Security Bulletin

Our take on what happened and answers to key questions from Sophos customers and partners

Roughly one fifth of enterprise IT administrators have found themselves the target of a state-sponsored attack.

Researchers say "LianSpy" malware has been in use in a covert data gathering operation that's gone undetected for at least three years.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

In the cloud, patches disseminate automatically. On your computer, you get notified. IoT devices, meanwhile, can escape attention for years on end.

Though TikTok is expected to adhere to certain COPPA-outlined measures, the social media giant has failed to meet those expectations, the Feds allege.

The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.

App developers can expect the government to crack down on companies that violate privacy rights – especially apps targeted towards children.

The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.

Researchers from Graz University of Technology showed how the vulnerability worked across nine CVEs.

Check out all the IOS XE sessions from the recent Cisco Live in Las Vegas. Topics include getting started with Cisco IOS XE programmability and automation, tooling with YANG Suite and Terraform, and open-source solutions for Model Driven Telemetry.

With its investment in Aliro, Cisco’s Aspire Fund delivers on the promise to invest in underrepresented founders and build a more diverse and inclusive technology community.