Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare.

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects

Hacker Shows How Easy It Is To Hack People While Walking Around in Public

Wi-Fi enabled devices — widely known as the Internet of Things (IoT) — are populating offices and homes in greater and greater numbers.

From smartphones to connected printers and even coffee makers, most of these IoT devices have good intentions and can connect to your company’s network without a problem.

However, as the Internet of Things (IoT) devices are growing at a great pace, they

Wi-Fi enabled devices — widely known as the Internet of Things (IoT) — are populating offices and homes in greater and greater numbers. From smartphones to connected printers and even coffee makers, most of these IoT devices have good intentions and can connect to your company's network without a problem. However, as the Internet of Things (IoT) devices are growing at a great pace, they

Leslie Jones Turns Her Internet Hack Lemons Into Comedy Lemonade

As Leslie Jones knows all too well, laughter is the best revenge.
The “Saturday Night Live” star addressed the hack of her personal website last …

Read more: Arts and Entertainment, Sex Crimes, Online Privacy, Leslie Jones, Entertainment News

As Leslie Jones knows all too well, laughter is the best revenge.
The “Saturday Night Live” star addressed the hack of her personal website last ...

Read more: Arts and Entertainment, Sex Crimes, Online Privacy, Leslie Jones, Entertainment News

Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare

A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data.

CloudFlare, a content delivery network (CDN) and web security pro…

A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that

Hacker Who Knocked Million Routers Offline Using MIRAI Arrested at London Airport

British police have arrested a suspect in connection with the massive attack on Deutsche Telekom that hit nearly 1 Million routers last November.

Late last year, someone knocked down more than 900,000 broadband routers belonging to Deutsche Telekom us…

British police have arrested a suspect in connection with the massive attack on Deutsche Telekom that hit nearly 1 Million routers last November. Late last year, someone knocked down more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany, which affected the telephony, television, and internet service in the country. Now, Germany's federal criminal police force (

Google Achieves First-Ever Successful SHA-1 Collision Attack

SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful…

SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack. SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like

Richard (RJ) Eskow: 11 Principles For Progressives When Talking About Trump And Russia

Putin’s an oligarch. So is Trump.
Putin runs a kleptocracy. So does Trump.
Both Donald Trump and Rex Tillerson have done business in Russia.
So why …

Read more: Donald Trump, u.s. News , International News, u.s. Presidential Elections, Republican Politics, Russia, Political Science, Democratic Politics, Democratic Party, Presidential Debates, U.S. Congressional Elections, National Security, Political Commentary, Online Privacy, Political Movements, State Within a State, The Deep, Politics News

Putin’s an oligarch. So is Trump.
Putin runs a kleptocracy. So does Trump.
Both Donald Trump and Rex Tillerson have done business in Russia.
So why ...

Read more: Donald Trump, u.s. News , International News, u.s. Presidential Elections, Republican Politics, Russia, Political Science, Democratic Politics, Democratic Party, Presidential Debates, U.S. Congressional Elections, National Security, Political Commentary, Online Privacy, Political Movements, State Within a State, The Deep, Politics News

11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.

Over a decade old Linux Kernel bug (CVE-2017…

Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu. Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using

UK: The perils of indirect marketing consents

A credit broker has been fined £120,000 by the Information Commissioner’s Office (“ICO”) under section 55A of the Data Protection Act 1998 for sending millions of marketing texts, all of which were sent without proper consent. The news was released on the ICO’s website on 15 February 2017 as an investigation had revealed that Digitonomy …

Continue reading »

A credit broker has been fined £120,000 by the Information Commissioner’s Office (“ICO”) under section 55A of the Data Protection Act 1998 for sending millions of marketing texts, all of which were sent without proper consent. The news was released on the ICO’s website on 15 February 2017 as an investigation had revealed that Digitonomy Ltd had used affiliated marketing companies to send out over five million messages all of which offered cash loans as part of a marketing campaign.

Digitonomy had contravened regulation 22 of the Privacy and Electronic Communications (e-Privacy) Regulations 2003 (“PECR“), which generally prohibits the sending or instigating of a transmission of unsolicited communications to a consumer for the purpose of direct marketing, unless that person has given their prior consent.

