Latest Articles

Patching your business, Yahoo breach, Google Glass, DDoS-for-hire - 60 Sec Security [VIDEO]

by Paul Ducklin on May 25, 2013 | Leave a comment

Our 60 Second Security videos are back!

We're aiming for a weekly roundup that's quick, fun and useful.

But there is a serious side: security anecdotes to use in your own "elevator advocacy."

Cybercrooks siphon $800,000 from US fuel distribution firm

by Lisa Vaas on May 24, 2013 | Leave a comment
Cybercrooks siphon $800,000 from US fuel distribution firm

Thieves drained $800,000 from a fuel distribution company in the US state of North Carolina earlier this month - a loss that the company attributes to its bank's having recently upgraded security systems. Unfortunately, its insurance policy won't come close to covering its losses.

Vermont slaps patent troll with first-ever suit of its kind

by Lisa Vaas on May 24, 2013 | 3 Comments
Vermont slaps patent troll with first-ever suit of its kind

Vermont's State Governor has signed the United States' first-ever anti-patent trolling law.

Which could be bad news for the patent troll who sent thousands of letters demanding payment from small businesses who - get this - used scanners.

Only 36% of small firms apply security patches. No wonder cybercrooks are stealing their cash

by John Hawes on May 24, 2013 | Leave a comment
Foot and mompop shops

Small businesses are under constant attack from malware, scams and online fraud. They are simply woefully under-prepared to keep their assets safe. Despite reorganisation and redirected priorities, the police can still do little to help. Here are some general tips from the FSB to help firms better protect themselves.

Sophos RED scoops "Protector Award" at this year's AusCERT conference

by Paul Ducklin on May 23, 2013 | 1 Comment

We're proud to say that at this evening's 2013 Information Security awards at the AusCERT conference in Australia, Sophos scooped the "Protector Award" with its Sophos RED product.

Paul Ducklin says, "Well done" to the techies behind the technology...

Cyber security in US power system suffering from reactive, self-policed rules

by John Hawes on May 23, 2013 | 2 Comments
Cyber security in US power system suffering from reactive, self-policed rules

John Hawes argued that what's needed is carefully considered defensive strategies combined with fast responses to new, unforeseen vulnerabilities.

Sadly when government and big business intersect, pragmatism and speedy reactions are rarely in evidence.

NYPD detective charged with hiring email hackers to break into colleagues' personal accounts

by Lisa Vaas on May 23, 2013 | 6 Comments
Crime on computer. Image on Shutterstock

A NYPD detective has been arrested for hiring an email hacking service to pinch the login details for at least 43 personal email accounts and one cell phone belonging to at least 30 individuals.

It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

by Graham Cluley on May 22, 2013 | 7 Comments
It's VKontakte, *not* Vikontakte. Twitter phishing, Soviet-style

With a cybercrime plan as poorly thought out as this, maybe it's no wonder the Soviet Union didn't survive.

Breakfast malware at Tiffany's? Trojan horses spammed out widely

by Graham Cluley on May 22, 2013 | 2 Comments
Breakfast malware at Tiffany's? Trojan horses spammed out widely

Little blue boxes from Tiffany & Co. are the stuff of dreams for many. Don't let an unexpected email delivery - apparently from the company - make you so giddy with an excitement that you end up with a computer nightmare.

Microsoft is reading Skype messages

by Lisa Vaas on May 22, 2013 | 8 Comments
Microsoft's reading Skype messages

Think your Skype communications are safe from prying eyes and ears? You might need to think again.

Small businesses beware! Point-of-sale malware is after you

by John Hawes on May 22, 2013 | 1 Comment
shopping_lady_250

Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.

Virus Bulletin's Technical Director John Hawes takes a look....

Operation Aurora hack was counterespionage, not China picking on Tibetan activists

by Lisa Vaas on May 22, 2013 | Leave a comment
Operation Aurora hack was counterespionage, not China picking on Tibetan activists

Claims are made that the Aurora hackers weren't just Chinese-sponsored hackers bent on messing with Tibetan activists.

Rather it was a Chinese counterintelligence operation that sought to discover if the US had uncovered the identity of clandestine agents operating within its borders.

Three wireless security myths - busted! [VIDEO]

by Paul Ducklin on May 22, 2013 | 23 Comments
wifimyths-250

Last year Sophos looked at Wi-Fi security in London and Sydney and the results weren't fantastic.

So we thought it was time to make a short revision video, just in time for 2013 Cyber Security Awareness Week in New Zealand.

SSCC 109 - Laptop theft, money mules, LulzSec, Microsoft and more [PODCAST]

by Paul Ducklin on May 21, 2013 | Leave a comment
sscc109-250

Episode #109 of our popular Chet Chat podcast series is out.

Chet and Duck are back with their almost entirely reverent opinions on the latest computer security issues.

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

by Lisa Vaas on May 21, 2013 | 7 Comments
DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

It's "a public service on a public connection to other public servers", the operator of RageBooter told Brian Krebs, and if sites don't like getting their socks knocked off in DDoS attacks, they should fix recursive DNS and default DNS server settings.

Oh, and yes, he says, he not only cooperates with the FBI, he works with them. He's busy on Tuesdays around 1 p.m., so try later if you need to to launch an attack.

AusSHIRT 2013 - the #sophospuzzle instructions in full

by Paul Ducklin on May 21, 2013 | 4 Comments

The AusCERT 2013 conference has started, so the AusSHIRT 2013 #sophospuzzle is officially live.

See if you can transform the code on the T-shirt and win a prize!

(You don't have to be at the conference to enter.)

Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

by Lisa Vaas on May 20, 2013 | 7 Comments
Blogger threatened with $1 billion suit for writing about allegedly predatory publisher

Jeffrey Beall, a US academic librarian who uses his Scholarly Open Access blog to write about scholarly publishers' dubious practices, is being threatened with a $1 billion lawsuit by an Indian publishing group.

22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

by Graham Cluley on May 20, 2013 | 2 Comments
22 million user IDs may be in the hands of hackers, after Yahoo Japan security breach

The call has gone out to Yahoo Japan's 200 million users to change their passwords, after the company warned that it suspected hackers had managed to access a file containing 22 million user IDs.

Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...

by Paul Ducklin on May 20, 2013 | 2 Comments
dloadnow-250

Join SophosLabs Principal Researcher Gabor Szappanos as he takes you on a fascinating journey into the latest "product" from the PlugX malware factory.