Sorry

This feed does not validate.

In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: https://feeds.feedburner.com/sophos/dgdY

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  8. xmlns:georss="http://www.georss.org/georss"
  9. xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
  10. xmlns:media="http://search.yahoo.com/mrss/"
  11. >
  12.  
  13. <channel>
  14. <title>Sophos News</title>
  15. <atom:link href="https://news.sophos.com/en-us/feed/" rel="self" type="application/rss+xml" />
  16. <link>https://news.sophos.com/en-us/</link>
  17. <description>The Sophos Blog</description>
  18. <lastBuildDate>Fri, 24 Jan 2025 20:49:52 +0000</lastBuildDate>
  19. <language>en-US</language>
  20. <sy:updatePeriod>
  21. hourly </sy:updatePeriod>
  22. <sy:updateFrequency>
  23. 1 </sy:updateFrequency>
  24. <generator>https://wordpress.org/?v=6.7.1</generator>
  25.  
  26. <image>
  27. <url>https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=32</url>
  28. <title>Sophos News</title>
  29. <link>https://news.sophos.com/en-us/</link>
  30. <width>32</width>
  31. <height>32</height>
  32. </image>
  33. <site xmlns="com-wordpress:feed-additions:1">166161023</site> <item>
  34. <title>Sophos MDR tracks two ransomware campaigns using &#8220;email bombing,&#8221; Microsoft Teams “vishing”</title>
  35. <link>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/</link>
  36. <comments>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/?noamp=mobile#respond</comments>
  37. <dc:creator><![CDATA[gallagherseanm]]></dc:creator>
  38. <pubDate>Tue, 21 Jan 2025 11:30:14 +0000</pubDate>
  39. <category><![CDATA[Security Operations]]></category>
  40. <category><![CDATA[Threat Research]]></category>
  41. <category><![CDATA[Black Basta]]></category>
  42. <category><![CDATA[featured]]></category>
  43. <category><![CDATA[Fin7]]></category>
  44. <category><![CDATA[Java malware]]></category>
  45. <category><![CDATA[legitimate service abuse]]></category>
  46. <category><![CDATA[Microsoft Office 365]]></category>
  47. <category><![CDATA[python malware]]></category>
  48. <category><![CDATA[Quick Assist]]></category>
  49. <category><![CDATA[remote machine management]]></category>
  50. <category><![CDATA[STAC5143]]></category>
  51. <category><![CDATA[stac5777]]></category>
  52. <category><![CDATA[Teams]]></category>
  53. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959250</guid>
  54.  
  55. <description><![CDATA[Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.]]></description>
  56. <wfw:commentRss>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/feed/</wfw:commentRss>
  57. <slash:comments>0</slash:comments>
  58. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  59. <post-id xmlns="com-wordpress:feed-additions:1">959250</post-id>
  60. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" alt="" />
  61. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" medium="image" alt="">
  62. <media:title type="html">Email,Alert,And,Message,Sending,/,Receiving,Concept,:,Envelope</media:title>
  63. </media:content>
  64.  
  65. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Rpivot-obfuscated.png" medium="image" alt="A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.">
  66. <media:title type="html">A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.</media:title>
  67. </media:content>
  68.  
  69. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Fig2Vishing.png" medium="image" alt="Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration">
  70. <media:title type="html">Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration</media:title>
  71. </media:content>
  72.  
  73. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/TeamsVishingfig2.png" medium="image" alt="" />
  74. </item>
  75. <item>
  76. <title>Gootloader inside out</title>
  77. <link>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/</link>
  78. <comments>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/?noamp=mobile#respond</comments>
  79. <dc:creator><![CDATA[Gabor Szappanos]]></dc:creator>
  80. <pubDate>Thu, 16 Jan 2025 17:00:02 +0000</pubDate>
  81. <category><![CDATA[Threat Research]]></category>
  82. <category><![CDATA[featured]]></category>
  83. <category><![CDATA[Gootkit]]></category>
  84. <category><![CDATA[Gootloader]]></category>
  85. <category><![CDATA[HelloDolly]]></category>
  86. <category><![CDATA[JScript]]></category>
  87. <category><![CDATA[malicious SEO]]></category>
  88. <category><![CDATA[malware]]></category>
  89. <category><![CDATA[obfuscation]]></category>
  90. <category><![CDATA[php]]></category>
  91. <category><![CDATA[PHP shell]]></category>
  92. <category><![CDATA[SEO]]></category>
  93. <category><![CDATA[WordPress]]></category>
  94. <category><![CDATA[YARA]]></category>
  95. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959285</guid>
  96.  
