Tag: sophos
-
You do surprise me.exe: An unexpected executable in Hola Browser
You do surprise me.exe: An unexpected executable in Hola Browser <p>Following a certification test, Sophos X-Ops found an unexpected guest had hitched a ride</p> Categories: Threat Research Tags: Crypto mining, Supply chain Go to sophos
-
Pointing a Cursor at evading detection
Pointing a Cursor at evading detection AI accelerated tool development and testing, but humans drove the workflow Categories: Threat Research Tags: AI, EDR Go to sophos
-
GitHub internal repositories breached
GitHub internal repositories breached <p>A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum</p> Categories: Threat Research Tags: GitHub, Supply chain Go to sophos
-
WantToCry ransomware remotely encrypts files
WantToCry ransomware remotely encrypts files Brute-force attempts against SMB services can be early signs of an attack Categories: Threat Research Tags: Ransomware, WantToCry, SMB Go to sophos
-
Why AMOS matters: The macOS malware stealing data at scale
Why AMOS matters: The macOS malware stealing data at scale <p>Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities</p> Categories: Threat Research Tags: MacOS, AMOS, infostealer Go to sophos
-
May’s Patch Tuesday hauls out 132 CVEs
May’s Patch Tuesday hauls out 132 CVEs With advisories, this month’s count approaches 300 – though many are already in place Categories: Threat Research, X-ops Tags: Patch Tuesday, MICROSOFT PATCH TUESDAY Go to sophos
-
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
Inside the lethal trifecta: Blast radius reduction in AI agent deployments <p>Seven things security teams can start doing today to reduce risk</p> Categories: Threat Research Tags: AI, CISO, risk Go to sophos
-
Donuts and Beagles: Fake Claude site spreads backdoor
Donuts and Beagles: Fake Claude site spreads backdoor <p>A malicious imitation of Anthropic’s Claude site leads to DLL sideloading – and a backdoor</p> Categories: Threat Research Tags: Claude, Beagle, Backdoor, malvertising, AI, DONUT, DLL sideloading, Sophos X-Ops Go to sophos
-
Proof-of-concept exploit available for Linux ‘Copy Fail’ vulnerability (CVE-2026-31431)
Proof-of-concept exploit available for Linux ‘Copy Fail’ vulnerability (CVE-2026-31431) Categories: Threat Research Tags: advisory, Linux, Copy Fail Go to sophos
-
‘Mini Shai-Hulud’ supply chain attack targets SAP npm packages
‘Mini Shai-Hulud’ supply chain attack targets SAP npm packages Categories: Threat Research Tags: advisory, NPM, SAP Go to sophos
-
Supply chain attacks hit Checkmarx and Bitwarden developer tools
Supply chain attacks hit Checkmarx and Bitwarden developer tools Two supply chain attacks, same day, same command-and-control domain Categories: Threat Research Tags: Supply chain, Sophos X-Ops, pipeline, Bitwarden, Checkmarx Go to sophos
-
Strengthening authentication with passkeys: A CISO playbook
Strengthening authentication with passkeys: A CISO playbook Our passkey rollout took three tries. Here’s a playbook to make your implementation smoother. Categories: Security Operations Tags: CISO, playbook, toolkit, passkeys Go to sophos
-
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday Following a long-established pattern, the fourth month of the year is one of the cruelest Categories: X-ops, Threat Research Tags: Patch Tuesday Go to sophos
-
QEMU abused to evade detection and enable ransomware delivery
QEMU abused to evade detection and enable ransomware delivery The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment Categories: Threat Research Tags: virtual machine, QEMU, PayoutsKing, GOLD ENCOUNTER, CitrixBleed2 Go to sophos
-
We let OpenClaw loose on an internal network. Here’s what it found
We let OpenClaw loose on an internal network. Here’s what it found <p>Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks</p> Categories: Threat Research Tags: OpenClaw, LLM, AI, penetration testing, Red Team, CISO, Sophos X-Ops Go to sophos
-
Axios npm package compromised to deploy malware
Axios npm package compromised to deploy malware Categories: Threat Research Tags: advisory, NPM, Axios Go to sophos
-
Incident responders, s’il vous plait: Invites lead to odd malware events
Incident responders, s’il vous plait: Invites lead to odd malware events <p>A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway?</p> Categories: Threat Research Tags: STAC6405, infostealer, RMM, Phishing Go to sophos
-
NICKEL ALLEY strategy: Fake it ’til you make it
NICKEL ALLEY strategy: Fake it ’til you make it Victimizing software developers via fake companies, jobs, and code repositories to steal cryptocurrency Categories: Threat Research Tags: NICKEL ALLEY, Contagious Interview, North Korea, clickfix Go to sophos
-
Android devices ship with firmware-level malware
Android devices ship with firmware-level malware Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud Categories: Threat Research Tags: Android, Keenadu Go to sophos
-
Initial access techniques used by Iran-based threat actors
Initial access techniques used by Iran-based threat actors Analysis of attacks originating from Iran-linked threat groups reveals a preference for certain techniques Categories: Threat Research Tags: Iran, initial access Go to sophos
