Security News > 2022 > April > Week in review: Spring4Shell vulnerability, attackers exploiting patched RCE in Sophos Firewall
Attackers are exploiting recently patched RCE in Sophos FirewallA critical vulnerability in Sophos Firewall in being exploited in the wild to target "a small set of specific organizations primarily in the South Asia region," Sophos has warned.
IceID trojan delivered via hijacked email threads, compromised MS Exchange serversA threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID trojan without triggering email security solutions.
JavaScript security: The importance of prioritizing the client sideIn this interview with Help Net Security, Vitaly Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process.
The security gaps that can be exposed by cybersecurity asset managementCybersecurity asset management does not come with the excitement following the metaverse, blockchain, or smokescreen detection technologies, but it is essential for the protection of corporate infrastructure.
According to a recent survey conducted by the Ponemon Institute, 59% of embedded product security decision-makers say they've lost revenue due to product security concerns.
Cloud-native adoption shifts security responsibility across teamsStyra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys.
News URL
Related news
- Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network (source)
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)