The law clearly states that data subjects must provide companies with specific consent to the receipt of marketing text messages. Evidencing such consent is particularly difficult where, like Digitonomy, you are relying on consumer details which have been obtained by a third party on your behalf. By way of example, Digitonomy Ltd stated their consent wording from affiliate companies was “you consent to us and our trusted partners contacting you by SMS, mail, email, telephone and automated message”. This wording was insufficient to protect Digitonomy as one of the “trusted partners”.

Consent must be freely given, specific and informed and involve a positive indication signifying the individual’s agreement. This enforcement action should provide fair warning to businesses who buy marketing lists from third parties, contract with third parties to carry out the marketing for them, or even share contact details within a corporate group for marketing purposes to make thorough checks and be satisfied that personal data has been obtained fairly and lawfully with the necessary consent.

The 2015 case of Optical Express (Westfield) Limited v Information Commissioner was a clear statement of the law in this area, in which the First-tier Tribunal found that consent has to be provided to the sender of the communications.  Data subjects must understand that they are providing a marketing consent to a specific third party, or failing that, have some reasonable expectation as to the identity of the third party (for example, the industry it operates in and the type of goods and services it might attempt to sell).  Further, consent must always be explicit and obtained on a clear opt-in basis.

This latest salvo in the ICO’s on-going war with the spammers is also a salutary lesson for companies operating across the full-range of B2C sectors about the dangers or relying on woolly indirect marketing consents, and the care that must be taken when obtaining marketing lists from commercial partners or group companies.

James Clark and Katrina Hennessy

Beware! Don’t Fall For “Font Wasn’t Found” Google Chrome Malware Scam

Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack…

…Just Don’t Download and Install It. It’s a Trap!

Scammers and hackers are targeting Google Chrome users with this new hacking scam that’s incredibly easy to fall for, prompting users to download a fake Google

Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack… …Just Don't Download and Install It. It's a Trap! Scammers and hackers are targeting Google Chrome users with this new hacking scam that's incredibly easy to fall for, prompting users to download a fake Google

Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched

Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched.

Just …

Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched. Just last week, Microsoft announced that its February patches would be delayed until March due to a last minute issue, a move that led to Google

Homomorphic Encryption API Software Library

The Homomorphic Encryption Application Programming Interface (HE-API) software library is an open source software library being developed as part of the Homomorphic Encryption Applications and Technology (HEAT) project, and is available here. The main …

The Homomorphic Encryption Application Programming Interface (HE-API) software library is an open source software library being developed as part of the Homomorphic Encryption Applications and Technology (HEAT) project, and is available here. The main purpose of this software library is to provide a common easy-to-use interface for various existing Somewhat Homomorphic Encryption (SHE) libraries. Limited support for fixed-point arithmetic is also provided by this library. Note that the HE-API library is still a work in progress.

Fully Homomorphic Encryption (FHE) is a cryptographic primitive that allows meaningful manipulation of ciphertexts. In spite of several recent advances, FHE remains out of practical reach. Hence a reasonable restriction to make is to limit the set of evaluated circuits to a specified subclass, usually determined by the multiplicative depth of the circuit. Such encryption schemes are called as SHE schemes.  Various libraries such as HElib, SEAL, FV-NFLlib, HElib-MP, etc., are already available that implement these SHE schemes.

The purpose of this HE-API software library is to provide a common, generic, easy-to-use interface for various existing libraries that implement SHE schemes. The SHE libraries that are currently integrated in the HE-API library are HElib and FV-NFLlib. It may be noted that the FV-NFLlib library is itself an outcome of the HEAT project. At a high-level, the HE-API software library abstracts out the technicalities present in the underlying SHE libraries. For instance, the HElib library implements the BGV SHE scheme, while the FV-NFLlib implements the FV SHE scheme. Needless to say, the syntax for various classes and routines in the individual libraries will be different, though the underlying semantics are very similar. The HE-API library integrates the underlying SHE libraries under a single interface, thereby shielding the user from syntactic differences. Another feature of the HE-API library is that it contains minimal, yet complete, set of routines to perform homomorphic computations. The design of this library is motivated by the ease of use for non-experts.

Supported Data Types
The following application data types are supported by the HE-API software library. 
  • Boolean
  • Unsigned long integers
  • GMP's arbitrary precision integers class: mpz_class
  • Polynomials with coefficients of type: unsigned long integers or mpz_class
  • Vectors of : unsigned long integers or mpz_class
  • Fixed-point numbers
Note that all the data types and routines described above may not be currently supported by every underlying SHE library.

