March 28, 2025

Stealing user credentials with evilginx

A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope

Security OperationsThreat Research

March 20, 2025

The future of MFA is clear – but is it here yet?

Not all authentication is equal to the task in 2025, but there is a best choice within reach

Threat Research

October 02, 2024

Cybersecurity Awareness Month: A timely reminder to review your security posture

Explore four pressing cybersecurity challenges organizations face in 2024 and how to overcome them

Products & Services

August 23, 2023

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders

A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace

Threat Research

September 22, 2022

S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]

Latest episode - listen now! Learn why adopting 2FA isn't a reason to relax your other security precautions...

Naked Security

July 16, 2021

Hindsight #1: Enforce MFA for system administration and security consoles

Hindsight security: things breach victims wish they had done

Products & Services

June 28, 2021

What IT security teams can learn from the Colonial Pipeline ransomware attack

Security Operations

May 05, 2020

Protecting the Cloud: Securing access to public cloud accounts

How Sophos Cloud Optix helps you secure access to your AWS, Azure and Google Cloud Platform accounts.

Products & Services

April 29, 2020

Twitter turns off SMS-based tweeting in most countries

Buh-bye, original way of tweeting. Twitter said it's to keep our accounts safe, referring to unspecified SMS-enabled vulnerabilities.

Naked Security