This feed does not validate.
line 63, column 3: (89 occurrences) [help]
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/em ...
^
line 65, column 2: (10 occurrences) [help]
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/e ...
^
In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
... rel="self" type="application/rss+xml" />
^
line 34, column 0: (11 occurrences) [help]
<site xmlns="com-wordpress:feed-additions:1">166161023</site> <item>
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
xmlns:georss="http://www.georss.org/georss"
xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
xmlns:media="http://search.yahoo.com/mrss/"
>
<channel>
<title>Sophos News</title>
<atom:link href="https://news.sophos.com/en-us/feed/" rel="self" type="application/rss+xml" />
<link>https://news.sophos.com/en-us/</link>
<description>The Sophos Blog</description>
<lastBuildDate>Fri, 24 Jan 2025 20:49:52 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.7.1</generator>
<image>
<url>https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=32</url>
<title>Sophos News</title>
<link>https://news.sophos.com/en-us/</link>
<width>32</width>
<height>32</height>
</image>
<site xmlns="com-wordpress:feed-additions:1">166161023</site> <item>
<title>Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”</title>
<link>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/</link>
<comments>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/?noamp=mobile#respond</comments>
<dc:creator><![CDATA[gallagherseanm]]></dc:creator>
<pubDate>Tue, 21 Jan 2025 11:30:14 +0000</pubDate>
<category><![CDATA[Security Operations]]></category>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[Black Basta]]></category>
<category><![CDATA[featured]]></category>
<category><![CDATA[Fin7]]></category>
<category><![CDATA[Java malware]]></category>
<category><![CDATA[legitimate service abuse]]></category>
<category><![CDATA[Microsoft Office 365]]></category>
<category><![CDATA[python malware]]></category>
<category><![CDATA[Quick Assist]]></category>
<category><![CDATA[remote machine management]]></category>
<category><![CDATA[STAC5143]]></category>
<category><![CDATA[stac5777]]></category>
<category><![CDATA[Teams]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959250</guid>
<description><![CDATA[Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.]]></description>
<wfw:commentRss>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">959250</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" medium="image" alt="">
<media:title type="html">Email,Alert,And,Message,Sending,/,Receiving,Concept,:,Envelope</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Rpivot-obfuscated.png" medium="image" alt="A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.">
<media:title type="html">A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Fig2Vishing.png" medium="image" alt="Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration">
<media:title type="html">Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/TeamsVishingfig2.png" medium="image" alt="" />
</item>
<item>
<title>Gootloader inside out</title>
<link>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/</link>
<comments>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/?noamp=mobile#respond</comments>
<dc:creator><![CDATA[Gabor Szappanos]]></dc:creator>
<pubDate>Thu, 16 Jan 2025 17:00:02 +0000</pubDate>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[featured]]></category>
<category><![CDATA[Gootkit]]></category>
<category><![CDATA[Gootloader]]></category>
<category><![CDATA[HelloDolly]]></category>
<category><![CDATA[JScript]]></category>
<category><![CDATA[malicious SEO]]></category>
<category><![CDATA[malware]]></category>
<category><![CDATA[obfuscation]]></category>
<category><![CDATA[php]]></category>
<category><![CDATA[PHP shell]]></category>
<category><![CDATA[SEO]]></category>
<category><![CDATA[WordPress]]></category>
<category><![CDATA[YARA]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959285</guid>
<description><![CDATA[Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward]]></description>
<wfw:commentRss>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">959285</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" medium="image" alt="">
<media:title type="html">Magic,Wand,And,Top,Hat,Isolated,On,White.,Magician,Trick</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image1.png" medium="image" alt="A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them">
<media:title type="html">A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image2.png" medium="image" alt="Gootloader has poisoned search results in multiple languages, including German, French, and Korean ">
<media:title type="html">Gootloader has poisoned search results in multiple languages, including German, French, and Korean </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image3.png" medium="image" alt="Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don't actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result">
<media:title type="html">Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don't actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image4.png" medium="image" alt=" A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.">
<media:title type="html"> A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image5.png" medium="image" alt="The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day">
<media:title type="html">The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image6.png" medium="image" alt="A block of base64-encoded data stored as a variable named $pposte in a WordPress database">
<media:title type="html">A block of base64-encoded data stored as a variable named $pposte in a WordPress database</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image7.png" medium="image" alt="Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query">
<media:title type="html">Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image8.png" medium="image" alt="The "place marker" string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page">
<media:title type="html">The "place marker" string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image9.png" medium="image" alt="Files that contain references to the Gootloader "mothership" website (screenshot courtesy of VirusTotal)">
<media:title type="html">Files that contain references to the Gootloader "mothership" website (screenshot courtesy of VirusTotal)</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image10.png" medium="image" alt="Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages">
<media:title type="html">Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image11.png" medium="image" alt="a WordPress database dump in VirusTotal">
<media:title type="html">a WordPress database dump in VirusTotal</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image12.png" medium="image" alt=" A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications">
<media:title type="html"> A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image13.png" medium="image" alt="The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor">
<media:title type="html">The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image14.png" medium="image" alt="A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised">
<media:title type="html">A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image15.png" medium="image" alt="The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website">
<media:title type="html">The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image16.png" medium="image" alt=" The Gootkit code blocks repeat visitors by adding not only the visitor's IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor's address, just for good measure">
<media:title type="html"> The Gootkit code blocks repeat visitors by adding not only the visitor's IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor's address, just for good measure</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image17.png" medium="image" alt="The Gootkit/Gootloader fake forum page, featuring a "question" and an "answer" that links to the Gootloader JScript first-stage payload">
<media:title type="html">The Gootkit/Gootloader fake forum page, featuring a "question" and an "answer" that links to the Gootloader JScript first-stage payload</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image18.png" medium="image" alt="The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.">
<media:title type="html">The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image19.png" medium="image" alt="A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on">
<media:title type="html">A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image20.png" medium="image" alt="The replacement content includes the text of the "Questions And Answers" fake forum page">
<media:title type="html">The replacement content includes the text of the "Questions And Answers" fake forum page</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image21.png" medium="image" alt="The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload">
<media:title type="html">The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image22.png" medium="image" alt="A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.">
<media:title type="html">A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image23.png" medium="image" alt="The source code of the PHP script that delivers the first stage Gootloader payload">
<media:title type="html">The source code of the PHP script that delivers the first stage Gootloader payload</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image24.png" medium="image" alt="Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)">
<media:title type="html">Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image25.png" medium="image" alt="Another format of the modified HelloDolly.php script shows the unique identifier string">
<media:title type="html">Another format of the modified HelloDolly.php script shows the unique identifier string</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image26.png" medium="image" alt="A variation on the modified HelloDolly.php script">
<media:title type="html">A variation on the modified HelloDolly.php script</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image27.png" medium="image" alt="A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)">
<media:title type="html">A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image28.png" medium="image" alt="A WordPress database dump contains the same elements that the Rich Infante blog references">
<media:title type="html">A WordPress database dump contains the same elements that the Rich Infante blog references</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image29.png" medium="image" alt="The encoded form of a PHP script that delivers the .js payload">
<media:title type="html">The encoded form of a PHP script that delivers the .js payload</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image30.png" medium="image" alt="A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader "mothership" server">
<media:title type="html">A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader "mothership" server</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image31.png" medium="image" alt="The my-game website as it appeared in 2014, a Russian-language gambling site called "Casino Game Life"">
<media:title type="html">The my-game website as it appeared in 2014, a Russian-language gambling site called "Casino Game Life"</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image32.png" medium="image" alt="The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively">