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

This newly discovered bugs in Java and Python is a big deal today.

The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.

And since bo…

This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and

Christopher Elliott: In A World Without Secrets, Here’s How To Almost Disappear Online

It may only be a slight exaggeration that companies know more about you than you do about yourself.
Fire up your cell phone or laptop if you have any …
Read more: Online Privacy, Social Networking, Computer Security, Online Ad…

It may only be a slight exaggeration that companies know more about you than you do about yourself.
Fire up your cell phone or laptop if you have any ...

Read more: Online Privacy, Social Networking, Computer Security, Online Advertising, Mobile Advertising, Internet Security, Mobile Technologies, Web Browsers, Technology News

KasperskyOS — Secure Operating System released for IoT and Embedded Systems

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems…

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and

Malware Hijacks Microphones to Spy On Ukrainian Businesses, Scientists and Media

Ukraine has once again been a target of a potential hacking attack that infected computer systems from dozens of Ukrainian businesses with highly sophisticated malware, allowing hackers to exfiltrate sensitive data and eavesdrop on their network.

Late…

Ukraine has once again been a target of a potential hacking attack that infected computer systems from dozens of Ukrainian businesses with highly sophisticated malware, allowing hackers to exfiltrate sensitive data and eavesdrop on their network. Late last year, the country also suffered a power outage caused by the same group of hackers that targeted Ukraine's power grid with the BlackEnergy

Independent testing isn’t perfect, but it still helps make security products better

The Anti-Malware Testing Standards Organization (AMTSO) reaffirmed its support for independent product testing in the wake of disputes that surfaced at RSA Conference 2017 last week. Two security vendors – Cylance and CrowdStrike – took issue with the practices of independent testing organizations, and it became a major discussion point among RSA attendees. Sophos shares […]

The Anti-Malware Testing Standards Organization (AMTSO) reaffirmed its support for independent product testing in the wake of disputes that surfaced at RSA Conference 2017 last week.

Two security vendors – Cylance and CrowdStrike – took issue with the practices of independent testing organizations, and it became a major discussion point among RSA attendees.

Sophos shares AMTSO’s position, which was mapped out in a press release:

Testing products in a fair and balanced way is very difficult. Product developers routinely make bold claims about the capabilities of their products. AMTSO supports the right of testers to put these claims to the test, to provide independent validation of their accuracy (or otherwise).

AMTSO said it was asked for an opinion on recent privately-commissioned anti-malware tests, and offered the following points:

  1. We reject turning off product capabilities while comparing the capabilities of products in real-world use, as we believe that this introduces bias in the results.
  2. We believe that any claims about what the results of tests show must be valid and accurate, and they must provide both data and evidence that the scenarios tested and the methodologies used do in fact match the resulting claims. In our opinion, test reports without this data and evidence should be rejected.
  3. We believe that tests that don’t give the tested product vendors an opportunity to engage and to comment on the approach or to validate their configuration are unfair.
  4. We believe that all comparative tests should follow our draft standards.
  5. We support the rights of a tester to run any test it wants to, and to test any available product without limitation, consistent with the AMTSO draft standards.

Sophos has long believed that independent testing is vital to the continued improvement of security technology. Sophos CTO Joe Levy acknowledged that while these tests are not perfect, they still have plenty of value.

“Methodologies can never be perfect, but the best testing houses will evolve them over time,” Levy said. “The worst will remain static and become increasingly irrelevant.”

There should be a partnership between the testing labs, end users and vendors, he added. Testing labs should under-promise and over-deliver, and work with vendors to configure environments correctly. End users should continuously be clear on the specific items they want to see reviewed, and vendors should make it easy for their products to be scrutinized.

For more meaningful and accurate testing, Levy suggested the following:

  • There needs to be transparency (sharing methodologies and revealing all numbers) and consistency, and all vendors should be subjected to the same tests.
  • Vendors should not try to hide from tests, and they should probably think twice before threatening litigation against testing labs, their partners, or other vendors. Such stunts make vendors look dishonest, and ultimately harms end users.
  • Testing Labs should think twice about commissioned reports and what they could do to perceptions about their objectivity.
  • End users should look at multiple testing sourcing rather than trusting just one. They should also endeavor to do their own testing where practical.