  97. <description><![CDATA[Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward]]></description>
  98. <wfw:commentRss>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/feed/</wfw:commentRss>
  99. <slash:comments>0</slash:comments>
  100. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  101. <post-id xmlns="com-wordpress:feed-additions:1">959285</post-id>
  102. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" alt="" />
  103. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" medium="image" alt="">
  104. <media:title type="html">Magic,Wand,And,Top,Hat,Isolated,On,White.,Magician,Trick</media:title>
  105. </media:content>
  106.  
  107. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image1.png" medium="image" alt="A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them">
  108. <media:title type="html">A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them</media:title>
  109. </media:content>
  110.  
  111. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image2.png" medium="image" alt="Gootloader has poisoned search results in multiple languages, including German, French, and Korean ">
  112. <media:title type="html">Gootloader has poisoned search results in multiple languages, including German, French, and Korean </media:title>
  113. </media:content>
  114.  
  115. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image3.png" medium="image" alt="Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don&#039;t actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result">
  116. <media:title type="html">Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don&#039;t actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result</media:title>
  117. </media:content>
  118.  
  119. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image4.png" medium="image" alt=" A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.">
  120. <media:title type="html"> A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.</media:title>
  121. </media:content>
  122.  
  123. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image5.png" medium="image" alt="The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day">
  124. <media:title type="html">The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day</media:title>
  125. </media:content>
  126.  
  127. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image6.png" medium="image" alt="A block of base64-encoded data stored as a variable named $pposte in a WordPress database">
  128. <media:title type="html">A block of base64-encoded data stored as a variable named $pposte in a WordPress database</media:title>
  129. </media:content>
  130.  
  131. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image7.png" medium="image" alt="Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query">
  132. <media:title type="html">Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query</media:title>
  133. </media:content>
  134.  
  135. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image8.png" medium="image" alt="The &#034;place marker&#034; string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page">
  136. <media:title type="html">The &#034;place marker&#034; string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page</media:title>
  137. </media:content>
  138.  
  139. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image9.png" medium="image" alt="Files that contain references to the Gootloader &#034;mothership&#034; website (screenshot courtesy of VirusTotal)">
  140. <media:title type="html">Files that contain references to the Gootloader &#034;mothership&#034; website (screenshot courtesy of VirusTotal)</media:title>
  141. </media:content>
  142.  
  143. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image10.png" medium="image" alt="Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages">
  144. <media:title type="html">Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages</media:title>
  145. </media:content>
  146.  
  147. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image11.png" medium="image" alt="a WordPress database dump in VirusTotal">
  148. <media:title type="html">a WordPress database dump in VirusTotal</media:title>
  149. </media:content>
  150.  
  151. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image12.png" medium="image" alt=" A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications">
  152. <media:title type="html"> A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications</media:title>
  153. </media:content>
  154.  
  155. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image13.png" medium="image" alt="The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor">
  156. <media:title type="html">The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor</media:title>
  157. </media:content>
  158.  
  159. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image14.png" medium="image" alt="A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised">
  160. <media:title type="html">A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised</media:title>
  161. </media:content>
  162.  
  163. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image15.png" medium="image" alt="The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website">
  164. <media:title type="html">The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website</media:title>
  165. </media:content>
  166.  
  167. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image16.png" medium="image" alt=" The Gootkit code blocks repeat visitors by adding not only the visitor&#039;s IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor&#039;s address, just for good measure">
  168. <media:title type="html"> The Gootkit code blocks repeat visitors by adding not only the visitor&#039;s IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor&#039;s address, just for good measure</media:title>
  169. </media:content>
  170.  
  171. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image17.png" medium="image" alt="The Gootkit/Gootloader fake forum page, featuring a &#034;question&#034; and an &#034;answer&#034; that links to the Gootloader JScript first-stage payload">
  172. <media:title type="html">The Gootkit/Gootloader fake forum page, featuring a &#034;question&#034; and an &#034;answer&#034; that links to the Gootloader JScript first-stage payload</media:title>
  173. </media:content>
  174.  
  175. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image18.png" medium="image" alt="The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.">
  176. <media:title type="html">The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.</media:title>
  177. </media:content>
  178.  
  179. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image19.png" medium="image" alt="A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on">
  180. <media:title type="html">A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on</media:title>
  181. </media:content>
  182.  
  183. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image20.png" medium="image" alt="The replacement content includes the text of the &#034;Questions And Answers&#034; fake forum page">
  184. <media:title type="html">The replacement content includes the text of the &#034;Questions And Answers&#034; fake forum page</media:title>
  185. </media:content>
  186.  
  187. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image21.png" medium="image" alt="The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload">
  188. <media:title type="html">The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload</media:title>
  189. </media:content>
  190.  
  191. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image22.png" medium="image" alt="A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.">
  192. <media:title type="html">A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.</media:title>
  193. </media:content>
  194.  
  195. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image23.png" medium="image" alt="The source code of the PHP script that delivers the first stage Gootloader payload">
  196. <media:title type="html">The source code of the PHP script that delivers the first stage Gootloader payload</media:title>
  197. </media:content>
  198.  
  199. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image24.png" medium="image" alt="Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)">
  200. <media:title type="html">Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)</media:title>
  201. </media:content>
  202.  
  203. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image25.png" medium="image" alt="Another format of the modified HelloDolly.php script shows the unique identifier string">
  204. <media:title type="html">Another format of the modified HelloDolly.php script shows the unique identifier string</media:title>
  205. </media:content>
  206.  
  207. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image26.png" medium="image" alt="A variation on the modified HelloDolly.php script">
  208. <media:title type="html">A variation on the modified HelloDolly.php script</media:title>
  209. </media:content>
  210.  
  211. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image27.png" medium="image" alt="A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)">
  212. <media:title type="html">A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)</media:title>
  213. </media:content>
  214.  
  215. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image28.png" medium="image" alt="A WordPress database dump contains the same elements that the Rich Infante blog references">
  216. <media:title type="html">A WordPress database dump contains the same elements that the Rich Infante blog references</media:title>
  217. </media:content>
  218.  
  219. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image29.png" medium="image" alt="The encoded form of a PHP script that delivers the .js payload">
  220. <media:title type="html">The encoded form of a PHP script that delivers the .js payload</media:title>
  221. </media:content>
  222.  
  223. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image30.png" medium="image" alt="A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader &#034;mothership&#034; server">
  224. <media:title type="html">A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader &#034;mothership&#034; server</media:title>
  225. </media:content>
  226.  
  227. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image31.png" medium="image" alt="The my-game website as it appeared in 2014, a Russian-language gambling site called &#034;Casino Game Life&#034;">
  228. <media:title type="html">The my-game website as it appeared in 2014, a Russian-language gambling site called &#034;Casino Game Life&#034;</media:title>
  229. </media:content>
  230.  
  231. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image32.png" medium="image" alt="The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively">
  232. <media:title type="html">The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively</media:title>
  233. </media:content>
  234. </item>
  235. <item>
  236. <title>Sophos ZTNA Updates</title>
  237. <link>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/</link>
  238. <comments>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/?noamp=mobile#respond</comments>
  239. <dc:creator><![CDATA[Chris McCormack]]></dc:creator>
  240. <pubDate>Thu, 16 Jan 2025 14:25:20 +0000</pubDate>
  241. <category><![CDATA[Products & Services]]></category>
  242. <category><![CDATA[network]]></category>
  243. <category><![CDATA[ZTNA]]></category>
  244. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959228</guid>
  245.  
  246. <description><![CDATA[New Let's Encrypt and regional support.]]></description>
  247. <wfw:commentRss>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/feed/</wfw:commentRss>
  248. <slash:comments>0</slash:comments>
  249. <media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="sophos ztna" />
  250. <post-id xmlns="com-wordpress:feed-additions:1">959228</post-id>
  251. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" alt="sophos ztna" />
  252. <media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" medium="image" alt="sophos ztna">
  253. <media:title type="html">sophos ztna</media:title>
  254. </media:content>
  255.  
