Security News > 2020 > April > Malware Delivered to Sophos Firewalls via Zero-Day Vulnerability
Cybersecurity company Sophos informed customers over the weekend that it has patched a zero-day vulnerability that has been exploited to deliver malware to its XG Firewall appliances.
An investigation revealed that attackers have been exploiting a previously unknown SQL injection vulnerability to hack exposed physical and virtual firewalls.
Sophos started taking measures shortly after the attack started and it rolled out a SFOS hotfix that patches the SQL injection vulnerability on April 25.
In a blog post published late on Sunday, Sophos revealed that the attacker exploited the SQL injection vulnerability to insert a one-line command into the firewall database.
Sophos has dubbed the malware involved in the attack Asnarok and attributed the operation to an "Unknown adversary."
News URL
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)