Security

Sophos shutters partner portal after hack attack

Suspicious software found on security firm's servers

Iain Thomson in San Francisco Thu 5 Apr 2012 // 22:45 UTC

Sophos has shut down its portal for partners after finding two software packages on its servers designed to allow access to them – and possibly to user data stored there, as well.

The security software firm posted a statement on the portal explaining that it had spotted suspicious behavior on some of its servers this Tuesday. An investigation revealed two dodgy applications, which a preliminary examination suggests are designed to harvest login information. Sophos shut the portal down, just to be on the safe side.

"We don't believe anything was stolen, but are proceeding with an abundance of caution," Chet Wisniewski, senior security advisor at Sophos told The Register. "It will remain offline while we are completing our investigation. We will bring it back online once we are sure it is safe to do so."

Sophos says that the system stored partners' names and business addresses, email addresses, contact details, and hashed passwords, and that only its old portal, and not the latest SFDC, system was breached. When it's back up and running (which, given the Holy Week holiday, is unlikely to be before next week) users will be asked to reset passwords as a precaution.

"We realize that the site's downtime and the forced password resets may be an overreaction and are sorry for the disruption this will cause, but we would rather cause some inconvenience at this stage than delay as we wait for further information," the advisory reads.

While this kind of thing is embarrassing for any security firm, Sophos isn't alone in having its systems breached recently. A leak from Microsoft's Active Protections Program (MAPP) last month saw attack code released onto the web, and Symantec has also admitted that some of its source code has gone missing at the start of the year, following a leak at a third-party supplier. ®

Similar topics

Broader topics

Bill Gates

Narrower topics

Corrections Send us news

Other stories you might like

Symantec: More malware operators moving in to exploit Follina

Meanwhile Microsoft still hasn't patched the fatal flaw

Jeff Burt Thu 9 Jun 2022 // 11:45 UTC

While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.
Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.
In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

Continue reading
Microsoft Defender goes cross-platform for the masses

Redmond's security brand extended to multiple devices without stomping on other solutions

Richard Speed Fri 17 Jun 2022 // 15:30 UTC

Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.

Continue reading
Azure issues not adequately fixed for months, complain bug hunters

Redmond kicks off Patch Tuesday with a months-old flaw fix

Jessica Lyons Hardcastle Tue 14 Jun 2022 // 13:30 UTC

Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.
In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January.
And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse.

Continue reading

Now Windows Follina zero-day exploited to infect PCs with Qbot

Data-stealing malware also paired with Black Basta ransomware gang

Jeff Burt Thu 9 Jun 2022 // 00:29 UTC

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.
The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.
This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.

Continue reading
Microsoft pledges neutrality on unions for Activision staff

Now can we just buy them, please?

Brandon Vigliarolo Mon 13 Jun 2022 // 18:03 UTC

Microsoft isn't wasting time trying to put Activision Blizzard's problems in the rearview mirror, announcing a labor neutrality agreement with the game maker's recently-formed union.
Microsoft will be grappling with plenty of issues at Activision, including unfair labor lawsuits, sexual harassment allegations and toxic workplace claims. Activision subsidiary Raven Software, developers on the popular Call of Duty game series, recently voted to organize a union, which Activision entered into negotiations with only a few days ago.
Microsoft and the Communication Workers of America (CWA), which represents Raven Software employees, issued a joint statement saying that the agreement is a ground-breaking one that "will benefit Microsoft and its employees, and create opportunities for innovation in the gaming sector."

Continue reading
Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches

Only way to resolve is a rollback – but update included security fixes

Richard Speed Mon 20 Jun 2022 // 15:30 UTC

Updated Microsoft's latest set of Windows patches are causing problems for users.
Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).
KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

Continue reading

Microsoft fixes under-attack Windows zero-day Follina

Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Jessica Lyons Hardcastle Wed 15 Jun 2022 // 03:02 UTC

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

Continue reading
Microsoft promises to tighten access to AI it now deems too risky for some devs

Deep-fake voices, face recognition, emotion, age and gender prediction ... A toolbox of theoretical tech tyranny

Katyanna Quach Tue 21 Jun 2022 // 22:54 UTC

Microsoft has pledged to clamp down on access to AI tools designed to predict emotions, gender, and age from images, and will restrict the usage of its facial recognition and generative audio models in Azure.
The Windows giant made the promise on Tuesday while also sharing its so-called Responsible AI Standard, a document [PDF] in which the US corporation vowed to minimize any harm inflicted by its machine-learning software. This pledge included assurances that the biz will assess the impact of its technologies, document models' data and capabilities, and enforce stricter use guidelines.
This is needed because – and let's just check the notes here – there are apparently not enough laws yet regulating machine-learning technology use. Thus, in the absence of this legislation, Microsoft will just have to force itself to do the right thing.

Continue reading
Microsoft seizes 41 domains tied to 'Iranian phishing ring'

Windows giant gets court order to take over dot-coms and more

Jessica Lyons Hardcastle Tue 7 Jun 2022 // 00:04 UTC

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.
The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.
"Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

Continue reading
Microsoft Surface Laptop Studio: Too edgy for comfort?

And perhaps too heavy, which is a weighty issue for a machine that turns into a tablet

Simon Sharwood, APAC Editor Tue 21 Jun 2022 // 07:25 UTC

Desktop Tourism My 20-year-old son is an aspiring athlete who spends a lot of time in the gym and thinks nothing of lifting 100 kilograms in various directions. So I was a little surprised when I handed him Microsoft’s Surface Laptop Studio and he declared it uncomfortably heavy.
At 1.8kg it's certainly not among today's lighter laptops. That matters, because the device's big design selling point is a split along the rear of its screen that lets it sit at an angle that covers the keyboard and places its touch-sensitive surface in a comfortable position for prodding with a pen. The screen can also fold completely flat to allow the laptop to serve as a tablet.
Below is a .GIF to show that all in action.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs