Saturday, May 21, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Sophos announced a hotfix for XG Firewall exploit

Sophos announced a hotfix for XG Firewall exploit

Sophos announced the results of the investigation and the incident was determined to be an attack against physical and virtual XG Firewall units.

Erdem Yasar by Erdem Yasar
May 6, 2020
in Cybersecurity
1 min read
0 0
0
Sophos announced a fix for XG Firewall exploit
4
SHARES
20
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Sophos announced that the company started an investigation, after receiving a report on April 22, and the results show that the attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. Additionally, firewalls manually configured to expose a firewall service to the WAN zone that shares the same port as the admin or user portal were also affected.

Pre-auth SQL injection vulnerability

Sophos stated that the attackers used a previously unknown pre-auth SQL injection vulnerability to gain access to exposed XG devices. The attack aimed to exfiltrate XG Firewall-resident data and The data exfiltrated for any impacted firewall includes all local usernames and hashed passwords of any local user accounts.

Shortly after, Sophos launched a hotfix to all supported XG Firewall/SFOS versions. This hotfix eliminated the SQL injection vulnerability which prevented further exploitation, stopped the XG Firewall from accessing any attacker infrastructure, and cleaned up any remnants from the attack. Sophos also stated that for uncompromised XG Firewall devices, no additional steps are required and for the compromised XG Firewall devices published a short guide fully remediate the issue.

See more Cyber Security News


Tags: SophosSQL InjectionVulnerability
Share4TweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

GlobeX Data to launch USA and Canada sales campaign

Next Post

Compass Datacenters purchased land for the Toronto campus

Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7 News. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7 News, Erdem was the managing editor of T3 Magazine.

Related News

Microsoft SQL Servers Are Targeted With Brute - Force Attacks

Microsoft SQL servers are targeted with brute-force attacks

May 20, 2022 3:45 pm
Google OAuth client library for Java had a high severity flaw

Google OAuth client library for Java had a high severity flaw

May 20, 2022 2:45 pm
The Linux Malware XOR DDoS Is On The Rise Again

The Linux malware XOR DDoS is on the rise again

May 20, 2022 1:50 pm
Conti ransomware group is shut down

Conti ransomware group is shut down

May 20, 2022 12:10 pm
Next Post
Compass Datacenters purchased land for the Toronto campus

Compass Datacenters purchased land for the Toronto campus

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Snap app of the week: Glate
  • Weekly tips & tricks: Linux #4
  • [Event] Live Webinar – WordPress: Don’t Underestimate the Power of Plugins
  • Oracle Linux 8.6 is ready to download
  • Imunify Security has announced Dashboard PRO

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.