An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- Slashdot
- Techcrunch
- Team Treehouse
- Spoon Graphics
- Fuel Your Creativity
- My Ink Blog
- Stylized Web
- Freelance Switch
- Web Resource Source
- Dev To
Help Webnuz
Referal links:
April 27, 2020 02:50 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QT6n0L16_9k/hackers-are-exploiting-a-sophos-firewall-zero-day
Hackers Are Exploiting a Sophos Firewall Zero-day
Cyber-security firm Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. From a report: Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing "a suspicious field value visible in the management interface." After investigating the report, Sophos determined this was an active attack and not an error in its product. "The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices," Sophos said in a security advisory today. Hackers targeted Sophos XG Firewall devices that had their administration (HTTPS service) or the User Portal control panel exposed on the internet. Sophos said the hackers used the SQL injection vulnerability to download a payload on the device. This payload then stole files from the XG Firewall.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QT6n0L16_9k/hackers-are-exploiting-a-sophos-firewall-zero-day
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot