Atomic macOS Stealer (AMOS) Malware
124 Views

Atomic macOS Stealer (AMOS) Malware

A new variant of the “Atomic macOS Stealer” (AMOS) malware has been identified, posing a significant threat to macOS users by targeting and stealing sensitive data such as passwords, browser history, and cryptocurrency wallets. The malware is sold on the dark web for $1,000 a month, making it accessible to cybercriminals and increasing its potential impact. AMOS uses phishing emails and fake software updates to infiltrate systems. Once inside, it extracts keychain information, passwords stored in browsers, and files like PDFs and Word documents. Users are advised to stay vigilant, avoid downloading unverified files, and update their software regularly to reduce the risk of infection.

For a detailed analysis, visit the original article [here](https://news.sophos.com/en-us/2024/09/06/atomic-macos-stealer-leads-sensitive-data-theft-on-macos/).

Burnt Cigar 2: Scripting the Burning of Your Own Defense
135 Views

Burnt Cigar 2: Scripting the Burning of Your Own Defense

In the recent blog post titled *Burnt Cigar 2: Scripting the Burning of Your Own Defense*, Sophos provides an in-depth analysis of the emerging trend of attackers leveraging legitimate tools to bypass defenses and execute their attacks. The blog dives into how threat actors use automation and scripting to dismantle security defenses in targeted environments, rendering traditional security measures less effective. It emphasizes the need for organizations to move beyond static defenses and adopt more adaptive security models, such as those offered by extended detection and response (XDR) and managed detection and response (MDR) solutions.

To read the full article, visit [Sophos News – Burnt Cigar 2](https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/).

Burnt Cigar 2: Scripting the Burning of Your Own Defense
114 Views

The Evolving Pressure Tactics of Ransomware Gangs

In a recent article by Sophos, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” new strategies used by cybercriminals to pressure victims into paying ransoms are explored. These groups have evolved from simply encrypting data to leveraging extortion techniques, such as threatening to leak sensitive information or damaging a company’s reputation. The article highlights that ransomware gangs increasingly target high-profile organizations, using fear and urgency to coerce payments. By understanding these tactics, businesses can better prepare and implement security measures to mitigate risks.

Read the full article: [Turning the Screws: The Pressure Tactics of Ransomware Gangs](https://news.sophos.com/en-us/2024/08/06/turning-the-screws-the-pressure-tactics-of-ransomware-gangs/)

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
106 Views

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge

In the blog post “Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge,” Sophos emphasizes the importance of using intelligence to outsmart cybercriminals. The article explores how organizations can shift their mindset from reactive to proactive by focusing on cybersecurity education and awareness. With the right knowledge, businesses can better understand the threats they face, utilize detection and response tools, and develop strong defensive strategies to stay ahead of cyberattacks. By leveraging Sophos Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions, companies can transform threat intelligence into action, reducing the risk of breaches.

Read the full article here: [Don’t Get Mad, Get Wise](https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/)

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
133 Views

Qilin Ransomware Caught Stealing Google Chrome Credentials

In a recent discovery, Sophos Labs uncovered that the Qilin ransomware is not only encrypting files but also stealing sensitive credentials stored in Google Chrome. This new behavior signals a broader approach by ransomware operators, combining data theft with encryption for maximum leverage over victims. By accessing stored credentials, attackers can target additional services and accounts, significantly escalating the potential damage.

Qilin’s dual threat model serves as a reminder for organizations to strengthen their cybersecurity measures, with a focus on ransomware resilience and proper credential management. Ensuring Chrome’s password manager is properly secured and limiting the use of stored credentials can mitigate this risk. Additionally, adopting a robust ransomware protection solution and implementing multi-factor authentication (MFA) are essential steps to defend against these evolving tactics.

For more details, read the full article here: [Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome](https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/).

127 Views

Understanding Google Chrome’s Security and Privacy Concerns: A Comprehensive Analysis

Google Chrome is the most popular web browser in the world, used by billions of people across various platforms. Its user-friendly interface, speed, and seamless integration with other Google services make it a top choice for both casual users and businesses alike. However, Chrome has also been the subject of various privacy and security concerns. The browser collects a significant amount of data, integrates with Google’s vast advertising ecosystem, and has a complex relationship with your local system’s data. In this article, we will explore the security and privacy concerns surrounding Google Chrome in depth.

Google Chrome’s Data Collection Practices

One of the primary concerns with Google Chrome is the amount of data it collects from users. While this is not uncommon for a browser, the extent to which Chrome does so—and how it uses this data—raises privacy questions, especially compared to other browsers.

1. Data Collection for Targeted Advertising

Google’s business model is heavily reliant on advertising, and Chrome plays a pivotal role in collecting data for that purpose. Chrome collects user browsing history, search queries, cookies, and more to serve targeted ads. For users signed into their Google account, Chrome can track activity across different devices and sessions. Even when you are not actively signed into Chrome, it can still collect data for Google’s ad ecosystem.

2. Browsing Activity and Data Synchronization

Chrome allows users to sync their data (such as bookmarks, passwords, and browsing history) across devices by logging into their Google account. While convenient, this feature means that a large amount of your personal data is stored on Google’s servers, creating a single point of vulnerability if your Google account is compromised. Moreover, Google can use this data for advertising and personalization, raising further privacy concerns.

3. Telemetry and Background Data Collection

Chrome collects telemetry data in the background, which includes usage statistics, crash reports, and diagnostic information. This data is meant to help Google improve Chrome’s performance, but it also gives the company a vast amount of behavioral information. Even in Incognito Mode, some data—such as DNS lookups and IP addresses—can still be collected. While you can opt-out of some telemetry features, many users may not even be aware of the full extent of the data collected.

Chrome vs. Other Browsers: A Privacy Comparison

Compared to other browsers, Google Chrome tends to collect more data from users, particularly when stacked against privacy-centric browsers like Mozilla Firefox and Brave.

1. Firefox

Mozilla Firefox is a popular alternative to Chrome, especially among privacy-conscious users. Firefox collects minimal telemetry data and is transparent about its data practices. Mozilla’s Enhanced Tracking Protection (ETP) feature blocks third-party trackers by default, giving users more privacy while browsing. Unlike Google, Mozilla’s business model is not centered around advertising, reducing the incentive to collect user data. Additionally, users can disable most telemetry settings in Firefox.

2. Brave

Brave is another browser designed with privacy in mind. By default, Brave blocks all ads, trackers, and third-party cookies. It even provides users with built-in tools to improve their privacy, such as Tor integration for anonymous browsing. Brave uses a privacy-respecting ad model, where users are paid to view non-tracking ads, significantly reducing data collection. Compared to Chrome, Brave is much more aligned with user privacy, ensuring minimal data collection without affecting browsing performance.

3. Apple Safari

Apple’s Safari browser is well-known for its strong focus on privacy. Safari employs features like Intelligent Tracking Prevention (ITP) to reduce the ability of advertisers to track users across different websites. Apple does not use user data for advertising, and while some telemetry data is collected for performance optimization, it’s significantly less than what Chrome gathers.

Google Chrome’s Interaction with the Local System

While Google Chrome primarily collects browsing data, there are certain ways the browser interacts with the local system that can also raise security and privacy concerns.

1. Accessing Local Files

Google Chrome allows users to upload files to websites, and while doing so, it interacts with your local file system. However, Chrome only has access to the files that you explicitly choose to upload. It cannot browse your system or access other files without your permission. Similarly, Chrome can open local files using the `file://` URL, but this data is not transmitted to Google unless you upload the files to a service.

2. Permissions for System Resources

Chrome may request access to specific system resources, such as your camera, microphone, or location. These permissions are granted on a per-site basis, and you can manage or revoke them at any time. However, granting these permissions gives websites significant control over your system resources, so it’s important to be cautious about which sites you allow to access sensitive data.

3. Extensions and Plugins

Extensions and plugins can significantly enhance Chrome’s functionality, but they can also introduce security risks. Extensions are granted specific permissions, and some can access your browsing history, local storage, or interact with system files. While Google vets extensions in the Chrome Web Store, malicious or poorly designed extensions could collect personal data without your knowledge. It is critical to review the permissions granted to each extension and uninstall any that seem suspicious or unnecessary.

System-Level Data Collected by Chrome

In addition to interacting with your local file system, Chrome can collect certain types of system-level information to optimize your browsing experience.

1. Hardware and Software Information

Chrome collects details about your device, such as the operating system, browser version, screen resolution, installed fonts, and hardware information (like the type of graphics card). While this data helps optimize the browsing experience, it can also be used for tracking purposes, such as “browser fingerprinting,” where websites use this data to uniquely identify your device.

2. Browser Cache and Local Storage

Chrome stores temporary data, such as cached pages, images, and cookies, on your local system to improve loading speeds and overall performance. Websites can also store data locally using cookies, local storage, or indexed databases. While this data resides on your system, it can be accessed by the websites that stored it, and Google can collect cookies from websites associated with its services.

Chrome’s Role in Potential Security Vulnerabilities

Though Chrome is designed with strong security features, no browser is immune to vulnerabilities. Chrome’s popularity makes it a target for malicious actors who might attempt to exploit security flaws, especially through the use of malicious extensions or social engineering attacks.

1. Extensions as a Security Weakness

While Chrome extensions can provide useful features, they also represent a significant security risk if they come from untrusted sources. Extensions that request excessive permissions can collect sensitive data, or even access local files if granted the right permissions. Although Google reviews extensions, malicious ones have occasionally slipped through, leading to data breaches and other security issues.

2. Malware Exploiting Chrome

In rare cases, malware or exploits may target Chrome to gain access to your local system’s files or manipulate browser behavior. However, such attacks typically require users to install malicious software or visit compromised websites. Chrome’s sandboxing technology helps limit the damage that malware can do, but vigilance is still required to avoid these threats.

Conclusion: Balancing Chrome’s Features with Security Concerns

Google Chrome offers a fast, feature-rich browsing experience with excellent integration into the broader Google ecosystem. However, its data collection practices and interaction with your local system raise valid concerns for users who prioritize privacy and security.

While Chrome collects more data compared to privacy-centric browsers like Firefox or Brave, there are ways to mitigate some of these concerns:

  • Manage and review browser permissions regularly.
  • Be cautious with extensions and plugins, ensuring they are from trusted sources.
  • Limit the amount of data synced with Google by adjusting your sync settings.
  • Consider privacy-focused alternatives for tasks where privacy is a priority.

For those looking for a more private browsing experience, switching to browsers like Firefox, Brave, or even Safari may be a good option. Each offers a unique approach to balancing usability with enhanced privacy, making them suitable alternatives for users who want more control over their data.

In the end, the choice of browser depends on how much you value privacy versus the convenience offered by Chrome’s robust feature set and integration with Google services. Understanding how Chrome collects and uses data is the first step toward taking control of your online privacy and security.

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
217 Views

G2 Names Sophos a Leader for Endpoint Protection, EDR, XDR, Firewall, and MDR

G2 has recognized Sophos as a leader in several cybersecurity categories, including Endpoint Protection, EDR, XDR, Firewall, and MDR, based on user reviews. Sophos’ solutions received high ratings for their effectiveness, ease of use, and robust customer support, highlighting the company’s commitment to providing comprehensive and reliable cybersecurity services.

Read the full article

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge

Microsoft Rolls Out The Largest CVE Count In Recent History

The Impact of Organizational Structure on Cybersecurity Outcomes**

A recent study by Sophos analyzed the impact of different organizational structures on cybersecurity outcomes based on a survey of 3,000 IT and cybersecurity professionals across 14 countries. The study identified three models of organizational structure:

  1. Separate IT and cybersecurity teams.
  2. A dedicated cybersecurity team within the IT organization.
  3. The IT team managing cybersecurity without a dedicated cybersecurity team.

Key Findings:

  • Organizations with a dedicated cybersecurity team within the IT department (Model 2) reported the best overall cybersecurity outcomes.
  • Separate IT and cybersecurity teams (Model 1) experienced the poorest outcomes, with higher rates of ransomware attacks and higher ransom payments.
  • Effective cybersecurity operations are closely linked to the integration of IT and cybersecurity functions, highlighting the importance of collaboration between these teams.
  • Investment in cybersecurity skills and capacity is crucial, as organizations lacking essential skills struggle regardless of their structural model.

Cyber Insurance and Cyber Defenses

Sophos’ research on cyber insurance and defenses emphasizes the interconnected nature of cyber risk management. The survey of 5,000 IT leaders revealed that:

  • Cyber insurance adoption is widespread, with 90% of mid-market organizations having some form of coverage.
  • Investments in cyber defenses not only improve protection but also enhance the organization’s insurance position, leading to better coverage terms and lower premiums.
  • Misalignment between business needs and policy coverage is a common issue, underscoring the importance of involving all stakeholders in the policy selection process.
  • Insurers generally pay out on claims, but policies often do not cover the full cost of cyber incidents, primarily due to policy limits being exceeded.

The State of Cybersecurity 2023

Sophos’ 2023 report highlights the significant impact of cyber threats on businesses, based on a survey of 3,000 professionals. Key insights include:

  • The frequency and types of cyberattacks have evolved, with ransomware and data theft being prominent threats.
  • Advanced threats and alert fatigue are common challenges, requiring effective and proactive cybersecurity measures.
  • The report provides recommendations for improving cybersecurity defenses and reducing the financial and operational impact of cyber incidents.

2024 Security Threat Report

The Sophos 2024 Threat Report focuses on the evolving threat landscape, particularly for small businesses. Key points include:

  • A shift in malware focus towards data theft, with spyware and password stealers being prevalent.
  • Increasing sophistication in social engineering tactics.
  • The importance of understanding and mitigating vulnerabilities to combat the growing threats posed by cybercrime-as-a-service.

These insights collectively underscore the critical importance of strategic investments in cybersecurity defenses, the integration of IT and cybersecurity functions, and the necessity of aligning cyber insurance policies with organizational needs to enhance overall cybersecurity outcomes.

For more detailed insights, you can read the full reports on the [Sophos News and [Sophos] websites.

The detailed Sophos article can be found here: A tumultuous, titanic Patch Tuesday as Microsoft makes some changes

Burnt Cigar 2: Scripting the Burning of Your Own Defense

Understanding the CrowdStrike Global Outage: Insights and Guidance from Sophos

Analyzing the Incident and Addressing Key Questions for Customers and Partners

On July 19, 2024, a “content update” issued by CrowdStrike for its Falcon endpoint agent on Windows devices led to significant disruptions across various industries worldwide, including travel, banking, healthcare, and retail.

What Happened?

Cyber threats often exploit large-scale disruptions. In this post, we aim to clarify what happened during the CrowdStrike incident and address key questions from our customers and partners, referencing the original insights provided by Sophos.

Our collective mission in the cybersecurity industry is to safeguard organizations from attacks. Despite commercial competition, we stand united against cybercriminals. We extend our support to CrowdStrike and wish all affected organizations a swift recovery.

Cybersecurity is a complex and fast-evolving field. As Joe Levy, CEO of Sophos, noted on LinkedIn, “For those of us deeply involved in kernel operations, such incidents can happen despite all precautions, and no system is ever 100% immune.”

Incident Overview

  • Nature of the Incident: This was not a result of a security breach or cyberattack at CrowdStrike.
  • Impact on Availability: Although not a security incident, the disruption affected system availability, marking it as a cybersecurity issue.
  • Cause: The blue-screen-of-death (BSOD) on Windows machines was triggered by a product “content” update rolled out to CrowdStrike customers.
  • Affected Systems: Organizations using CrowdStrike Falcon agents on Windows systems were impacted. Linux and macOS devices remained unaffected.
  • Resolution: CrowdStrike identified the problematic update and reverted it. They have provided remediation guidance to their customers.

Understanding “Content” Updates

This incident stemmed from a typical product “content” update to CrowdStrike’s endpoint security software—a routine procedure for enhancing protection logic against emerging threats. Such updates are common across many cybersecurity providers, including Sophos. However, unexpected issues can occur, as demonstrated in this case.

CrowdStrike’s Response

CrowdStrike has issued a statement with remediation guidance, available on their website:
[CrowdStrike Falcon Content Update Remediation and Guidance Hub](https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)

Vigilance Against Cybercriminals

It’s crucial to remain vigilant, as cybercriminals may exploit this situation through malicious domains and phishing campaigns. Always verify communication with authorized CrowdStrike representatives.

Impact on Sophos Customers

Sophos customers using their endpoint protection solutions, including Sophos Endpoint with Sophos XDR or Sophos MDR, were not affected by the CrowdStrike incident. A small number of customers using the Sophos “XDR Sensor” agent alongside CrowdStrike Falcon might have experienced some impact.

Sophos’ Mitigation Strategies

According to Sophos, they continually update their endpoint protection products and release regular content updates to counter evolving threats. Their processes, honed over three decades, minimize the risk of customer disruption, although this risk is never entirely eliminated.

Sophos’ Update Procedures

  1. Testing: All updates undergo rigorous testing in internal quality assurance environments.
  2. Internal Deployment: Updates are first rolled out to all Sophos employees and infrastructure.
  3. Gradual Customer Deployment: Once internal testing is successful, updates are gradually released to customers in stages, monitored through real-time telemetry.
  4. Rollback Capability: If issues arise, the affected systems are limited, and quick rollback is possible.

Customer Control Options

Sophos customers can manage endpoint product updates using update management policy settings, including options for Recommended (Sophos-managed), Fixed-term support, and Long-term support, with customizable scheduling.

### Ensuring Quality and Security

All content updates are tested and reviewed to meet quality standards before production release. Sophos adheres to a secure development lifecycle, detailed in the Sophos Trust Center. Further information on their development principles for Sophos Endpoint is available in their knowledgebase.

By maintaining stringent quality controls and continuous improvement, Sophos strives to protect its customers and stay ahead in the cybersecurity landscape. For more detailed insights, you can refer to Sophos’ original article on this topic.

Finite Technologies is a Sophos Reseller contact us if you would like more information on hos Sophos Integrate suite of security products can protect your business.

How GPT Search Will Revolutionize the Internet and Challenge Google's Dominance

Beyond Google: Exploring Alternative Search Engines for Privacy and Unbiased Results

Beyond Google: Exploring Alternative Search Engines for Privacy and Unbiased Results

In the digital age, search engines have become the gateways to the internet, providing answers to our queries, directions to websites, and much more. Among these, Google has long stood as the colossus, guiding billions of users in their online explorations. However, growing concerns over privacy, data sharing, and the quality of search results have led many to seek alternatives. In this comprehensive exploration, we delve into the world of alternative search engines, focusing on privacy-centric options like Brave and DuckDuckGo, the emerging market for paid search engines, and the advantages of subscription-based models over ad-supported ones. We also examine the privacy concerns associated with Google, particularly its relationship with Amazon and the impact on search result quality.

The Privacy-Centric Alternatives: Brave and DuckDuckGo

Brave Search

Brave, primarily known for its privacy-focused browser, has ventured into the search engine domain with Brave Search. Aimed at providing an ad-free experience, Brave Search emphasizes user privacy and does not track or profile its users. It uses its own indexing to deliver search results, striving for independence from the large tech entities that dominate the internet. Brave Search offers an ad-supported version and a paid, ad-free option, catering to users’ desire for privacy and unfiltered content.

DuckDuckGo

DuckDuckGo has been a pioneer in privacy-respecting search, operating on the principle that personal data should remain private. It doesn’t store search histories, doesn’t track users across the web, and it anonymizes search results to prevent targeted advertising. DuckDuckGo integrates with hundreds of sources and its own crawler to produce a comprehensive and varied search experience without compromising user privacy.

The Rise of Paid Search Engines

In response to growing dissatisfaction with ad-heavy and biased search results, there has been a rise in paid search engines. These platforms offer an ad-free experience, focusing on delivering quality search results without the influence of advertisers. Subscribers pay a fee, eliminating the need for data selling or advertising revenue. This model ensures that the search engine’s primary focus is on user satisfaction and high-quality results, rather than on maximizing clicks and ad revenue.

Advantages of Paid Search Engines

  • Privacy: By relying on subscription fees, paid search engines eliminate the need to collect and sell user data, offering a more private search experience.
  • Quality Over Quantity: These engines prioritize relevant and high-quality search results over sponsored content, reducing clutter and improving the overall user experience.
  • Transparency: Subscription-based models often come with a higher level of transparency about how the search engine operates, including how results are ranked.

Addressing Privacy Concerns: The Google Conundrum

Google’s business model relies heavily on data collection and advertising revenue, raising significant privacy concerns. The search giant tracks searches, location data, and browsing activity to build detailed user profiles for targeted advertising. This practice has raised questions about user privacy and the control individuals have over their online information.

Google’s Relationship with Amazon

A notable concern is Google’s relationship with major online retailers like Amazon. Many have observed that Google’s search results tend to favor Amazon listings, even when better or more relevant options exist elsewhere on the web. This can be attributed to the lucrative advertising revenue from Amazon and the competitive advantage it provides in the search market. However, this practice can limit the visibility of smaller retailers and skew the natural discovery of information, pushing users towards a monopolized online shopping experience.

Conclusion: Embracing Alternatives for a Healthier Internet

The dominance of Google has shaped the internet in profound ways, but the growing concerns over privacy, data sharing, and biased results are pushing users to explore alternatives. Privacy-centric options like Brave and DuckDuckGo offer a breath of fresh air for those wary of being tracked online. Meanwhile, the emergence of paid search engines signals a demand for quality, unbiased search results free from the influence of advertisers.

As we navigate the vast digital landscape, the choice of search engine becomes more than just a preference; it’s a statement on privacy, data ownership, and the quality of information. By considering alternatives to Google, users can take a step towards a more private, unbiased, and diverse internet experience.