-
March Patch Tuesday visits 15 product families
March Patch Tuesday visits 15 product families Eight Critical-severity bugs – none in Windows – appear in 84-CVE haul Categories: Threat Research Tags: Patch Tuesday, x-ops, Microsoft, Windows, detection Go to sophos
-
Evil evolution: ClickFix and macOS infostealers
Evil evolution: ClickFix and macOS infostealers <p>Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers</p> Categories: Threat Research Tags: MacOS, infostealer, clickfix, MacSync, Social engineering Go to sophos
-
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies Rising tensions have sparked an increase in regional hacktivist activity, but impact has been minimal Categories: Threat Research Tags: hacktivism, Iran, israel, Operation Epic Fury Go to sophos
-
Cyber Advisory: Increased Cyber Risk Amid U.S.–Israel–Iran Escalation
Cyber Advisory: Increased Cyber Risk Amid U.S.–Israel–Iran Escalation <p>Insights and recommended defensive measures from Sophos X-Ops Counter Threat Unit</p> Categories: Security Operations Tags: Sophos CTU, Iran, Operation Epic Fury Go to sophos
-
Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation
Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation Categories: Threat Research Tags: advisory, vulnerability, SD-WAN Go to sophos
-
Nowhere, man: The 2026 Active Adversary Report
Nowhere, man: The 2026 Active Adversary Report <p>AI headline hype didn’t deliver a sea change for practical defense — but one below-the-radar development should</p> Categories: Security Operations, Threat Research Tags: Active Adversary, Active Adversary Report Go to sophos
-
February’s Patch Tuesday assumes battle stations
February’s Patch Tuesday assumes battle stations Just 58 CVEs to spar with in February, but plenty are already under attack Categories: Threat Research, X-ops Tags: Patch Tuesday, Microsoft, Windows Go to sophos
-
Threat Intelligence Executive Report – Volume 2025, Number 6
Threat Intelligence Executive Report – Volume 2025, Number 6 This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during September and October Categories: Threat Research Tags: EDR killer, infostealer, Ransomware Go to sophos
-
The OpenClaw experiment is a warning shot for enterprise AI security
The OpenClaw experiment is a warning shot for enterprise AI security Go to sophos
-
From Security Operations to Security Leadership: Sophos CISO Advantage
From Security Operations to Security Leadership: Sophos CISO Advantage Go to sophos
-
Malicious use of virtual machine infrastructure
Malicious use of virtual machine infrastructure Go to sophos
-
Eeny, meeny, miny, moe? How ransomware operators choose victims
Eeny, meeny, miny, moe? How ransomware operators choose victims Go to sophos
-
Microsoft Office vulnerability (CVE-2026-21509) in active exploitation
Microsoft Office vulnerability (CVE-2026-21509) in active exploitation Go to sophos
-
Beyond MFA: Building true resilience against identity-based attacks
Beyond MFA: Building true resilience against identity-based attacks Go to sophos
-
Generative AI and cybersecurity: What Sophos experts expect in 2026
Generative AI and cybersecurity: What Sophos experts expect in 2026 Go to sophos
-
TamperedChef serves bad ads with infostealers as the main course
TamperedChef serves bad ads with infostealers as the main course Go to sophos
-
Year in Review 2025: The major headlines and moments from Sophos this year
Year in Review 2025: The major headlines and moments from Sophos this year Go to sophos
-
Human-in-the-loop security will define 2026: Predictions from Sophos experts
Human-in-the-loop security will define 2026: Predictions from Sophos experts Go to sophos
-
5 ways your firewall can keep ransomware out and lock it down if it gets in
5 ways your firewall can keep ransomware out and lock it down if it gets in Go to sophos
-
I am not a robot: ClickFix used to deploy StealC and Qilin
I am not a robot: ClickFix used to deploy StealC and Qilin Go to sophos
-
Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations
Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations Matt Wixey Go to sophos
-
GOLD SALEM tradecraft for deploying Warlock ransomware
GOLD SALEM tradecraft for deploying Warlock ransomware Analysis of the tradecraft evolution across 6 months and 11 incidents Mindi McDowell Go to sophos
-
React2Shell flaw (CVE-2025-55182) exploited for remote code execution
React2Shell flaw (CVE-2025-55182) exploited for remote code execution The availability of exploit code will likely lead to more widespread opportunistic attacks Mindi McDowell Go to sophos
-
A big finish to 2025 in December’s Patch Tuesday
A big finish to 2025 in December’s Patch Tuesday A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up Angela Gunn Go to sophos
-
Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation
Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation. rajansanhotra Go to sophos
-
Inside Shanya, a packer-as-a-service fueling modern attacks
Inside Shanya, a packer-as-a-service fueling modern attacks The ransomware scene gains another would-be EDR killer Gabor Szappanos Go to sophos
-
