Security News

Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. "In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall," the company shared on Monday by updating of the original security advisory.

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. Although the hotfix was automatically rolled out to appliances set to auto-accept security updates by the vendor, by January 2023, over 4,000 internet-exposed appliances remained vulnerable to attacks.

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability in Sophos Web Appliance that has been patched by the company in April 2023.CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code.

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. The KEV catalog contains flaws confirmed to be exploited by hackers in attacks and serves as a repository for vulnerabilities that companies all over should treat with priority.

Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos.

Ransomware - as readers here know only too well - is one of the biggest cybercrime challenges we collectively face today. That's why Sophos has spent has recently visited cities around the globe to dive deep into the real story behind ransomware.

More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022.

Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution vulnerability. Sophos disclosed this code injection flaw found in the User Portal and Webadmin of Sophos Firewall in September and also released hotfixes for multiple Sophos Firewall versions.

Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. "The thing with deepfakes is that we aren't seeing a lot of it," Sophos researcher John Shier told El Reg last week.

A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug. While it hasn't been issued a CVSS severity score, Sophos deemed it "Critical" and noted that it allowed for remote code execution.