my iPad running the latest ipados and interceptX was hacked using a known hack in Facebook messenger.
Thankfully my contact list is not that great and I was able to unsound the bad message.
The iPAD is also guarded by XG and at the time the initial attack it was not using decrypted and scan which it was when the messages were sent but there is an exception in web policy for facebook.
Why wasn't the known hack stooped by interceptX.ian
Can you please let me know which know hack you are referring to? Please let me know the version of Intercept X and Facebook messenger? Are you using the free Intercept X from the Apple app store or do you have a licensed Sophos Mobile installation? It'd be great if you can provide more information regarding this attack and please post any valuable screenshots if you can.
Community Team Lead, Support & Services| Sophos Technical Support Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
I have checked further and it is know issue, but not a hack, just credential stealing site.
I am running sophos home premium and the interceptx comes as part of that package for mobile devices, version 188.8.131.52
messenger the latest to automatically install.
this is a screenshot of the nasty.
Thank you for sharing more details along with the screenshot! This seems like a phishing scam, where a legitimate-looking page is shown for you to sign in to. Once you enter your credentials, they are stolen. The key security features for the free Intercept X Mobile app for iOS are WiFi Security (Man in the middle network attack), Secure QR code scanning, Authenticator, and Password Safe.
A phishing attack is a type of social engineering attack and hence it requires a different type of protection. For avoiding Phishing attacks, please see the following article: https://www.sophos.com/en-us/security-news-trends/best-practices/phishing.aspx
For more info on the Sophos products offering this type of protection, please see: https://www.sophos.com/en-us/content/phishing-attack-prevention.aspx
Thank you for the details, but they do not answer the real issue about why a known bad actor site was allowed to get past interceptX? Also the sophos email scanning function suggested in the URLs is a business application, not available to home users. Further the URL should have failed the XG testing, not just content but as a know bad site.
The XG firewall would have prevented this URL from a web filtering policy. Did you configure HTTPS decrypt and scan?
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
no, because decrypt and scan does not work on my iPAD to many sites fail and SSL/TLS is even worse.
But I do have it enabled for malware and content scanning.
The XG firewall would have prevented this URL from a web filtering policy, but it was not configured for your iPad. Did you have any IPS policy or ATP configured on the firewall?
A screenshot of the firewall rule.