Sharpening the knife: GOLD BLADE’s strategic evolution
Sharpening the knife: GOLD BLADE’s strategic evolution Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment Mindi McDowell Go to sophos
-
Introducing Sophos Intelix for Microsoft Security Copilot
Introducing Sophos Intelix for Microsoft Security Copilot Elevating threat intelligence for all Security Copilot users. Doug Aamoth Go to sophos
-
Introducing Sophos Intelix for Microsoft 365 Copilot
Introducing Sophos Intelix for Microsoft 365 Copilot Bringing Sophos threat intelligence directly into Microsoft 365 Copilot. Doug Aamoth Go to sophos
-
WhatsApp compromise leads to Astaroth deployment
WhatsApp compromise leads to Astaroth deployment Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence Mindi McDowell Go to sophos
-
Advancing Cybersecurity for Microsoft Environments
Advancing Cybersecurity for Microsoft Environments From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats. Sally Adam Go to sophos
-
November Patch Tuesday does its chores
November Patch Tuesday does its chores A cleanup month brings 63 patches… wait, no, 68… how about 61? Angela Gunn Go to sophos
-
Detecting fraudulent North Korean hires: A CISO playbook
Detecting fraudulent North Korean hires: A CISO playbook Has a North Korean threat actor applied for a position at your organization, or even been hired? We’re sharing a toolkit to help you detect and avoid that risk. Ross McKerchar Go to sophos
-
Phake phishing: Phundamental or pholly?
Phake phishing: Phundamental or pholly? Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy Ross McKerchar Go to sophos
-
BRONZE BUTLER exploits Japanese asset management software vulnerability
BRONZE BUTLER exploits Japanese asset management software vulnerability The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932) mindimcdowell Go to sophos
-
Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data
Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code mindimcdowell Go to sophos
-
Threat Intelligence Executive Report – Volume 2025, Number 5
Threat Intelligence Executive Report – Volume 2025, Number 5 This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August mindimcdowell Go to sophos
-
October Patch Tuesday beats January ’25 record
October Patch Tuesday beats January ’25 record Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party Angela Gunn Go to sophos
-
F5 network compromised
F5 network compromised On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. The UK National Cyber Security…
-
WhatsApp Worm Targets Brazilian Banking Customers
WhatsApp Worm Targets Brazilian Banking Customers Counter Threat Unit™ (CTU) researchers are investigating multiple incidents in an ongoing campaign targeting users of the WhatsApp messaging platform. The campaign, which started on September 29, 2025, is focused on Brazil and seeks to trick users into executing a malicious file attached to a self-spreading message received from…
-
HeartCrypt’s wholesale impersonation effort
HeartCrypt’s wholesale impersonation effort How the notorious Packer-as-a-Service operation built itself into a hydra Gabor Szappanos Go to sophos
-
What happens when a cybersecurity company gets phished?
What happens when a cybersecurity company gets phished? A Sophos employee was phished, but we countered the threat with an end-to-end defense process Ross McKerchar Go to sophos
-
GOLD SALEM’s Warlock operation joins busy ransomware landscape
GOLD SALEM’s Warlock operation joins busy ransomware landscape The emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuity mindimcdowell Go to sophos
-
September Patch Tuesday handles 81 CVEs
September Patch Tuesday handles 81 CVEs The last round of fixes before Win 10’s final shout touches 15 product families, including Xbox Angela Gunn Go to sophos
-
Velociraptor incident response tool abused for remote access
Velociraptor incident response tool abused for remote access This approach represents an evolution from threat actors abusing remote monitoring and management tools mindimcdowell Go to sophos
-
Threat Intelligence Executive Report – Volume 2025, Number 4
Threat Intelligence Executive Report – Volume 2025, Number 4 This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June mindimcdowell Go to sophos
-
August Patch Tuesday includes blasts from the (recent) past
August Patch Tuesday includes blasts from the (recent) past Microsoft haul this month covers 109 CVEs… more or less Angela Gunn Go to sophos
-
Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data Matt Wixey Go to sophos
-
Shared secret: EDR killer in the kill chain
Shared secret: EDR killer in the kill chain A look under the hood at a tool designed to disable protections Gabor Szappanos Go to sophos
-
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365 Cybersecurity attacks are rising sharply in 2025, and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 percent have encountered email compromise2. To mitigate this ongoing risk, Rubrik and Sophos have formed a…
-
GOLD BLADE remote DLL sideloading attack deploys RedLoader
GOLD BLADE remote DLL sideloading attack deploys RedLoader Attacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV technique mindimcdowell Go to sophos
