Security News

Sophos has patched an actively exploited remote code execution vulnerability in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall.

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product.The issue, tracked as CVE-2022-3236, impacts Sophos Firewall v19.0 MR1 and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.

Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild. The company says it has released hotfixes for Sophos Firewall versions affected by this security bug and older) that will roll out automatically to all instances since automatic updates are enabled by default.

A sophisticated Chinese advanced persistent threat actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report.

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.On March 25, Sophos published a security advisory about CVE-2022-1040, an authentication bypass vulnerability that affects the User Portal and Webadmin of Sophos Firewall and could be exploited to execute arbitrary code remotely.

Sophos has released a fix for a known issue triggering blue screens of death on Windows 11 systems running Sophos Home antivirus software after installing the KB5013943 update. "Customers on Windows 11 running Sophos Home may encounter a BSOD/Stop error after installing Windows Update KB5013943 and restarting their machines," the cybersecurity vendor explains.

Attackers are exploiting recently patched RCE in Sophos FirewallA critical vulnerability in Sophos Firewall in being exploited in the wild to target "a small set of specific organizations primarily in the South Asia region," Sophos has warned. IceID trojan delivered via hijacked email threads, compromised MS Exchange serversA threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID trojan without triggering email security solutions.

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks. CISA also ordered federal agencies to patch a high severity arbitrary file upload vulnerability in the Trend Micro Apex Central product management console that can be abused in remote code execution attacks.

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution is now actively exploited in attacks. The vulnerability was discovered and reported by an anonymous researcher who found that it impacts Sophos Firewall v18.5 MR3 and older.

A critical vulnerability in Sophos Firewall in being exploited in the wild to target "a small set of specific organizations primarily in the South Asia region," Sophos has warned. CVE-2022-1040 is an authentication bypass vulnerability in the User Portal and Webadmin of Sophos Firewall, and can be exploited by attackers to achieve remote code execution on vulnerable appliances.