Security News
Sophos XG Firewall hacked in the wild - hotfix available. Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability - after hackers were spotted exploiting the hole in the wild.
Tufin, a company pioneering a policy-centric approach to security and IT operations, announced the availability of the Tufin Firewall Change Tracker, a new free tool that delivers real-time visibility into firewall rule changes for organizations of all sizes. The new tool enables security teams to view multi-vendor firewall changes in real time and centrally monitor what was changed by whom, when and why - regardless of whether the firewall is physical, virtual, in the cloud or on-premise.
Enterprise content firewall provider Accellion on Tuesday announced that it has raised $120 million in a growth private equity round, which it will use for go-to-market initiatives, research and development, and mergers and acquisitions plans. "We are very excited to bring on Sagemount as a strategic and financial partner. Given their success investing in market-leading, high-growth software companies, we believe they are the right partner to help us create the enterprise content firewall category," Yaron said.
A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can't, to stop using the devices altogether or to put them behind network firewalls.
AT&T, Palo Alto Networks and Broadcom have been developing a framework that enables organizations to deploy firewalls as software-based platforms instead of hardware appliances. The expansion, which should provide necessary protections on 5G networks, delivers a dynamically programmable basis with embedded security at the edge of the network and also allows for the deployment of future services.
Scott Matteson: How are organizations misusing their firewalls? Matt Glenn: The first thing organizations need to do is recognize that firewalls can help with many security challenges, but they should not be used to solve everything.
A recently disclosed zero-day vulnerability in Zyxel network-attached storage devices also impacts over twenty of the vendor's firewalls. Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.