-
Sophos’ Secure by Design 2025 Progress
Sophos’ Secure by Design 2025 Progress One year on, we are pleased to share progress on our secure-by-design commitments. Ross McKerchar Go to sophos
-
Small world: The revitalization of small AI models for cybersecurity
Small world: The revitalization of small AI models for cybersecurity Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI Matt Wixey Go to sophos
-
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild Sophos X-Ops sees exploitation across multiple customer estates Matt Wixey Go to sophos
-
SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas Matt Wixey Go to sophos
-
July Patch Tuesday offers 127 fixes
July Patch Tuesday offers 127 fixes The seventh month is always a big one for Microsoft, and this year is no exception Angela Gunn Go to sophos
-
Threat Intelligence Executive Report – Volume 2025, Number 3
Threat Intelligence Executive Report – Volume 2025, Number 3 This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during March and April mindimcdowell Go to sophos
-
Using AI to identify cybercrime masterminds
Using AI to identify cybercrime masterminds Analyzing dark web forums to identify key experts on e-crime gallagherseanm Go to sophos
-
Taking the shine off BreachForums
Taking the shine off BreachForums ShinyHunters threat group members were arrested in a coordinated law enforcement action for their association with BreachForums mindimcdowell Go to sophos
-
June Patch Tuesday digs into 67 bugs
June Patch Tuesday digs into 67 bugs An extremely Windows-heavy month, with a surprise cameo by… Sophos?! Angela Gunn Go to sophos
-
The strange tale of ischhfd83: When cybercriminals eat their own
The strange tale of ischhfd83: When cybercriminals eat their own A simple customer query leads to a rabbit hole of backdoored malware and game cheats Matt Wixey Go to sophos
-
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network gallagherseanm Go to sophos
-
DragonForce targets rivals in a play for dominance
DragonForce targets rivals in a play for dominance Not content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operators Angela Gunn Go to sophos
-
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone. gallagherseanm Go to sophos
-
Beyond the kill chain: What cybercriminals do with their money (Part 1)
Beyond the kill chain: What cybercriminals do with their money (Part 1) Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled Matt Wixey Go to sophos
-
Beyond the kill chain: What cybercriminals do with their money (Part 2)
Beyond the kill chain: What cybercriminals do with their money (Part 2) In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors Matt Wixey Go to sophos
-
Beyond the kill chain: What cybercriminals do with their money (Part 3)
Beyond the kill chain: What cybercriminals do with their money (Part 3) In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors Matt Wixey Go to sophos
-
Beyond the kill chain: What cybercriminals do with their money (Part 4)
Beyond the kill chain: What cybercriminals do with their money (Part 4) In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests Matt Wixey Go to sophos
-
Beyond the kill chain: What cybercriminals do with their money (Part 5)
Beyond the kill chain: What cybercriminals do with their money (Part 5) In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes Matt Wixey Go to sophos
-
Microsoft primes 71 fixes for May Patch Tuesday
Microsoft primes 71 fixes for May Patch Tuesday Five issues actively exploited in the wild, but the real excitement may have been handled in advance Angela Gunn Go to sophos
-
Lumma Stealer, coming and going
Lumma Stealer, coming and going The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive Angela Gunn Go to sophos
-
Finding Minhook in a sideloading attack – and Sweden too
Finding Minhook in a sideloading attack – and Sweden too Multifaceted changes in TTPs illustrate what researchers see when they start digging Gabor Szappanos Go to sophos
-
Moving CVEs past one-nation control
Moving CVEs past one-nation control A near-miss episode of attempted defunding spotlights a need for a better way Chester Wisniewski Go to sophos
-
The Sophos Annual Threat Report: Cybercrime on Main Street 2025
The Sophos Annual Threat Report: Cybercrime on Main Street 2025 Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy gallagherseanm Go to sophos
-
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software These are the tools of the trade Sophos detected in use by cybercriminals over 2024 gallagherseanm Go to sophos
-
Industrial-strength April Patch Tuesday covers 135 CVEs
Industrial-strength April Patch Tuesday covers 135 CVEs One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane Angela Gunn Go to sophos
-
It takes two: The 2025 Sophos Active Adversary Report
It takes two: The 2025 Sophos Active Adversary Report The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you Angela Gunn Go to sophos
-
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365. gallagherseanm Go to sophos
-
Stealing user credentials with evilginx
Stealing user credentials with evilginx A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope Angela Gunn Go to sophos