Tweet
Sophos has patched up a high-severity vulnerability that allowed threat actors to remotely execute any code, including viruses and malware, on an endpoint running its firewall software.
As reported by BleepingComputer, the company has pushed a fix for CVE-2022-1040, an authentication bypass vulnerability thatâs been given a severity score of 9.8/10.
It was discovered in the User Portal and Webadmin features of the Sophos Firewall solution.
TechRadar needs you!
Weâre looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldnât take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a ÂŁ100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Sophos says the patch will be automatically downloaded and installed for the majority of the users.
âThere is no action required for Sophos Firewall customers with the âAllow automatic installation of hotfixesâ feature enabled. Enabled is the default setting,â said the firm in a security advisory.
However, should users run an older version, or one thatâs already reached end of life, they will need to apply the patch manually. And those that are unable to install the fix at this time are advised to secure the vulnerable points - User Portal and Webadmin - via a workaround.
âCustomers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,â the advisory states. âDisable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.â
Read more
Itâs been a busy month for the Sophos team, which last week fixed two high severity vulnerabilities in Sophos Unified Threat Management appliances: CVE-2022-0386 and CVE-2022-0652.
Sophos is a UK-based cybersecurity and network security software developer, focused mostly on security software for organizations with up to 5,000 employees. It was founded in 1985, but pivoted towards cybersecurity in the late 1990s.
In 2019, it was acquired by US-based private equity firm, Thoma Bravo, for approximately $3.9 billion ($7.40 per share).
[ul]
[li]Check out the best ransomware protection software right now[/li][/ul]
Via BleepingComputer
Continue readingâŚ
As reported by BleepingComputer, the company has pushed a fix for CVE-2022-1040, an authentication bypass vulnerability thatâs been given a severity score of 9.8/10.
It was discovered in the User Portal and Webadmin features of the Sophos Firewall solution.
TechRadar needs you!
Weâre looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldnât take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a ÂŁ100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Workaround available[/HEADING]
[HEADING=1]Workaround available[/HEADING]
âThere is no action required for Sophos Firewall customers with the âAllow automatic installation of hotfixesâ feature enabled. Enabled is the default setting,â said the firm in a security advisory.
However, should users run an older version, or one thatâs already reached end of life, they will need to apply the patch manually. And those that are unable to install the fix at this time are advised to secure the vulnerable points - User Portal and Webadmin - via a workaround.
âCustomers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,â the advisory states. âDisable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.â
Read more
Sophos agrees to $3.9bn acquisition
Sophos warns customers it was hit by data breach
Best secure router of 2022: keep your router and devices safe at home or work
Sophos warns customers it was hit by data breach
Best secure router of 2022: keep your router and devices safe at home or work
Sophos is a UK-based cybersecurity and network security software developer, focused mostly on security software for organizations with up to 5,000 employees. It was founded in 1985, but pivoted towards cybersecurity in the late 1990s.
In 2019, it was acquired by US-based private equity firm, Thoma Bravo, for approximately $3.9 billion ($7.40 per share).
[ul]
[li]Check out the best ransomware protection software right now[/li][/ul]
Via BleepingComputer
Continue readingâŚ