1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Sophos Firewall found a serious security issue

    From TechnologyDaily@1337:1/100 to All on Mon Sep 26 16:15:03 2022
    Sophos Firewall found a serious security issue

    Date:
    Mon, 26 Sep 2022 14:59:16 +0000

    Description:
    Sophos warns recently discovered flaw is being exploited in the wild to run arbitrary code on vulnerable endpoints.

    FULL STORY ======================================================================

    Sophos Firewall carries a high-severity vulnerability thats being actively exploited in the wild, the company has confirmed, urging system admins to apply the patch, or the workaround, as quickly as possible.

    In an official announcement, the company said that the threat actor abusing the flaw focuses on a specific type of companies for its victims.

    "Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," Sophos said. "We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate." Remote code execution

    The vulnerability was discovered in the User Portal and Webadmin. Tracked as CVE-2022-3236, the flaw allows threat actors to remotely execute code. The company has already released a fix, that should be applied automatically to most users. By default, the feature of automatic updates is enabled, so
    unless system admins deliberately turned it off, they should be fine.

    Those that should pay extra care are those that have the feature turned off, or those who are using older versions of Sophos Firewall. These would need to upgrade the software, first.

    System admins that are unable to apply the patch at this time can also use
    the workaround - making sure the User Portal and Webadmin arent exposed to WAN. Read more

    Sophos Firewall vulnerability gave hackers the keys to the kingdom


    Sophos Firewall zero-day bug exploited weeks before fix


    Looking for best firewall as a service? Look no further

    "Disable WAN access to the User Portal and Webadmin by following device
    access best practices and instead use VPN and/or Sophos Central (preferred) for remote access and management," Sophos said.

    This is at least the third time this year Sophos Firewall made headlines for all the wrong reasons. In April this year, the company announced patching a flaw that allowed threat actors to remotely execute any code, including viruses and malware, on an endpoint running its firewall software, and in
    late June, it fixed CVE-2022-1040 (authentication bypass flaw that allows arbitrary code execution). Here's a rundown of the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/sophos-firewall-found-a-serious-security-issue/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)