  256. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image1.png?w=279" medium="image" alt="Lets Encrypt">
  257. <media:title type="html">Lets Encrypt</media:title>
  258. </media:content>
  259.  
  260. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image2.png" medium="image" alt="Lets Encrypt">
  261. <media:title type="html">Lets Encrypt</media:title>
  262. </media:content>
  263.  
  264. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/ZTNAscreenshot.jpg" medium="image" alt="ZTNA">
  265. <media:title type="html">ZTNA</media:title>
  266. </media:content>
  267.  
  268. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image4.jpg" medium="image" alt="Regions">
  269. <media:title type="html">Regions</media:title>
  270. </media:content>
  271. </item>
  272. <item>
  273. <title>159-CVE January Patch Tuesday smashes single-month record</title>
  274. <link>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/</link>
  275. <comments>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/?noamp=mobile#respond</comments>
  276. <dc:creator><![CDATA[Angela Gunn]]></dc:creator>
  277. <pubDate>Wed, 15 Jan 2025 03:09:41 +0000</pubDate>
  278. <category><![CDATA[Threat Research]]></category>
  279. <category><![CDATA[CVE-2025-21298]]></category>
  280. <category><![CDATA[featured]]></category>
  281. <category><![CDATA[Microsoft]]></category>
  282. <category><![CDATA[Microsoft Windows]]></category>
  283. <category><![CDATA[OLE]]></category>
  284. <category><![CDATA[Patch Tuesday]]></category>
  285. <category><![CDATA[RTF]]></category>
  286. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959257</guid>
  287.  
  288. <description><![CDATA[Brace yourselves... and consider reading your email in plaintext for now]]></description>
  289. <wfw:commentRss>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/feed/</wfw:commentRss>
  290. <slash:comments>0</slash:comments>
  291. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="Patch Tuesday" />
  292. <post-id xmlns="com-wordpress:feed-additions:1">959257</post-id>
  293. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg" alt="Patch Tuesday" />
  294. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg" medium="image" alt="Patch Tuesday">
  295. <media:title type="html">Patch Tuesday</media:title>
  296. </media:content>
  297.  
  298. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig01.png" medium="image" alt="A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text">
  299. <media:title type="html">A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text</media:title>
  300. </media:content>
  301.  
  302. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig02.png" medium="image" alt="A bar chart showing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text">
  303. <media:title type="html">A bar chart showing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text</media:title>
  304. </media:content>
  305.  
  306. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig03.png" medium="image" alt="A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest">
  307. <media:title type="html">A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest</media:title>
  308. </media:content>
  309. </item>
  310. <item>
  311. <title>Prioritizing patching: A deep dive into frameworks and tools &#8211; Part 2: Alternative frameworks</title>
  312. <link>https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-2-alternative-frameworks/</link>
  313. <dc:creator><![CDATA[Matt Wixey]]></dc:creator>
  314. <pubDate>Mon, 30 Dec 2024 15:05:30 +0000</pubDate>
  315. <category><![CDATA[Threat Research]]></category>
  316. <category><![CDATA[CVSS]]></category>
  317. <category><![CDATA[Patch Tuesday]]></category>
  318. <category><![CDATA[patching]]></category>
  319. <category><![CDATA[Sophos X-Ops]]></category>
  320. <category><![CDATA[threat research]]></category>
  321. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959081</guid>
  322.  
  323. <description><![CDATA[In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS]]></description>
  324. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  325. <post-id xmlns="com-wordpress:feed-additions:1">959081</post-id>
  326. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg" alt="" />
  327. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg" medium="image" alt="">
  328. <media:title type="html">Real,Time,Analytics,Concept.,The,Process,Of,Collecting,Data,As</media:title>
  329. </media:content>
  330.  
  331. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-1-1.png" medium="image" alt="" />
  332.  
  333. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-2-1.png" medium="image" alt="" />
  334.  
  335. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-3.png" medium="image" alt="" />
  336.  
  337. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-4.png" medium="image" alt="" />
  338.  
  339. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-5.png" medium="image" alt="" />
  340.  
  341. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-6.png" medium="image" alt="" />
  342.  