<media:title type="html">The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively</media:title>
</media:content>
</item>
<item>
<title>Sophos ZTNA Updates</title>
<link>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/</link>
<comments>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/?noamp=mobile#respond</comments>
<dc:creator><![CDATA[Chris McCormack]]></dc:creator>
<pubDate>Thu, 16 Jan 2025 14:25:20 +0000</pubDate>
<category><![CDATA[Products & Services]]></category>
<category><![CDATA[network]]></category>
<category><![CDATA[ZTNA]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959228</guid>
<description><![CDATA[New Let's Encrypt and regional support.]]></description>
<wfw:commentRss>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png?w=230&h=130&crop=1" medium="image" alt="sophos ztna" />
<post-id xmlns="com-wordpress:feed-additions:1">959228</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" alt="sophos ztna" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" medium="image" alt="sophos ztna">
<media:title type="html">sophos ztna</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image1.png?w=279" medium="image" alt="Lets Encrypt">
<media:title type="html">Lets Encrypt</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image2.png" medium="image" alt="Lets Encrypt">
<media:title type="html">Lets Encrypt</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/ZTNAscreenshot.jpg" medium="image" alt="ZTNA">
<media:title type="html">ZTNA</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image4.jpg" medium="image" alt="Regions">
<media:title type="html">Regions</media:title>
</media:content>
</item>
<item>
<title>159-CVE January Patch Tuesday smashes single-month record</title>
<link>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/</link>
<comments>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/?noamp=mobile#respond</comments>
<dc:creator><![CDATA[Angela Gunn]]></dc:creator>
<pubDate>Wed, 15 Jan 2025 03:09:41 +0000</pubDate>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[CVE-2025-21298]]></category>
<category><![CDATA[featured]]></category>
<category><![CDATA[Microsoft]]></category>
<category><![CDATA[Microsoft Windows]]></category>
<category><![CDATA[OLE]]></category>
<category><![CDATA[Patch Tuesday]]></category>
<category><![CDATA[RTF]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959257</guid>
<description><![CDATA[Brace yourselves... and consider reading your email in plaintext for now]]></description>
<wfw:commentRss>https://news.sophos.com/en-us/2025/01/14/159-cve-january-patch-tuesday-smashes-single-month-record/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg?w=230&h=130&crop=1" medium="image" alt="Patch Tuesday" />
<post-id xmlns="com-wordpress:feed-additions:1">959257</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg" alt="Patch Tuesday" />
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_86010604.jpg" medium="image" alt="Patch Tuesday">
<media:title type="html">Patch Tuesday</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig01.png" medium="image" alt="A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text">
<media:title type="html">A bar chart showing the distribution of severities of bugs patched in the January 2025 Patch Tuesday set, as described in the article text</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig02.png" medium="image" alt="A bar chart showing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text">
<media:title type="html">A bar chart showing the distribution of product families affected by bugs patched in the January 2025 Patch Tuesday set, as described in the article text</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2025/01/pt2501-fig03.png" medium="image" alt="A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest">
<media:title type="html">A bar chart showing 61 months of overall CVEs counts for Microsoft Patch Tuesdays since January 2020; the rightmost bar indicates the numbers for january 2025 and is taller than the rest</media:title>
</media:content>
</item>
<item>
<title>Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks</title>
<link>https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-2-alternative-frameworks/</link>
<dc:creator><![CDATA[Matt Wixey]]></dc:creator>
<pubDate>Mon, 30 Dec 2024 15:05:30 +0000</pubDate>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[CVSS]]></category>
<category><![CDATA[Patch Tuesday]]></category>
<category><![CDATA[patching]]></category>
<category><![CDATA[Sophos X-Ops]]></category>
<category><![CDATA[threat research]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959081</guid>
<description><![CDATA[In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">959081</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2483952669.jpg" medium="image" alt="">
<media:title type="html">Real,Time,Analytics,Concept.,The,Process,Of,Collecting,Data,As</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-1-1.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-2-1.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-3.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-4.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-5.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-6.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-7.png" medium="image" alt="" />
</item>
<item>
<title>Prioritizing patching: A deep dive into frameworks and tools – Part 1: CVSS</title>
<link>https://news.sophos.com/en-us/2024/12/27/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-1-cvss/</link>
<dc:creator><![CDATA[Matt Wixey]]></dc:creator>
<pubDate>Fri, 27 Dec 2024 17:33:53 +0000</pubDate>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[CVSS]]></category>
<category><![CDATA[Patch Tuesday]]></category>
<category><![CDATA[patching]]></category>
<category><![CDATA[Sophos X-Ops]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=959055</guid>
<description><![CDATA[In the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS)]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">959055</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_2501372697.jpg" medium="image" alt="">
<media:title type="html">Business,Operations,And,Management,Concept.,Thinking,Of,A,Strategy,And</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-1.png" medium="image" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Figure-2.png" medium="image" alt="" />
</item>
<item>
<title>Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces</title>
<link>https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/</link>
<dc:creator><![CDATA[gallagherseanm]]></dc:creator>
<pubDate>Thu, 19 Dec 2024 15:11:48 +0000</pubDate>
<category><![CDATA[Security Operations]]></category>
<category><![CDATA[Threat Research]]></category>
<category><![CDATA[CloudFlare]]></category>
<category><![CDATA[featured]]></category>
<category><![CDATA[FlowerStorm]]></category>
<category><![CDATA[legitimate service abuse]]></category>
<category><![CDATA[Phishing]]></category>
<category><![CDATA[phishing-as-a-service]]></category>
<category><![CDATA[Rockstar]]></category>
<category><![CDATA[Rockstar2FA]]></category>
<category><![CDATA[Sophos MDR]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=958944</guid>
<description><![CDATA[A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar ]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">958944</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_1469287178.jpg" medium="image" alt="">
<media:title type="html">A,Wooden,Acoustic,Guitar,At,Night.,With,Spotlight,For,Your</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/rockstar-decoy.png" medium="image" alt="A screenshot of a Rockstar2FA "decoy" page, a fake auto dealer site.">
<media:title type="html">A screenshot of a Rockstar2FA "decoy" page, a fake auto dealer site.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Rockstar-backend-server-comms.jpg" medium="image" alt="Screen shots of the developer view of Chrome showing web requests sent from a Rockstar2FA phishing portal. ">
<media:title type="html">Screen shots of the developer view of Chrome showing web requests sent from a Rockstar2FA phishing portal. </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RockstarTLDs.png" medium="image" alt="A pie chart showing the distribution of top-level domains the 10 most heavily used domain names were registered with. A third were .ru, a fifth were .com. ">
<media:title type="html">A pie chart showing the distribution of top-level domains the 10 most heavily used domain names were registered with. A third were .ru, a fifth were .com. </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStorm-detects-by-TLD.jpg" medium="image" alt="A bar chart showing the distribution of TLDs and number of URLs detected per month for Rockstar2FA. The number of .ru domains decreased significantly over time.">
<media:title type="html">A bar chart showing the distribution of TLDs and number of URLs detected per month for Rockstar2FA. The number of .ru domains decreased significantly over time.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Rockstarerror522.png" medium="image" alt="A screenshot of a failed connection error for a Rockstar decoy page.">
<media:title type="html">A screenshot of a failed connection error for a Rockstar decoy page.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RockstarOutlookanimate.png" medium="image" alt="A screenshot of an animated Office365 logo for Outlook used by Rockstar's phishing portal pages.">
<media:title type="html">A screenshot of an animated Office365 logo for Outlook used by Rockstar's phishing portal pages.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Failed_connection_Rockstar_backend.png" medium="image" alt="A screenshot of a Chrome developer view of a Rockstar pages.dev phishing portal failing to connect to a backend server.">
<media:title type="html">A screenshot of a Chrome developer view of a Rockstar pages.dev phishing portal failing to connect to a backend server.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormphishnext-php.png" medium="image" alt="A screenshot of data abouit and ">
<media:title type="html">A screenshot of data abouit and </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormEntraID-log.png" medium="image" alt="Figure 9: the EnteraID log for a sign-in by the adversary-in-the-middle script on the phishing service’s back-end server.">
<media:title type="html">Figure 9: the EnteraID log for a sign-in by the adversary-in-the-middle script on the phishing service’s back-end server.</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Flowerstorm-same-host-authenticate.png" medium="image" alt="Figure 10: the HTTP header data for a phishing page’s backend server communications on a separate host">
<media:title type="html">Figure 10: the HTTP header data for a phishing page’s backend server communications on a separate host</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerstormDeveloperViewPhishportal.png" medium="image" alt="Figure 11: A developer browser view of the phishing page protectivewearsupplies[.]doclawfederal[.]com/wQBPg/">
<media:title type="html">Figure 11: A developer browser view of the phishing page protectivewearsupplies[.]doclawfederal[.]com/wQBPg/</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/rockstardom.png" medium="image" alt="Figure12: The document object model of a Rockstar2FA phishing page ">
<media:title type="html">Figure12: The document object model of a Rockstar2FA phishing page </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/OldFlowerDom.png" medium="image" alt="Figure 13: The DOM of an older FlowerStorm phishing page (from June 2024)">
<media:title type="html">Figure 13: The DOM of an older FlowerStorm phishing page (from June 2024)</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/NewFlowerDom.png" medium="image" alt="Figure 14: The DOM of a newer FlowerStorm phishing page; the algorithm generating the title and function names uses a combination of two botanical-themed words">
<media:title type="html">Figure 14: The DOM of a newer FlowerStorm phishing page; the algorithm generating the title and function names uses a combination of two botanical-themed words</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/RS_vs_FS_detects.jpg" medium="image" alt="Figure 15: A chart plotting daily page detections for Rockstar2FA and FlowerStorm through the end of November 2024 ">
<media:title type="html">Figure 15: A chart plotting daily page detections for Rockstar2FA and FlowerStorm through the end of November 2024 </media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FlowerStormTargeting.png" medium="image" alt="Figure 16: The ten countries most targeted by attackers using FlowerStorm, based on Sophos detections">
<media:title type="html">Figure 16: The ten countries most targeted by attackers using FlowerStorm, based on Sophos detections</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/FSindustrytargeting.png" medium="image" alt="Figure 17: The ten business sectors most targeted by attackers using FlowerStorm">
<media:title type="html">Figure 17: The ten business sectors most targeted by attackers using FlowerStorm</media:title>
</media:content>
</item>
<item>
<title>Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports</title>
<link>https://news.sophos.com/en-us/2024/12/18/sophos-ranked-1-overall-for-firewall-mdr-and-edr-in-the-g2-winter-2025-reports/</link>
<dc:creator><![CDATA[rajansanhotra]]></dc:creator>
<pubDate>Wed, 18 Dec 2024 10:21:54 +0000</pubDate>
<category><![CDATA[Products & Services]]></category>
<category><![CDATA[EDR]]></category>
<category><![CDATA[Endpoint]]></category>
<category><![CDATA[Firewall]]></category>
<category><![CDATA[G2]]></category>
<category><![CDATA[MDR]]></category>
<category><![CDATA[Sophos EDR]]></category>
<category><![CDATA[Sophos Endpoint]]></category>
<category><![CDATA[Sophos Firewall]]></category>
<category><![CDATA[Sophos MDR]]></category>
<category><![CDATA[Sophos XDR]]></category>
<category><![CDATA[XDR]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=958917</guid>
<description><![CDATA[Sophos was also ranked the #1 solution in 36 individual reports spanning the Antivirus, EDR, Endpoint Protection Suites, XDR, Firewall, and MDR markets.]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png?w=230&h=130&crop=1" medium="image" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports" />
<post-id xmlns="com-wordpress:feed-additions:1">958917</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Sophos-ranked-1-overall-for-Firewall-MDR-and-EDR-in-the-G2-Winter-2025-Reports-1.png" medium="image" alt="Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports">
<media:title type="html">Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Winter 2025 Reports</media:title>
</media:content>
</item>
<item>
<title>Year in Review 2024: The major headlines and moments from Sophos this year</title>
<link>https://news.sophos.com/en-us/2024/12/17/year-in-review-2024-the-major-headlines-and-moments-from-sophos-this-year/</link>
<dc:creator><![CDATA[Doug Aamoth]]></dc:creator>
<pubDate>Tue, 17 Dec 2024 13:00:15 +0000</pubDate>
<category><![CDATA[Products & Services]]></category>
<category><![CDATA[Sophos Endpoint]]></category>
<category><![CDATA[Sophos MDR]]></category>
<category><![CDATA[Sophos X-Ops]]></category>
<category><![CDATA[Sophos XDR]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=958865</guid>
<description><![CDATA[From cyber attacks across the geopolitical landscapes, to product updates that help small businesses, Sophos was there in 2024.]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png?w=230&h=130&crop=1" medium="image" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01" />
<post-id xmlns="com-wordpress:feed-additions:1">958865</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/sophos-wews-blog-banner-year-in-review-1200x628px-01.png" medium="image" alt="sophos-wews-blog-banner-year-in-review-1200x628px-01">
<media:title type="html">sophos-wews-blog-banner-year-in-review-1200x628px-01</media:title>
</media:content>
</item>
<item>
<title>DeepSpeed: a tuning tool for large language models</title>
<link>https://news.sophos.com/en-us/2024/12/13/deepspeed-a-tuning-tool-for-large-language-models/</link>
<dc:creator><![CDATA[gallagherseanm]]></dc:creator>
<pubDate>Fri, 13 Dec 2024 11:30:50 +0000</pubDate>
<category><![CDATA[AI Research]]></category>
<category><![CDATA[deepspeed]]></category>
<category><![CDATA[featured]]></category>
<category><![CDATA[LLM]]></category>
<category><![CDATA[LLM tuning]]></category>
<guid isPermaLink="false">https://news.sophos.com/en-us/?p=958840</guid>
<description><![CDATA[SophosAI’s framework for upgrading the performance of LLMs for cybersecurity tasks (or any other specific task) is now open source. ]]></description>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg?w=230&h=130&crop=1" medium="image" alt="" />
<post-id xmlns="com-wordpress:feed-additions:1">958840</post-id>
<media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg" alt="" />
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited-e1734048709973.jpeg" medium="image" alt="">
<media:title type="html">shutterstock_asset-generation-6dc4f763-f8a7-4dff-a56b-92736d8c8d6c-1_edited</media:title>
</media:content>
<media:content url="https://news.sophos.com/wp-content/uploads/2024/12/Slide1.jpeg" medium="image" alt="" />
</item>
</channel>
</rss>