Important: This article may continue to be updated with further advice. We therefore recommend you check back here regularly for new information.

Applies to the following Sophos product(s) and version(s)

• Sophos UTM
• Sophos Anti-Virus for VMware vShield

For information relating the vulnerability to other Sophos products see:

Is SafeGuard Enterprise affected by the recently identified OpenSSL leak in versions 1.0.1 to 1.0.1f (cve-2014-160)?
Is Sophos Mobile Control affected by the recently identified OpenSSL leak in versions 1.0.1 to 1.0.1f (cve-2014-160)?

What is the vulnerability?

The official CVE is tracked here and mentions versions of Open SSL used in some Sophos products (see below).

The vulnerability described uses a TLS heartbeat read overrun which could be used to reveal chunks of sensitive data from system memory of any system worldwide running the affected versions of OpenSSL – but only exposed services are immediately affected, as the bug allows to be read from the processes own memory.

For more information read our naked security blog article on the issue: Anatomy of a data leakage bug – the OpenSSL “heartbleed” buffer overflow

What versions of Open SSL are affected?

1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

What products are affected and how is the vulnerability fixed?

The table below lists all the affected Sophos products. Important: Though other products may use SSL these are not affected and no action is required.

If you use one or more of the products mentioned below use the table to guide you on what is required. 

Important: There are three primary requirements to patch the OpenSSL vulnerability, protect yourself from any future exploit attempts and to mitigate any security vulnerabilities if your certs have already been compromised

• Apply the OpenSSL Patch
• Regenerate all SSL certs
• Change all passwords

Where do I get the Patch and instructions to Renegerate all SSL Certs?

The currently available patches for UTM are listed in article Heartbleed: Recommended steps for UTM. We will add details on other patches as soon as possible. Check back HERE for updates.

By offering this service, GlobalSign hopes to encourage the use of SSL in application development and the growth of security best-practices.

Through GlobalSign’s commitment to the open-source community, projects are eligible to receive one free Wildcard SSL Certificate valid for as long as the project meets minimum requirements. Open-source software projects that allow developers and the general public to freely access the source code have become very popular and are looked upon by many as leaders in the industry, representing an important segment of the technology community. Offering SSL Certificates will allow developers to improve the trust and security of their projects, which people around the world rely on. GlobalSign hopes this partnership can also make a difference by setting an example in how SSL is deployed today.

“We are delighted to show our commitment to the open-source community by offering free SSL Certificates to these projects,” said Ryan Hurst, chief technology officer, GMO GlobalSign, Inc. “We believe this effort will not only help the developers and users of open-source projects but also encourage the adoption of industry best-practices in the use of SSL.”

To qualify for a free Wildcard SSL Certificate from GlobalSign, the software project must use a license approved by the Open Source Initiative. GlobalSign will also require that projects maintain secure SSL configurations. Projects can quickly and easily evaluate their SSL strength by using the GlobalSign SSL Configuration Checker, which currently checks for over 30 common problems relating to configuration and provides recommendations on how to fix them, thus making it easy to achieve a secure configuration.
Those in the open-source software community who are interested in obtaining a free Wildcard SSL Certificate from GlobalSign may enroll for it by visiting https://www.globalsign.com/ssl/ssl-open-source/.

Click here to see the original article.

Best in Biz Awards, the only independent business award program judged by members of the press and industry analysts.

The Arkeia Network Backup Suite comprises Arkeia Software’s line of backup-and-restore solutions. Administrators can deploy Arkeia’s backup servers as software applications, hardware appliances or virtual appliances. Arkeia Software protects both virtual and physical environments and manages backups to disk, to tape, and to the cloud.

For more information click here

new Router Utility app. Ready when you are, wherever you are, the Router Utility app gives you instant insight into device status, events, bandwidth usage, and more. And with full support for push notifications, you’ll know immediately whenever there’s an important status change or performance issue, helping you to keep small glitches from becoming major problems.

For more information click here

for next-generation networks.

Bandwidth management using deep packet inspection (DPI) is a relatively new field for enterprises or carriers / network operators. Ipoque technology can help solve many of the issues that arise from growing user numbers generating ever more traffic with a large variety of new applications. PRX Traffic Manager solutions detect applications with a combination of layer-7 deep packet inspection (DPI) and behavioral traffic analysis. The integrated quality-of-service (QoS) management allows prioritization, shaping and blocking of classified traffic.

Click here to watch the webinar

latest threat trends as well as tips for fighting back and keeping your people and devices secure.

In the past year cybercriminals found ways to attack new platforms from Android to cloud services. And Sophos saw a resurgence of old malware techniques with new twists. Hackers got smarter and better organized, developing better ways to spread their crime packs and to evade detection.

Fortunately, Sophos security experts at SophosLabs are always on the case.

Download your free copy of the 2013 Security Threat Report here
Playlist of Threat Report videos here
Check out Sophos 2013 security trend predictions here

will be called BasicGuard; this will target smaller businesses giving them all the essential features of a market leading UTM at an affordable price.

