on behalf of enterprises and SMBs alike.

You can read the original article here.

It’s official: the highly anticipated public beta for the Sophos XG Firewall v16 is now underway, and we’d love for you to get involved. The product team has been working furiously for the last several months making this one of the most ambitious and exciting product releases ever. It’s loaded with tons of new features and enhancements that we think you’re going to love.

What’s New

• XG Firewall v16 brings over 120 new features and a long list of optimizations and enhancements. The key focus areas for this release:
• Improving the user experience to make it faster and simpler to manage.
• Adding features to provide parity with SG UTM.
• Adding more innovative Synchronized Security features.

The highlights include:

• All new navigation, enhanced control center and improved UI across many areas
• Redesigned Secure Web Gateway style web policy model with inheritance
• Full Email MTA with store and forward capabilities
• Two-factor authentication (one-time-password) support
• New Security Heartbeat and Synchronized Security features
• Microsoft Azure Support

…And so much more!

See what’s new in v16 for complete details on the enhancements and new features.

We want you! We highly encourage you to participate in testing this beta and help make this release the best it can be. Please head on over to our Beta Community Forums to get the latest beta firmware, meet your fellow beta testers and Sophos staff, and share any issues or feedback you have.

XG on Azure

If you’d like to preview XG on Microsoft Azure, send us a request with your Azure subscription ID to azure.marketplace@sophos.com. We’ll whitelist your account for preview access and provide instructions on how to launch XG from the Azure Marketplace.

Learn More about XG Firewall

Learn more about Security Heartbeat and see Sophos XG Firewall in action at sophos.com/xgfirewall. And if you want to get hands on, try it out with our free home edition or sign up for a 30-day trial in your business.

You can read the original article here.

It may be summertime in the Northern Hemisphere, but the first week of August has been marked by a blizzard. A virtual blizzard, that is, of distributed denial of service (DDoS) attacks on some gaming companies. Rockstar Games’ Grand Theft Auto 5, Nintendo Pokémon GO, the PlayStation Network and Blizzard’s Warcraft and battle.net  were all affected. The hacker group PoodleCorp claimed responsibility for the DDoS attacks, and says that it plans larger attacks.

It’s not at all surprising that hackers conduct DDoS attacks on gaming companies. When thousands of online gamers are locked out or booted off their games, it gets the attention of the media. Because hackers are often motivated to gain notoriety, the attacks work well for them.

What is surprising, however, is that some gaming companies have not deployed technology to detect and mitigate such attacks. The technology to do so is readily available, and more affordable than ever.

The stakes are high for the gaming companies because when they lose players they lose revenue. In addition, they lose money in terms of spending staff time to troubleshoot DDoS attacks, around the clock, which is expensive. One Corero customer, Jagex, experiences up to 10 attacks per day; fortunately they’re able to detect and mitigate those attacks—without consuming IT security staff time—by using Corero’s family of DDoS Mitigation Hardware.

There is no drought of DDoS attacks now, and analysts forecast that DDoS attacks will only increase in frequency, volume and sophistication. Until gaming companies get smart and defend their network perimeter, they’ll lose the battle against hackers many times in the future.

You can read the original article here.