Security News

More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022.

Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution vulnerability. Sophos disclosed this code injection flaw found in the User Portal and Webadmin of Sophos Firewall in September and also released hotfixes for multiple Sophos Firewall versions.

Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. "The thing with deepfakes is that we aren't seeing a lot of it," Sophos researcher John Shier told El Reg last week.

A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug. While it hasn't been issued a CVSS severity score, Sophos deemed it "Critical" and noted that it allowed for remote code execution.

Sophos has patched an actively exploited remote code execution vulnerability in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall.

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product.The issue, tracked as CVE-2022-3236, impacts Sophos Firewall v19.0 MR1 and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.

Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild. The company says it has released hotfixes for Sophos Firewall versions affected by this security bug and older) that will roll out automatically to all instances since automatic updates are enabled by default.

A sophisticated Chinese advanced persistent threat actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report.

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.On March 25, Sophos published a security advisory about CVE-2022-1040, an authentication bypass vulnerability that affects the User Portal and Webadmin of Sophos Firewall and could be exploited to execute arbitrary code remotely.

As leaders within the endpoint detecting and response industry, CrowdStrike and Sophos provide high-quality EDR for organizations of all sizes. CrowdStrike Falcon XDR and Sophos Endpoint Intercept X both build upon their EDR solutions with enhanced detection and response, known as XDR. SEE: Feature comparison: Time tracking software and systems.