Simon Reed, VP of SophosLabs, said security product testing is hard, and third-party testing organizations need to focus on more depth and better testing than more different tests.

“Third-party testers need to acknowledge that some of their tests are focused on only parts of the malware attack chain and thus emphasize certain technologies over others,” Reed said. But in the bigger picture, he said, “Independent tests help us improve our quality. If third-party testers didn’t publish results, I would still want to be in at least half of them purely for an independent quality-control point of view.”

Reed added that third-party testers must clearly indicate in their reports which vendors assisted in the tests and which did not. Vendors included without approval should be able to make a short statement in the report on why they believe their inclusion wasn’t necessary, he said.


Filed under: Corporate Tagged: third-party testing

President Donald Trump’s Website Hacked; Defaced By Iraqi Hacker

During the 2016 presidential election campaign, we reported about how insecure was the mail servers operated by the Trump organization that anyone with little knowledge of computers can expose almost everything about Trump and his campaign.

Now, some …

During the 2016 presidential election campaign, we reported about how insecure was the mail servers operated by the Trump organization that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Now, some unknown hackers calling themselves "Pro_Mast3r" managed to deface an official website associated with President Donald Trump's presidential

A Typo in Zerocoin’s Source Code helped Hackers Steal ZCoins worth $585,000

Are you a programmer?

If yes, then you would know the actual pain of… “forgetting a semicolon,” the hide and seek champion since 1958.

Typos annoy everyone. Remember how a hacker’s typo stopped the biggest bank heist in the history, saved $1 billio…

Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses. <!--

Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!

Microsoft is once again facing embarrassment for not patching a vulnerability on time.

Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.

A few months back, the search engine giant disclosed a critical

Microsoft is once again facing embarrassment for not patching a vulnerability on time. Yes, Google's Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched. A few months back, the search engine giant disclosed a critical

Inquiries Into Russian Election Hacking Include 3 FBI Probes

SAN FRANCISCO, Feb 18 (Reuters) – The U.S. Federal Bureau of Investigation is pursuing at least three separate probes relating to alleged Russian hack…
Read more: Donald Trump, u.s. News , International News, u.s. Presidential…

SAN FRANCISCO, Feb 18 (Reuters) - The U.S. Federal Bureau of Investigation is pursuing at least three separate probes relating to alleged Russian hack...

Read more: Donald Trump, u.s. News , International News, u.s. Presidential Elections, Fbi, San Francisco, Online Privacy, Computer Security, Federal Security Service, Politics News

RSA Conference 2017: Did our predictions come true?

It’s day 4 of RSA Conference 2017 as I write this. For me, the event ends with a flight home in a few hours. Before doing so, a review of the week is in order. Journalists often write preview stories for RSA, and we’re no exception. My preview appeared on Naked Security last week, and now it’s time […]

It’s day 4 of RSA Conference 2017 as I write this. For me, the event ends with a flight home in a few hours. Before doing so, a review of the week is in order.

Journalists often write preview stories for RSA, and we’re no exception.

screen-shot-2017-02-17-at-18-50-52

My preview appeared on Naked Security last week, and now it’s time to see how accurate my predictions were. I wrote that some of the big topics would be attacks against Internet of Things (IoT) devices and the continuing scourge of ransomware.

Ransomware

What I predicted:

Ransomware is an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that a majority of people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics. Unfortunately, that’s hardly the case, said Andrew Hay, CISO of DataGravity and one of the seminar organizers. “Ransomware is one of the most prominent threats facing organizations and their end-users, partners, and customers,” he explained.

What happened:

Indeed, ransomware was a big discussion point, best illustrated by an all-day seminar on the subject on Monday. I was there and it was well attended. From 9am – 5pm, a variety of experts offered up case studies, reviews of the best technology to fight ransomware, and tips to help companies avoid falling victim in the first place.

Internet of Things

What I predicted:

IoT threats have been discussed at RSA conference for years now, but in largely theoretical terms. This past year, the theoretical turned into reality when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit. For 2017, Sophos predicts a rise in threats against devices that are part of the IoT.

