We'd love to hear about it! Click here to go to the product suggestion community
According to KrebsOnSecurity.com (8/2/2019 blog post), the massive Capital One security breach started with a misconfigured WAF site running ModSecurity, which was running on Amazon Web Services. My summary of his report:
Since our WAF log files make it painfully obvious that UTM uses ModSecurity under the covers, I have been hoping someone (Sophos) could provide some information to assure us that a similar compromise is not feasible in the appliance environment, as well as guidance to ensure that it is not accidentally possible in the cloud environment. Maybe its too soon to tell since details are hard to come obtain in a situation like this, bu tI can hope.
(For AWS users, the KrebsOnSecurity article refers to some Amazon utilities that can help check for configuration best practices.)
Do you have the link of that article? For any official word or guide, you would require to create a case with Sophos Support and get that information. I will check with our team and see if there's anything we need to take care of in regards to this issue.
In reply to Jaydeep:
I try to avoid including non-Sophos links in my posts, partly as a courtesy and partly because I thought the moderation rules restricted doing so. Based on some of the spam entries I have encountered, it appears that such a restriction is not actually in place, but perhaps badly needed. However, since you asked, this is the link to the full article.
I read Krebs intermittently, but I have found his blog to be well informed. The website has ads, but I have not detected threat content in any of the ads.