  343. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-7.png" medium="image" alt="" />
  344. </item>
  345. <item>
  346. <title>Prioritizing patching: A deep dive into frameworks and tools &#8211; Part 1: CVSS</title>
  347. <link>https://news.sophos.com/en-us/2024/12/27/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-1-cvss/</link>
  348. <dc:creator><![CDATA[Matt Wixey]]></dc:creator>
  349. <pubDate>Fri, 27 Dec 2024 17:33:53 +0000</pubDate>
  350. <category><![CDATA[Threat Research]]></category>
  351. <category><![CDATA[CVSS]]></category>
  352. <category><![CDATA[Patch Tuesday]]></category>
  353. <category><![CDATA[patching]]></category>
  354. <category><![CDATA[Sophos X-Ops]]></category>
  355. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959055</guid>
  356.  
  357. <description><![CDATA[In the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS)]]></description>
  358. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  359. <post-id xmlns="com-wordpress:feed-additions:1">959055</post-id>
  360. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg" alt="" />
  361. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg" medium="image" alt="">
  362. <media:title type="html">Business,Operations,And,Management,Concept.,Thinking,Of,A,Strategy,And</media:title>
  363. </media:content>
  364.  
  365. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-1.png" medium="image" alt="" />
  366.  
  367. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-2.png" medium="image" alt="" />
  368. </item>
  369. <item>
  370. <title>Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces</title>
  371. <link>https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/</link>
  372. <dc:creator><![CDATA[gallagherseanm]]></dc:creator>
  373. <pubDate>Thu, 19 Dec 2024 15:11:48 +0000</pubDate>
  374. <category><![CDATA[Security Operations]]></category>
  375. <category><![CDATA[Threat Research]]></category>
  376. <category><![CDATA[CloudFlare]]></category>
  377. <category><![CDATA[featured]]></category>
  378. <category><![CDATA[FlowerStorm]]></category>
  379. <category><![CDATA[legitimate service abuse]]></category>
  380. <category><![CDATA[Phishing]]></category>
  381. <category><![CDATA[phishing-as-a-service]]></category>
  382. <category><![CDATA[Rockstar]]></category>
  383. <category><![CDATA[Rockstar2FA]]></category>
  384. <category><![CDATA[Sophos MDR]]></category>
  385. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=958944</guid>
  386.  
  387. <description><![CDATA[A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar ]]></description>
  388. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  389. <post-id xmlns="com-wordpress:feed-additions:1">958944</post-id>
  390. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg" alt="" />
  391. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg" medium="image" alt="">
  392. <media:title type="html">A,Wooden,Acoustic,Guitar,At,Night.,With,Spotlight,For,Your</media:title>
  393. </media:content>
  394.  
  395. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/rockstar-decoy.png" medium="image" alt="A screenshot of a Rockstar2FA &#034;decoy&#034; page, a fake auto dealer site.">
  396. <media:title type="html">A screenshot of a Rockstar2FA &#034;decoy&#034; page, a fake auto dealer site.</media:title>
  397. </media:content>
  398.  
  399. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Rockstar-backend-server-comms.jpg" medium="image" alt="Screen shots of the developer view of Chrome showing web requests sent from a Rockstar2FA phishing portal. ">
  400. <media:title type="html">Screen shots of the developer view of Chrome showing web requests sent from a Rockstar2FA phishing portal. </media:title>
  401. </media:content>
  402.  
  403. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RockstarTLDs.png" medium="image" alt="A pie chart showing the distribution of top-level domains the 10 most heavily used domain names were registered with. A third were .ru, a fifth were .com. ">
  404. <media:title type="html">A pie chart showing the distribution of top-level domains the 10 most heavily used domain names were registered with. A third were .ru, a fifth were .com. </media:title>
  405. </media:content>
  406.  
  407. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStorm-detects-by-TLD.jpg" medium="image" alt="A bar chart showing the distribution of TLDs and number of URLs detected per month for Rockstar2FA. The number of .ru domains decreased significantly over time.">
  408. <media:title type="html">A bar chart showing the distribution of TLDs and number of URLs detected per month for Rockstar2FA. The number of .ru domains decreased significantly over time.</media:title>
  409. </media:content>
  410.  
