Sophos Community
Sophos Community
  • Site
  • User
  • Site
  • Search
  • User
  • Community & Product Forums
    • Intercept X Endpoint
    • Sophos Firewall
    • Sophos Central
    • Sophos Factory
    • Sophos Switch
    • Sophos Mobile
    • Sophos Wireless
    • Sophos Email
    • UTM Firewall
    • Community Chat
  • Community Blogs & Events
    • Sophos Community Blog
    • Community Security Blog
    • Product Documentation Blog
    • Application Control
  • Getting Started
  • Sophos Partners
    • Sophos Partners Group
  • Member Recognition
    • Community Leaderboards
  • Sophos Techvids
  • Product Documentation
    • Visit docs.sophos.com
  • Support Portal
    • Sophos.com
  • More
  • Cancel
Sophos Community
Sophos Community

Community Security Blog

  • Blogs
  • Leaderboards
  • Community Calendar
  • Wikis
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
Community Security Blog
Subscribe
  • Subscribe by email
  • Posts RSS
  • More
  • Cancel
  • Tags
  • Subscribe by email
  • More
  • Cancel
  • Best Practices for Sophos Central Intercept X Endpoint

    Best Practices for Sophos Central Intercept X Endpoint

    Sophos Author
    Sophos Author
    Our latest video on Sophos Techvids outlines best practices for configuring your threat protection policy for Intercept X in Sophos Central. Also check out our related Community Techtips episode available on-demand! Intercept X is a powerful produc...
    • 26 Feb 2022
  • Hardening Your Sophos Firewall

    Hardening Your Sophos Firewall

    Sophos Author
    Sophos Author
    Here are some recommendations to harden the overall security of your Sophos Firewall. Table of Contents Keep Your Firmware Updated and Hotfixes Enabled Limit Firewall Device Access Lock Down Remote Access to Other Network Systems Use Multi-Factor ...
    • 25 Feb 2022
  • Advisory: FORCEDENTRY Attack (CVE-2021-30860)

    Advisory: FORCEDENTRY Attack (CVE-2021-30860)

    Sophos Author
    Sophos Author
    Overview Canadian privacy and cybersecurity activist group The Citizen Lab has announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems. The attack is widely being described by the nickname FORCEDENTRY. If...
    • 15 Sep 2021
  • Advisory: Confluence Server Webwork OGNL injection (CVE-2021-26084)

    Advisory: Confluence Server Webwork OGNL injection (CVE-2021-26084)

    Sophos Author
    Sophos Author
    Last updated 2021-09-10 UTC 11:55   On August 25, 2021, Atlassian released a security advisory detailing a vulnerability in their on-premises Confluence Server and Confluence Data Center products. The advisory contained instructions to immediate...
    • 5 Sep 2021
  • Information regarding ProxyShell

    Information regarding ProxyShell

    Sophos Author
    Sophos Author
    Last updated 2021-08-31 UTC 09:30 On August 21, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of active exploitation of ProxyShell vulnerabilities CVE-2021-34473, CVE-2021-34523, and CVE-2021-3...
    • 25 Aug 2021
  • PetitPotam Attack

    PetitPotam Attack

    Sophos Author
    Sophos Author
     A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, with proof of concept code published.  Many organizations utilize Microsoft Active Directory Certificate Services, wh...
    • 28 Jul 2021
  • Kaseya VSA Supply-Chain Ransomware Attack

    Kaseya VSA Supply-Chain Ransomware Attack

    Sophos Author
    Sophos Author
    First updated 2021-07-02, 19:50 UTC Last updated 2021-07-06, 04:10 UTC Sophos is aware of a supply chain attack that uses Kaseya to deploy a variant of the REvil ransomware into a victim’s environment.The attack is geographically dispersed. Org...
    • 2 Jul 2021
  • Advisory: PrintNightmare (CVE-2021-34527), the zero-day hole in Windows

    Advisory: PrintNightmare (CVE-2021-34527), the zero-day hole in Windows

    Sophos Author
    Sophos Author
    Overview Researchers from the cybersecurity company Sangfor, have documented an as-yet-undisclosed Windows Print Spooler Remote Code Execution bug, widely being described by the nickname PrintNightmare. If exploited, this vulnerability could provide ...
    • 30 Jun 2021
  • Advisory: Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

    Advisory: Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

    mgrimm
    mgrimm
    Overview On May 12, 2021, the researcher Mathy Vanhoef released a security advisory disclosing multiple medium severity CVEs for the 802.11 Wireless Network Specification, which is applicable to a wide variety of WiFi products. These vulne...
    • 12 May 2021
  • 勧告: Exim の複数の脆弱性 (別名 21Nails)

    勧告: Exim の複数の脆弱性 (別名 21Nails)

    Sophos Author
    Sophos Author
    To view the English version of this blog, please click here. 概要 2021 年 5 月 4 日、Qualys は、広く使用されているオープンソースのメッセージ転送エージェント (MTA) である Exim メールソフトウェアについて、複数の CVE を公開するセキュリティアドバイザリをリリースしました。これらの脆弱性は、ローカルおよびリモートの攻撃者によって使用される可能性があり、Exim のバージョン 4.94....
    • 10 May 2021
  • Advisory: Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

    Advisory: Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

    mgrimm
    mgrimm
    Overview A local privilege escalation vulnerability in Sophos Endpoint products for MacOS was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vul...
    • 7 May 2021
  • Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

    Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

    mgrimm
    mgrimm
    To view the Japanese version of this blog, please click here. Overview On May 4, 2021, Qualys released a security advisory disclosing multiple CVEs for the Exim mailer software, a widely used open-source message transfer agent (MTA). T...
    • 4 May 2021
  • Advisory: Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

    Advisory: Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

    mgrimm
    mgrimm
    Overview A remote code execution vulnerability in Sophos Connect Client version 2.0 for Windows was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. Th...
    • 1 Mar 2021
  • Advisory: Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

    Advisory: Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

    mgrimm
    mgrimm
    Overview Dnsmasq released a security advisory, dated January 19, 2021, disclosing details on multiple CVEs that can be triggered by a remote DNS response. The impacted dnsmasq versions are older than version 2.83. If successfully exploited by a malic...
    • 19 Jan 2021
  • Advisory:  Resolved SQL Injection in Cyberoam OS WebAdmin (CVE-2020-29574)

    Advisory:  Resolved SQL Injection in Cyberoam OS WebAdmin (CVE-2020-29574)

    mgrimm
    mgrimm
    Overview An SQL Injection vulnerability in the WebAdmin of Cyberoam OS was recently discovered and has been patched through a hotfix. On some systems, this may have been used to create an unrecognized account. Applies to the following ...
    • 10 Dec 2020
  • Advisory: NAT Slipstreaming

    Advisory: NAT Slipstreaming

    mgrimm
    mgrimm
    Overview A recently identified attack known as NAT Slipstreaming can potentially bypass browser protections to compromise an end-user device and then utilize Network Address Translation (NAT) on a firewall or router to a...
    • 7 Dec 2020
  • Microsoft CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability AKA Zerologon

    Microsoft CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability AKA Zerologon

    mgrimm
    mgrimm
    What are the technical specifics of the issue? Microsoft, in its August 2020 Patch Tuesday release, disclosed details on CVE-2020-1472, which is a Privilege Escalation vulnerability in the Netlogon Remote Protocol. If successfully exploited, this vu...
    • 18 Sep 2020
  • Advisory: Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

    Advisory: Resolved RCE in SG UTM WebAdmin (CVE-2020-25223)

    mgrimm
    mgrimm
    Overview A remote code execution vulnerability in the WebAdmin of SG UTM was discovered and responsibly disclosed to Sophos in 2020. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerabili...
    • 18 Sep 2020
  • Advisory: Resolved authenticated RCE issues in User Portal (CVE-2020-17352)

    Advisory: Resolved authenticated RCE issues in User Portal (CVE-2020-17352)

    mgrimm
    mgrimm

    Overview

    Two vulnerabilities in the User Portal of XG Firewall were recently discovered and responsibly disclosed to Sophos. They were reported via the Sophos bug bounty program by an external security researcher. Both vulnerabilities were post-authentication command injection vulnerabilities and have been fixed.

    The remediation prevented authenticated users from remotely executing arbitrary code. There was no evidence that…

    • 7 Aug 2020
  • Advisory: Resolved RCE via SQLi (CVE-2020-15504)

    Advisory: Resolved RCE via SQLi (CVE-2020-15504)

    mgrimm
    mgrimm

    Overview

    An SQL injection vulnerability in the email quarantine release feature of XG Firewall was recently discovered and responsibly disclosed to Sophos by external security researchers. The vulnerability has been fixed. The remediation prevented remote execution of arbitrary code. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.

    Sophos would like to thank Jakob…

    • 10 Jul 2020
  • Advisory: Buffer overflow in XG Firewall v17.x User Portal

    Advisory: Buffer overflow in XG Firewall v17.x User Portal

    Craig Paradis
    Craig Paradis

    Overview

    Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.

    Sophos quickly responded and remediated with a hotfix that removes the HTTP/S bookmark functionality for all XG Firewalls running SFOS v17.x. XG Firewall v18…

    • 25 Jun 2020
  • Advisory: Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)

    Advisory: Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)

    mgrimm
    mgrimm

    Overview

    A heap overflow vulnerability in awarrensmtp, a component of XG Firewall firmware, was recently discovered and responsibly disclosed to Sophos by an external security researcher. The vulnerability can potentially allow a remote attacker to execute arbitrary code.

    Sophos would like to thank Arseniy Sharoglazov from Positive Technologies for responsibly disclosing this issue to Sophos.

    There is no action required…

    • 17 Jun 2020
  • Advisory: CVE-2020-10947 - Sophos Anti-Virus for macOS privilege escalation

    Advisory: CVE-2020-10947 - Sophos Anti-Virus for macOS privilege escalation

    Craig Paradis
    Craig Paradis

    Overview

    A privilege escalation vulnerability was discovered and responsibly disclosed on 17 August, 2019 by Lasse Trolle Borup of Danish Cyber Defence that impacted specific versions of Sophos Anti-Virus for macOS. All supported versions were fixed by 5 December 2019. The only action required for customers is to verify they are running the fixed version.

    Description of Vulnerability

    An unprivileged, authenticated attacker…

    • 16 Apr 2020
  • Sophos Comments to CVE-2020-9363

    Sophos Comments to CVE-2020-9363

    Craig Paradis
    Craig Paradis

    Overview

    There are many possible ways to create a corrupted archive file that remains readable to some unpacking tools, while not being readable by other tools, including endpoint protection products in general. These endpoint protection products will only be able to detect malware hidden inside corrupted archives when the contents of the archive are unpacked by the 3rd party tool using on-access scanning technology.

    …
    • 12 Mar 2020
>
Unfiltered HTML
  • Getting started
  • Legal
  • Privacy
  • Cookies

© 1997 - 2022 Sophos Ltd. All rights reserved.