Latest Articles

Small businesses beware! Point-of-sale malware is after you

by John Hawes on May 22, 2013 | Leave a comment
shopping_lady_250

Malware targeting point-of-sale (POS) systems has been a major trend for the last six months, with a flock of interrelated malware families being sold, shared, exchanged, tweaked and improved by the various denizens of the cyber underworld.

With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems. Virus Bulletin's Technical Director John Hawes takes a look....

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

by Lisa Vaas on May 22, 2013 | Leave a comment
Operation Aurora hack was counterespionage, not China picking on Tibetan activists

Claims are made that the Aurora hackers weren't just Chinese-sponsored hackers bent on messing with Tibetan activists.

Rather it was a Chinese counterintelligence operation that sought to discover if the US had uncovered the identity of clandestine agents operating within its borders.

Three wireless security myths - busted! [VIDEO]

by Paul Ducklin on May 22, 2013 | 10 Comments
wifimyths-250

Last year Sophos looked at Wi-Fi security in London and Sydney and the results weren't fantastic.

So we thought it was time to make a short revision video, just in time for 2013 Cyber Security Awareness Week in New Zealand.

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

by Paul Ducklin on May 21, 2013 | Leave a comment
sscc109-250

Episode #109 of our popular Chet Chat podcast series is out.

Chet and Duck are back with their almost entirely reverent opinions on the latest computer security issues.

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

by Lisa Vaas on May 21, 2013 | 3 Comments
DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

It's "a public service on a public connection to other public servers", the operator of RageBooter told Brian Krebs, and if sites don't like getting their socks knocked off in DDoS attacks, they should fix recursive DNS and default DNS server settings.

Oh, and yes, he says, he not only cooperates with the FBI, he works with them. He's busy on Tuesdays around 1 p.m., so try later if you need to to launch an attack.

AusSHIRT 2013 - the #sophospuzzle instructions in full

by Paul Ducklin on May 21, 2013 | 4 Comments

The AusCERT 2013 conference has started, so the AusSHIRT 2013 #sophospuzzle is officially live.

See if you can transform the code on the T-shirt and win a prize!

(You don't have to be at the conference to enter.)

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

by Lisa Vaas on May 20, 2013 | 6 Comments
Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Jeffrey Beall, a US academic librarian who uses his Scholarly Open Access blog to write about scholarly publishers' dubious practices, is being threatened with a $1 billion lawsuit by an Indian publishing group.

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

by Graham Cluley on May 20, 2013 | 2 Comments
22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

The call has gone out to Yahoo Japan's 200 million users to change their passwords, after the company warned that it suspected hackers had managed to access a file containing 22 million user IDs.

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

by Paul Ducklin on May 20, 2013 | 2 Comments
dloadnow-250

Join SophosLabs Principal Researcher Gabor Szappanos as he takes you on a fascinating journey into the latest "product" from the PlugX malware factory.

Congress asks Google if and how it's protecting privacy with Glass

by Lisa Vaas on May 20, 2013 | 10 Comments
Congress asks Google if and how it's protecting privacy with Glass

The US Congress sent Google a letter listing eight specific privacy areas concerning Glass that legislators would like to know quite a bit more about. As would many of us, now that you mention it.

Monday review - the hot 24 stories of the week

by Anna Brading on May 20, 2013 | Leave a comment
Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

by Paul Ducklin on May 19, 2013 | 4 Comments

It's almost time for the annual AusCERT conference in Queensland, Australia.

And for everyone who's asked, the answer is, "Yes! There's a #sophospuzzle!"

No, you don't have to be there to join in...

Interview with 'We are Anonymous' author Parmy Olson [PODCAST]

by Chester Wisniewski on May 17, 2013 | Leave a comment
anonymous-lulzsec-170

In this podcast Chester interviews Parmy Olson author of "We are Anonymous" about her thoughts on LulzSec, their sentencing and the Anonymous movement. Parmy also shares some of her thoughts on Firefox OS and other developments from Mobile World Congress 2013.

FT hacked. Syrian Electronic Army hijacks Financial Times blogs and Twitter accounts

by Graham Cluley on May 17, 2013 | Leave a comment
FT hacked. Syrian Electronic Army hijacks Financial Times blogs and Twitter accounts

The Syrian Electronic Army has struck again - this time adding the scalp of the prestigious Financial Times to its collection of hijacked accounts belonging to well-known media organisations.

How to hack an electric car-charging station

by Lisa Vaas on May 17, 2013 | 3 Comments
How to hack an electric car-charging station

The latest entrant into the scary-infrastructure category comes from a technology that feels like it should be warm and fuzzy and definitely should not contribute to your personal and financial details getting ripped off.

Apple fixes 41 iTunes security flaws, some more than a year old

by Chester Wisniewski on May 17, 2013 | 12 Comments
iTunes-11-250

Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.

Opinion: No, the LulzSec hackers weren't noble

by Graham Cluley on May 16, 2013 | 15 Comments
Was the LulzSec hacking gang harmless? Perhaps noble, even?

Graham Cluley argues that it's not cool, or funny, to hack into companies, expose the private information of members of the general public, and to launch denial of service attacks.

Jail for the LulzSec hacking gang members

by Graham Cluley on May 16, 2013 | 13 Comments
LulzSec hackers sentenced

BREAKING NEWS: Members of the notorious LulzSec hacking gang have been sentenced at Southwark Crown Court in London.

Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]

by Graham Cluley on May 16, 2013 | 8 Comments
Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]

LulzSec are about to be sentenced, which will tell us what the judge thinks.

But why not tell us what you think, right here, right now?

How to measure the biggest and most dangerous threats

by John Hawes on May 16, 2013 | Leave a comment
measuring the biggest and most dangerous threats

Just about every security company publishes some sort of prevalence data - those little bar charts and top tens showing the most important and widespread threats. The raw data behind these easy-to-consume representations can be very useful to security experts and testers.