Security News

Traditional security architecture focused on a hardened perimeter with a vulnerable interior. Modern security practices focus instead on multiple key control points, such as the network, endpoints, applications, and identities.

Network firewalls are a critical line of defense in securing enterprise networks and protecting their vital data. The rapid transition to cloud infrastructure makes managing networks quite complex and cumbersome, leaving security and information technology teams with the overwhelming task of determining proper restrictions and access.

Often, organizations think of firewall security as a one-and-done type of solution. Let's break down a few questions that you and your team should be asking about firewall security to get a more accurate view into your network defense posture.

A sophisticated Chinese advanced persistent threat actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report.

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.On March 25, Sophos published a security advisory about CVE-2022-1040, an authentication bypass vulnerability that affects the User Portal and Webadmin of Sophos Firewall and could be exploited to execute arbitrary code remotely.

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. CVE-2022-26531 - Several input validation flaws in command line interface commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash.

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system.

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. It is unclear if these efforts are malicious or just researchers working to map up Zyxel devices currently exposed to adversary attacks.

A critical vulnerability affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it.Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was fixed by the company with patches released on April 28, but not publicly acknowledged by the company via an associated CVE or security advisory until now.