What is Sophos launching?

Sophos is launching three new components:

1) Two new entry level appliance bundles UTM 100 and UTM 110 with Basic Guard Subscription. Both are based on the existing Sophos UTM110/120 hardware. BasicGuard is the only feature bundle available for UTM100 and also available as an alternative option for UTM110.

2) With customers connecting more and more devices to their network Sophos is removing the 10 IP/user limitations of the UTM110 and introducing a throughput limitation instead, which is different for UTM100, 110 and 120 (hence depending on the license type while all using the same hardware).

3) A price reduction for UTM110 FullGuard.

Furthermore, BasicGuard contains:

• Web Application Control
• Network Firewall & IPS
• Remote Access and VPN
• Wireless Protection
• Web Antivirus and URL filter
• Email Antivirus and Antispam

Vendor Landscape Report entitled, “Vendor Landscape: Application Delivery Controllers: It’s a Lot More than Just Load Balancing”.

The report assessed the strengths and weaknesses of 10 leading application delivery controller (ADC) vendors. Array received a high score in the “Innovator” category based on its features for support and migration toward IPv6 before much of the competition and for being on the leading edge of SSL acceleration, offering 2048 bit encryption.

Array’s AppVelocity server load balancing appliances optimize the availability, security and performance of enterprise applications, IP data services and data center equipment. Powered by Array SpeedCore™, AppVelocity server load balancing appliances leverage parallel multi-core processing to achieve breakthrough scalability and performance for application delivery.  Available on Array’s APV Series Application Delivery Controller hardware and engineered for modern datacenter, cloud and virtual environments, AppVelocity server load balancing appliances boost application performance and speed return-on-investment from the small enterprise to the large service provider.

For more information click here

improved economics for protection of private and public clouds.

Powered by Array’s award-winning 64-bit SpeedCore platform, the new product gives enterprises and service providers the ability to run Array’s proven AG Series secure access gateways as virtual machines on commodity servers running VMware ESXi, Citrix XenServer or OpenXen hypervisors.

Each vxAG Virtual Secure Access Gateway supports all of the features and functions found on Array’s dedicated hardware AG 1000 Series secure access gateways. Available for 64-bit versions of VMware ESXi 4.1 or later, XenServer 5.6 or later and OpenXen 4.0 or later, the vxAG Virtual Secure Access Gateway gives enterprises and service providers the agility and flexibility to create and offer dynamic secure access services.

For more information click here

adding more bandwidth.

ipoque announced that four more large enterprises have finally said “enough” with adding more bandwidth to solve their open-loop problem of trying to meet their continuous thirst for more throughput. These companies instead turned to ipoque to improve the performance of their traffic by better monitoring and managing their networks.

ipoque’s new white paper illustrates the advantages of a multi-tier architecture of loosely coupled, well-integrated systems that is extensible, flexible and scalable enough to meet present and future challenges of network operators. The document regards the technical background and explains the functions of each network component, focusing mainly on the policy enforcement system.

Fo more information click here

Broadband Traffic Management Congress 2012.

The Broadband Traffic Management Congress takes place in London between 06/11/2012 – 08/11/2012.

Royal Garden Hotel, London

For more information click here

adds new features like dual-band wireless for even greater range, reliability, and speed.

Manage from Anywhere
Like all AP One series products, the AP One 300M offers anywhere, anytime remote management via the InControl cloud-based management platform. And starting with Firmware 5.4, Balance users can centrally manage up to 20 AP One devices for free with the Balance’s built-in WLAN Controller.

Deliver Wi-Fi Everywhere
The AP One 300M also features two Gigabit Ethernet WAN ports and a 2.4GHz/5GHz 802.11a/b/g/n radio for more flexibility and speed, as well as greater signal coverage and reliability.

 enables IT departments to monitor the power flowing into racks and the environmental conditions in and around those racks.

iMeter can monitor up to 600 of the following sensors from a single IP address:

• Current (Amps) using our unique intelliAmp® current sensor
• Voltage
• Temperature
• Humidity
• Airflow
• Water Leak
• Security (door contact or motion)
• Smoke

The unique combination of the sensors on offer means that IT and Facilites personnel can analyse the relationships between power usage, airflow and temperature to help assist data centre management decisions relating to cost control and reduction. The design of the Jacarta Go-Probe sensors enables the complete system to be implemented with zero downtime. The intelliAmp current sensor can be clipped to the outside of 16 and 32 Amp power cables to monitor the True RMS current draw of single phase racks without any need to disrupt the power flowing into those racks something absolutely necessary when PDU (Power Distribution Units) are to be used.

Click here to discover the key benefits of Jacarta iMeter

providing more information on the Peplink Balance, Pepwave MAX, Pepwave Outdoor Wi-Fi, and other category-leading networking solutions.

