The Latest Sophos News
Product and Solution Information, Press Releases, Announcements

New app allows users to stay on top of latest threats, news and malware information

IT security and data protection firm Sophos has launched its first iPhone application – Sophos Security Threat Monitor. The applications gives users a better view of new and existing computer security threats, with live hourly updates direct from SophosLabs – a global network of researchers and analysts which constantly monitors the internet for new malware, virus, spyware, spam and phishing threats.

The application includes the following features:

Threat spotlight: Shows the most prevalent threats at any given time with the name of the threat, its alias, who is at risk and information on how to avoid becoming a victim.

Latest threats: Provides a list of the top ten threats analysed by the experts in SophosLabs. This section includes information on the date of detection, operating systems affected and the prevalence of the threat, as well as linking to more information on individual threats at www.sophos.com

Stats: This feature graphically depicts threats with three screens showing email, spam and web-based threat statistics.

Maps: Shows the user threat information in the context of zoomable Google Maps. The interactive map allows users to see where in the world the latest threats are appearing, and even the latest subject lines being used in spam campaigns.

Clickjacking worms proving unpopular with Facebook's users.

With clickjacking worms becoming an increasing problem on Facebook, a study by IT security and data protection firm Sophos has revealed that 95% of those polled do not believe that Facebook is doing enough to stop them.

The attacks, dubbed 'likejacking' by Sophos, exploit the 'Like' button facility by automatically updating a user's Facebook page to say that they 'like' a third-party webpage. This update is automatically shared with the user's Facebook friends via the website's newsfeed, helping the attacks to spread rapidly across the social network.

Yesterday, the latest widespread attack struck Facebook users, tricking them into 'liking' a webpage entitled '101 Hottest Women in the World' with a picture of Jessica Alba. Sophos conducted a poll of 600 internet users asking: "Do you think Facebook is doing enough to stop clickjacking worms?" Of those polled, 95% voted no, emphasising the urgent need for Facebook to fix the problem.

Although the attacks are yet to deliver malicious payloads, they demonstrate an exploitable weakness in the way that Facebook works, putting users at potential risk from further malware or phishing attacks.

"Facebook clearly hasn't been security-conscious enough in the implementation of its social 'like' plugin. This leaves the system open to abuse by spammers and scammers, and exposes users to the risk of outside threats," said Graham Cluley, senior technology consultant at Sophos. "One solution would be for Facebook to implement ways for members to make a more conscious decision as to whether they want to 'Like' third party content or not. By having a pop-up box asking whether users are sure they want to 'Like' a particular page, or offering the option to disable the third-party 'like' feature entirely, the spread of these attacks would be much easier to control."

New Transparent, Full-Disk Mac Encryption Protects Data and Helps Customers Better Comply with Regulations

BOSTON – August 2, 2010 – IT security and data protection firm Sophos today announced a new addition to its Sophos data protection family, Sophos SafeGuard Disk Encryption for Mac, which protects against data breaches of confidential and private information on MacBooks and Macs.

Today, businesses are increasingly adding more Macs to their network. It's not just small businesses, graphic design agencies, and academic institutions using Mac computers. According to a recent Gartner report*, IT departments at mid-to-large companies are feeling the pressure to accommodate employees and contractors who purchase Mac computers with their personal funds and want to incorporate them into their daily work lives.

Like PC users, Mac users store confidential company data, personally identifiable information (PII) such as social security numbers, credit, and debit card numbers, dates of birth, and financial information. However, the data stored on Macs often does not have the same level of protection that PCs have, which puts the company at risk.

The loss of PII – whether accidental or intentional – can have far-reaching negative effects. If unencrypted data were intercepted or fell into the wrong hands – cybercriminals, disgruntled employees, or competitors – it could be devastating to a business. Customers would lose confidence in the company, which translates to lost business, likely followed by negative press and fines for noncompliance. Many organizations are required to comply with a number of regulations and standards seeking to protect PII, including state data breach notifications, the Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA). If a breach of any magnitude occurs as a result of not having data encrypted, the company will face industry, state, and federal penalties and fines, lawsuits, and potential criminal charges.

With the addition of Sophos SafeGuard Disk Encryption for Mac to the SafeGuard family – which includes SafeGuard Enterprise and SafeGuard Easy – customers now have the ability to easily protect and enforce data protection on a single MacBook or a mix of tens of thousands of Macs and Windows PCs and laptops – giving them broader security coverage and better compliance with regulations.
NEW Sophos SafeGuard Disk Encryption for Mac – Offering customers state-of-the-art data protection without the complexity and inconvenience

* Provides sector-based encryption of disk volumes, including the Mac OS boot volume and data volumes, and strong, standardized AES 256-bit encryption algorithm, and optimized encryption/decryption algorithms for high performance.
* Sophos's power-on user authentication (POA) ensures that only authorized users are allowed access to encrypted data and multi-user POA provides security for shared Macs. Encrypted data cannot be accessed even if hard drives are removed from Macs – only authorized users or security administrators can open and view.
* Authorized administrators can quickly view the status via the Mac-friendly graphical interface and authorized access can be automated via a simple scripting command for larger organizations. Sophos provides better visibility for administrators with comprehensive logs detailing encryption status and user interactions during the POA process, including failed logon attempts.
* On-the-fly encryption and decryption process is quick and fully transparent to the end user, which allows them to go about their daily activities without interruptions.
* Advanced one-time credentials and alternate boot options allow authorized users who have lost or forgotten passwords to securely access the system and renew those passwords. Administrators can also create a recovery POA on a USB or CD to securely boot and access encrypted data on Macs in emergencies.
* Sophos SafeGuard Disk Encryption for Mac deploys quickly with a very small client installation file for easier distribution and it's compatible with any existing Mac system administration tools including Apple Remote Desktop. It also offers simple and flexible administration options for local or remote administration with easy-to-implement scripting commands.