Hackers are exploiting a Sophos firewall zero-day

gregmcc

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
29,451
Reaction score
10,516
Location
Somewhere in the world
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/

Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers.

Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing "a suspicious field value visible in the management interface."

After investigating the report, Sophos determined this was an active attack and not an error in its product.

"The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," Sophos said in a security advisory today.
Click to expand...
 
Good, they published it honestly. No matter how hardened your security, zero-day attacks are always a risk. Do I need to ask how many other vendors are basing their products on this? Obviously Sophos will communicate it accordingly.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X