Security News > 2020 > April > Sophos XG firewalls hacked, hotfix ready. Texts wreck Apple iThings. Yup, business as usual in infosec world
2020-04-26 12:04
Sophos XG Firewall hacked in the wild - hotfix available.
Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability - after hackers were spotted exploiting the hole in the wild.
All physical and virtual XG firewalls are vulnerable, we're told, and all supported versions will get a hotfix.
"The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," said Team Sophos.
Known as VictoryGate, the malware infects a mixture of home and business Windows PCs and Internet-of-Things devices.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/26/security_roundup_240420/
Related news
- Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network (source)
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)