Event Details – Peplink’s Booth

Dubai, United Arab Emirates
Dubai International Convention and Exchibition Centre
ZL-C5, Zabeel Hall
14 – 18 October 2012

wireless networks we could find. The results will amaze you.
Searching for wireless networks by car is known as wardriving, while our Project Warbike analyzing Wi-Fi security throughout London was a greener experiment (and surely faster). We found that unsecured wireless networks are still an issue that needs tackling. Of the nearly 107,000 wireless networks we surveyed, we discovered that 27% have poor, or no, security.

Click here to learn how UTM Wireless Protection can simplify the operation and security of your wireless network.

devices attached to computers directly from the UTM. There are hundreds of thousands of pieces of new malware detected every day by SophosLabs. Nearly all of these threats are targeted at computers browsing the web and plugging in devices. Sophos UTM Endpoint Protection helps you easily deploy our antivirus software to your computers and set policies to keep them safe wherever and however they’re connected. We also let you control which devices can be connected to these computers as well as controlling intrusions to your terminals (HIPS).

For more information click here

OpenBSD and Ubuntu.

These ten platforms represent a fraction of the over 200 platforms protected by Arkeia Network Backup which include Windows, Mac, Linux, Netware, Solaris, AIX, BSD, and HP-UX operating systems and derivatives, as well as VMware, Hyper-V, and Xen virtual environments.

Availability Schedules

Recent and upcoming deliveries of platform support include:
Ubuntu 12.04 backup servers and agents were delivered in April 2012
Fedora 17 backup servers and agents were delivered in May 2012
OpenBSD 5.1 backup servers and agents were delivered in May 2012
Mac OS X 10.8 backup agents will be delivered in August 2012
Windows Server 2012 media servers and backup agents will be delivered in September 2012
Windows 8 backup agents will be delivered in September 2012
Open Enterprise Server 11 SP1 backup servers and agents will be delivered in September 2012
openSUSE 12.2 backup servers and agents will be delivered in September 2012
Ubuntu 12.10 backup servers and agents will be delivered in October 2012
Fedora 18 backup servers and agents will be delivered in November 2012

For more information click here

racetrack employees, Toyota needed a solution that could withstand harsh environments while offering consistently fast and reliable performance at the same time.

Before Peplink, Toyota Racing relied on a satellite Internet connection, which was weather-dependent and unreliable. The team decided to give the MAX 700 a try. Featuring SpeedFusion, the MAX drives record-setting performance, dependability, and durability for Toyota Racing.

Deployment:

• Deployed a Pepwave MAX 700 on the racetrack and a Peplink Balance 310 at the office
• Bonded multiple aircards for higher bandwidth and seamless failover using SpeedFusion

Winning factors:

• SpeedFusion delivers more bandwidth and secure VPN connections
• Seamless failover ensures high reliability

For more information about Pepwave MAX click here

 Astaro and Sophos technologies. Starting from Monday 16 July Sophos UTM 9 (the new version of the Astaro Security Gateway) delivers unified threat management complete with endpoint protection.

With UTM 9, you can expect these highlights:

• Endpoint Protection: This new subscription blocks malware and prevents data loss. Sophos innovative approach and Sophos LiveConnect let you manage all endpoints no matter where they are – even outside of your network. Your computers are always up-to-date and you can roll out new policies at any time.
• Integrated Sophos antivirus engine: By using two commercial antivirus engines (Sophos and Avira) Sophos even improved performance of the antivirus detection. This allows you to run different antivirus scanners on your gateway and on the endpoints and comply with IT security recommendations.
• HTML5-VPN-Portal: This feature allows you to implement a browser based application portal using HTML5. Your users gain secure remote access to internal network resources through applications like VNC, remote desktop, SSH and many more – without installing software or leaving any traces behind.
• Wireless hotspot support: You can provide guests and visitors with temporary internet access based on vouchers. These vouchers define the validity period, time quota and data volume and can be easily created from within the end-user portal.
• Many new features: New webAdmin GUI look, customizable dashboard, Apple iOS support for WebAdmin (and other touch enabled devices), 1:1 NAT Rules, SSL VPN without admin rights, HA/Clustering Cold-Standby option during Up2Date, new constant Live-Log button, support for network definition ranges, download and distribution of user VPN configurations, better support of virtualization platforms from Vmware, KVM, Citrix and HyperV, time-based wireless networks, site path routing for webserver protection, protection against modern ddos attcks like starvation attacks slow hhtp attacks and other, support for international characters & spaces in SSL VPN, multiple path routing support in BGP.

For more information click here

used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.

Falling for any of these scams (which promise some lurid or eye-popping or exclusive content) typically trick you into giving a rogue Facebook application permission to access your profile, posting spam messages from your account and asking you to complete an online survey.

The latest scam which tempts you with the offer of a “dislike” button (as opposed to the normal “like” button) so you can express your opinions on other users’ posts, links and uploads.

For more information click here