What happened:

My prediction that IoT attacks would be a big focus also turned out to be true. Multiple vendors played up the threat – and how they could help defend against it – on the show floor. And, Chester Wisniewski and I discussed the topic at the Sophos booth as well.

screen-shot-2017-02-17-at-19-16-31

Security luminary Bruce Schneier gave two presentations about regulating IoT devices. “Licenses, certifications, approvals and liabilities are all coming,” he said in one of his talk descriptions. “We need to think about smart regulations now, before a disaster, or stupid regulations will be foisted on us.”

To conclude

It was difficult to pinpoint an overriding theme this year. Whereas past RSA conferences were dominated by one or two issues (spyware in 2005 comes to mind), this year was more of a topic du jour. Ransomware and IoT were just two of many issues.

But I was fine with that.

I’ve found over the years that people don’t necessarily come to RSA in search of a big news event or theme. They attend because they are constantly striving to find more effective ways to better manage old problems.

Whether RSA filled those needs is in the eye of the individual.

For me, it was a great week full of networking and valuable conversation; some of which you can watch for yourself here.


Filed under: Corporate, Events Tagged: Internet of Things, ransomware, RSA Conference 2017

Live from RSA 2017: Nation states crafting ‘meticulous’ attack code

In the latest installment of live videos beaming directly from San Fransisco Sophos security scribe Bill Brenner chats to Mark Loman, director of engineering for next-generation tech at Sophos, about how nation-state attackers meticulously craft their attack code to evade the most advanced security products. (If you haven’t read our pre-RSA Conference Q&A with Mark, why not catch […]

In the latest installment of live videos beaming directly from San Fransisco Sophos security scribe Bill Brenner chats to Mark Loman, director of engineering for next-generation tech at Sophos, about how nation-state attackers meticulously craft their attack code to evade the most advanced security products.

(If you haven’t read our pre-RSA Conference Q&A with Mark, why not catch up first?)


 

Want to see more?
Check out our other videos live from RSA Conference 2017: IoT and ransomware and how machine-learning helps fight malware.


Filed under: Corporate, Events Tagged: Exploits, Mark Loman, RSA Conference 2017

Hackers Are Using Android Malware To Spy On Israeli Military Personnel

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data.

A newly released research by Lookout and Kaspersky…

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data. A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware. <!--

RSA Conference 2017: Security diet for modern attacks

Couldn’t get to RSA? We’ve got you covered on all the juiciest presentations. In this Facebook Live presentation, Sophos principal research scientist Chester Wisniewski and channel SE John Shier use the food pyramid to show what they see as the proper balance of tools in the fight against online attackers.   If you haven’t caught […]

Couldn’t get to RSA? We’ve got you covered on all the juiciest presentations.

In this Facebook Live presentation, Sophos principal research scientist Chester Wisniewski and channel SE John Shier use the food pyramid to show what they see as the proper balance of tools in the fight against online attackers.

 

If you haven’t caught our previous videos, find out about this year’s big topics – IoT and ransomware – and how machine-learning helps fight malware.

screen-shot-2017-02-13-at-17-33-08


Filed under: Corporate, Events Tagged: Chester Wisniewski, John Shier, RSA, RSA Conference 2017

This Ransomware Malware Could Poison Your Water Supply If Not Paid

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone’s neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars.

Ransomwar…

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone's neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars. Ransomware is a type of malware that infects computers and encrypts their content with strong encryption algorithms, and then demands a ransom to decrypt

Live from RSA Conference 2017: How machine-learning helps fight malware

If you’re across the Atlantic or couldn’t get to RSA, we’re bringing RSA to you via Facebook Live. In his presentation, Sophos product management director Russell Humphries talks about how machine learning will change the battle against malware. And, find out how we are bringing machine learning into the fold with our plans to acquire […]

If you’re across the Atlantic or couldn’t get to RSA, we’re bringing RSA to you via Facebook Live.

In his presentation, Sophos product management director Russell Humphries talks about how machine learning will change the battle against malware. And, find out how we are bringing machine learning into the fold with our plans to acquire Invincea.

 
For those lucky enough to be at the conference, don’t forget to drop by our booth 3201 in North Expo Hall to pitch your questions, see live demos and pick up some extra special Sophos goodies.

screen-shot-2017-02-13-at-17-33-08


Filed under: Corporate, Events Tagged: Invincea, malware, RSA Conference 2017

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update.

The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the