  411. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Rockstarerror522.png" medium="image" alt="A screenshot of a failed connection error for a Rockstar decoy page.">
  412. <media:title type="html">A screenshot of a failed connection error for a Rockstar decoy page.</media:title>
  413. </media:content>
  414.  
  415. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RockstarOutlookanimate.png" medium="image" alt="A screenshot of an animated Office365 logo for Outlook used by Rockstar&#039;s phishing portal pages.">
  416. <media:title type="html">A screenshot of an animated Office365 logo for Outlook used by Rockstar&#039;s phishing portal pages.</media:title>
  417. </media:content>
  418.  
  419. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Failed_connection_Rockstar_backend.png" medium="image" alt="A screenshot of a Chrome developer view of a Rockstar pages.dev phishing portal failing to connect to a backend server.">
  420. <media:title type="html">A screenshot of a Chrome developer view of a Rockstar pages.dev phishing portal failing to connect to a backend server.</media:title>
  421. </media:content>
  422.  
  423. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormphishnext-php.png" medium="image" alt="A screenshot of data abouit and ">
  424. <media:title type="html">A screenshot of data abouit and </media:title>
  425. </media:content>
  426.  
  427. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormEntraID-log.png" medium="image" alt="Figure 9: the EnteraID log for a sign-in by the adversary-in-the-middle script on the phishing service’s back-end server.">
  428. <media:title type="html">Figure 9: the EnteraID log for a sign-in by the adversary-in-the-middle script on the phishing service’s back-end server.</media:title>
  429. </media:content>
  430.  
  431. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Flowerstorm-same-host-authenticate.png" medium="image" alt="Figure 10: the HTTP header data for a phishing page’s backend server communications on a separate host">
  432. <media:title type="html">Figure 10: the HTTP header data for a phishing page’s backend server communications on a separate host</media:title>
  433. </media:content>
  434.  
  435. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerstormDeveloperViewPhishportal.png" medium="image" alt="Figure 11: A developer browser view of the phishing page protectivewearsupplies[.]doclawfederal[.]com/wQBPg/">
  436. <media:title type="html">Figure 11: A developer browser view of the phishing page protectivewearsupplies[.]doclawfederal[.]com/wQBPg/</media:title>
  437. </media:content>
  438.  
  439. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/rockstardom.png" medium="image" alt="Figure12: The document object model of a Rockstar2FA phishing page ">
  440. <media:title type="html">Figure12: The document object model of a Rockstar2FA phishing page </media:title>
  441. </media:content>
  442.  
  443. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/OldFlowerDom.png" medium="image" alt="Figure 13: The DOM of an older FlowerStorm phishing page (from June 2024)">
  444. <media:title type="html">Figure 13: The DOM of an older FlowerStorm phishing page (from June 2024)</media:title>
  445. </media:content>
  446.  
  447. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/NewFlowerDom.png" medium="image" alt="Figure 14: The DOM of a newer FlowerStorm phishing page; the algorithm generating the title and function names uses a combination of two botanical-themed words">
  448. <media:title type="html">Figure 14: The DOM of a newer FlowerStorm phishing page; the algorithm generating the title and function names uses a combination of two botanical-themed words</media:title>
  449. </media:content>
  450.  
  451. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RS_vs_FS_detects.jpg" medium="image" alt="Figure 15: A chart plotting daily page detections for Rockstar2FA and FlowerStorm through the end of November 2024 ">
  452. <media:title type="html">Figure 15: A chart plotting daily page detections for Rockstar2FA and FlowerStorm through the end of November 2024 </media:title>
  453. </media:content>
  454.  
  455. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormTargeting.png" medium="image" alt="Figure 16: The ten countries most targeted by attackers using FlowerStorm, based on Sophos detections">
  456. <media:title type="html">Figure 16: The ten countries most targeted by attackers using FlowerStorm, based on Sophos detections</media:title>
  457. </media:content>
  458.  
