Sophos in the news: Coinbase phished, Firefox pwned, and a big CRN award for our Partner Program

Sophos-in-the-newsThis was a big week for prizes. We scored another big award for our Partner Program, which earned a five-star rating from CRN in its annual Partner Programs Guide.

Meanwhile, some security researchers won close to a million dollars in prize money at the PWN2OWN contest for successfully hacking all of the major web browsers with new exploits.

And proving that some prizes are a curse disguised as a blessing, a widespread spam email campaign blasted out last week claimed that recipients had received an unsolicited deposit of Bitcoins to their online account. Oh, really? Free money? It turns out it was a phishing attack aimed at stealing user credentials for Coinbase, a San Francisco-based Bitcoin bank.

Phishers go after Coinbase

Some clever cybercriminals decided to go phishing for users of the online Bitcoin bank Coinbase, blasting out spam hoping to find people who would believe the email’s claim that they have received a deposit in their Coinbase account.

The emails include a link to a phony site copied from the real Coinbase.com. If you go to the phishing site, a login screen pops up asking for your username and password, which the cybercriminals will gladly use to steal all your Bitcoins.

A writer at the online magazine Slate.com was among the recipients of the Coinbase phishing email, and asked Sophos Senior Security Adviser Chester Wisniewski to chime in on why this phish shouldn’t be believed.

“Why are you randomly, unexpectedly being given money? How often does that happen? Even if you want to believe it is true (it never is), the correct course of action to verify the transaction is to go to the site claiming to have emailed you … never click a link in an unsolicited message,” Chet tells Slate in an email.

At least, we think it was Chet.

PWN2OWN contest makes a meal out of web browsers

Dell and Google shelled out some big prize money last weekend at the annual PWN2OWN contest at the CanSecWest conference in Vancouver. The IT wizards who enter the contest compete to find vulnerabilities in the newest versions of popular web browsers and other software. In exchange for the prize money the contestants agree to report the bugs directly to the vendors.

Paul Ducklin, Sophos senior security analyst, reports at Naked Security that the sponsors ended up paying out $850,000 of the $1,085,000 prize money pool. Researchers from a French company Vupen were the top takers with $400,000 in prize money.

This year’s big target was Firefox, which got “pwned” (in the Internet parlance for getting owned) in four separate vulnerabilities. Nevertheless, Mozilla fixed the vulnerabilities straight away in Firefox 28.0.

It wasn’t just Firefox that got pwned though, so don’t jump to conclusions about Firefox’s security, our experts say. Chrome, Internet Explorer 11, and Safari were also exploited at least once in the PWN2OWN contest. The whitehat hackers also exploited new vulnerabilities in Adobe Flash and Adobe Reader. Only Oracle Java was left standing, with no successful exploits against it.

Sophos wins 5-Star rating from CRN Partner Programs Guide

And speaking of prizes, we were given 5 Stars by CRN in the 2014 Partner Programs Guide. The annual Partner Programs Guide evaluates vendors based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support and communication.

Robert Faletra, CEO of The Channel Company, says a 5-Star rating recognizes “the very best channel programs available in the market today.”

Find out more about our award-winning Partner Program at sophos.com/partners.

60 Second Security: Phone spyware, Mac security, and WhatsApp privacy

Paul Ducklin reviews the news of the week in just 60 seconds.

Keep up with Sophos news

You can get all the latest Sophos related news right here. Sign up for our Sophos Blog newsletter by filling in your email address at the top right of the blog’s webpage. Follow us on your favorite social media networks, chat with us in our forums, download our informative podcasts, and sign up for our RSS feeds.

Leave a Reply

Your email address will not be published. Required fields are marked *