Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scanning the Threat: Why Aerospace Relies on Laser Inspection

Aviation travel demands absolute safety records for every single commercial flight across the globe. Microscopic flaws inside an airplane fuselage can quickly grow into catastrophic hazards under heavy atmospheric pressure at high altitudes. Maintenance crews must track these hidden structural issues constantly to safeguard passengers on their daily journeys.

WantToCry ransomware remotely encrypts files

SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.

Sophos Firewall Config Studio: Migrate to Sophos Firewall

A step-by-step tutorial on using Config Studio to convert configurations from supported third-party firewalls and import them into Sophos Firewall. Learn how to review migration results, fix flagged issues, and complete the process with confidence. Ask questions and get expert answers in the Sophos Community.

Provably better data

Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.

How Bot Detection Services Protect Your Website from Malicious Traffic

Bot detection services are specialized tools designed to differentiate human users from automated bots on websites and applications. Their core function is to prevent malicious activities such as credential stuffing, fake account creation, scraping, and spam by verifying legitimate user behavior. Effective bot detection helps maintain security, protect user data, and ensure reliable site performance.

Sophos Email: Configure Self Service Portal for end-users

A step-by-step tutorial showing you how to grant access to and configure the Sophos Central Self Service Portal (SSP) for end-users. This web interface allows end-users to perform daily tasks related to email management and more (depending on the configuration) without the need of an administrator. Ask questions and get expert answers in the Sophos Community.

10 Cybersecurity Threats Every Organization Should Know

Most attacks do not start with malware. They mostly start with access. Attackers find new ways to steal credentials, which they then use to gain unauthorized access. They also use legitimate tools to gain access to systems without triggering alerts. To repeat their actions across environments, they make use of automation. Modern attacks, such as phishing, ransomware, zero-day exploits, and insider threats, target both systems and users.

Why AMOS matters: The macOS malware stealing data at scale

Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Sophos Managed Detection and Response (MDR) teams recently responded to a customer incident involving an infostealer infection on a macOS host. When we investigated, we found that the infostealer appeared to be a variant of AMOS (Atomic macOS), a well-known malware family we’ve written about before. The attack began with a ClickFix-style ruse, where a user was tricked into running a terminal command.

Data quality defines a ceiling for SOC performance

Defenders have long known that richer evidence improves security outcomes by enabling faster triage, deeper analysis, and more complete investigation. Although Corelight was founded on this premise, it’s been hard for us to quantify the impact of better network data - until now. Recently, we built an agentic test harness to measure the success of frontier LLMs in responding to real-world attack scenarios, using a range of source data.