  459. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FSindustrytargeting.png" medium="image" alt="Figure 17: The ten business sectors most targeted by attackers using FlowerStorm">
  460. <media:title type="html">Figure 17: The ten business sectors most targeted by attackers using FlowerStorm</media:title>
  461. </media:content>
  462. </item>
  463. <item>
  464. <title>Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports</title>
  465. <link>https://news.sophos.com/en-us/2024/12/18/sophos-ranked-1-overall-for-firewall-mdr-and-edr-in-the-g2-winter-2025-reports/</link>
  466. <dc:creator><![CDATA[rajansanhotra]]></dc:creator>
  467. <pubDate>Wed, 18 Dec 2024 10:21:54 +0000</pubDate>
  468. <category><![CDATA[Products & Services]]></category>
  469. <category><![CDATA[EDR]]></category>
  470. <category><![CDATA[Endpoint]]></category>
  471. <category><![CDATA[Firewall]]></category>
  472. <category><![CDATA[G2]]></category>
  473. <category><![CDATA[MDR]]></category>
  474. <category><![CDATA[Sophos EDR]]></category>
  475. <category><![CDATA[Sophos Endpoint]]></category>
  476. <category><![CDATA[Sophos Firewall]]></category>
  477. <category><![CDATA[Sophos MDR]]></category>
  478. <category><![CDATA[Sophos XDR]]></category>
  479. <category><![CDATA[XDR]]></category>
  480. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=958917</guid>
  481.  
  482. <description><![CDATA[Sophos was also ranked the #1 solution in 36 individual reports spanning the Antivirus, EDR, Endpoint Protection Suites, XDR, Firewall, and MDR markets.]]></description>
  483. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports" />
  484. <post-id xmlns="com-wordpress:feed-additions:1">958917</post-id>
  485. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports" />
  486. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png" medium="image" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports">
  487. <media:title type="html">Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports</media:title>
  488. </media:content>
  489. </item>
  490. <item>
  491. <title>Year in Review 2024: The major headlines and moments from Sophos this year</title>
  492. <link>https://news.sophos.com/en-us/2024/12/17/year-in-review-2024-the-major-headlines-and-moments-from-sophos-this-year/</link>
  493. <dc:creator><![CDATA[Doug Aamoth]]></dc:creator>
  494. <pubDate>Tue, 17 Dec 2024 13:00:15 +0000</pubDate>
  495. <category><![CDATA[Products & Services]]></category>
  496. <category><![CDATA[Sophos Endpoint]]></category>
  497. <category><![CDATA[Sophos MDR]]></category>
  498. <category><![CDATA[Sophos X-Ops]]></category>
  499. <category><![CDATA[Sophos XDR]]></category>
  500. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=958865</guid>
  501.  
  502. <description><![CDATA[From cyber attacks across the geopolitical landscapes, to product updates that help small businesses, Sophos was there in 2024.]]></description>
  503. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01" />
  504. <post-id xmlns="com-wordpress:feed-additions:1">958865</post-id>
  505. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01" />
  506. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png" medium="image" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01">
  507. <media:title type="html">sophos-wews-blog-banner-year-in-review-1200x628px-01</media:title>
  508. </media:content>
  509. </item>
  510. <item>
  511. <title>DeepSpeed: a tuning tool for large language models</title>
  512. <link>https://news.sophos.com/en-us/2024/12/13/deepspeed-a-tuning-tool-for-large-language-models/</link>
  513. <dc:creator><![CDATA[gallagherseanm]]></dc:creator>
  514. <pubDate>Fri, 13 Dec 2024 11:30:50 +0000</pubDate>
  515. <category><![CDATA[AI Research]]></category>
  516. <category><![CDATA[deepspeed]]></category>
  517. <category><![CDATA[featured]]></category>
  518. <category><![CDATA[LLM]]></category>
  519. <category><![CDATA[LLM tuning]]></category>
  520. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=958840</guid>
  521.  
  522. <description><![CDATA[SophosAI’s framework for upgrading the performance of LLMs for cybersecurity tasks (or any other specific task) is now open source. ]]></description>
  523. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  524. <post-id xmlns="com-wordpress:feed-additions:1">958840</post-id>
  525. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg" alt="" />
  526. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg" medium="image" alt="">
  527. <media:title type="html">shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited</media:title>
  528. </media:content>
  529.  
  530. <media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Slide1.jpeg" medium="image" alt="" />
  531. </item>
  532. </channel>
  533. </rss>
  534.  
Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda