Cybersecurity
Sophos’ Secure by Design 2025 Progress
In 2024, we became one of the first organizations to commit to CISA’s Secure by Design initiative. Aligned with our core organizational values around transparency, Secure by Design has been a guiding force as we continually evaluate and improve our security practices. We recently passed the one-year anniversary of publishing our pledges for improvement and…
The hidden risks of browser extensions – and how to avoid them
Not all browser add-ons are handy helpers – some may contain far more than you have bargained for 29 Jul 2025 • , 4 min. read What would we do without the web browser? For most of us, it’s our gateway to the digital world. But browsers are such a familiar tool today that we’re…
How the Browser Became the Main Cyber Battleground
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can…
Phishers Target Aviation Execs to Scam Customers – Krebs on Security
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. Image:…
7 Security-Praktiken zum Abgewöhnen
Aus der Zeit gefallen? Sergio Delle Vedove | shutterstock.com Schlechte Angewohnheiten abzustellen (oder bessere zu entwickeln), ist ein Prozess, der Geduld, Selbstbeherrschung und Entschlossenheit erfordert. Das gilt sowohl auf persönlicher als auch auf Security-technischer Ebene. In diesem Artikel haben wir sieben Sicherheitspraktiken für Sie zusammengestellt, deren Haltbarkeitsdatum schon eine ganze Weile abgelaufen ist. 1. Perimeter-Sicherheit…
How to implement security control rationalization | TechTarget
Cybersecurity complexity is continuously compounded with the adoption of new security controls, point products and platforms — an issue that ironically creates more vulnerabilities than it solves. In research from Enterprise Strategy Group, now part of Omdia, 37% of respondents said their organization uses more than 26 security products, with 10% of those saying they…
On-Premise vs SaaS Data Annotation Platforms Compared
Choosing between an on-premises and SaaS data annotation platform affects more than just how you label data. It shapes your team’s workflow, budget, and ability to manage sensitive information. With AI models demanding ever-larger and more accurate datasets, selecting the right approach matters. This article compares both options (on-premises and SaaS) and explains when each…
Storm-2603 spotted deploying ransomware on exploited SharePoint servers – Help Net Security
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have been spotted exploiting a zero-day variant (CVE-2025-53770) of a SharePoint vulnerability (CVE-2025-49706) that the…
Five fundamentals for a cyber-resilient future
Cybercriminals are getting faster at exploiting security gaps. The median dwell time observed by Sophos in the past year was a short two days. Keeping pace with these agile threat actors leaves little room for forward thinking, but decisions made today will shape your organization’s ability to respond to tomorrow’s threats. The strategies below will…
When IT meets OT: Cybersecurity for the physical world
While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat 14 Mar 2025 • , 4 min. read Amid all the high-profile data breaches and ransomware attacks on IT systems in recent years, the threat to business-critical operational technology (OT) is still often underestimated….