Home » Computer security data security Latest Cybersecurity News

Sophos releases an emergency patch to fix a zero-day vulnerability

William Marshal Posted On April 28, 2020
10


Sophos zero day vulnerability

Cybersecurity firm Sophos had released an emergency patch for its product called ‘XG Firewall‘ which had a SQL injection vulnerability, a zero-day bug. Hackers already had started exploiting this vulnerability in the wild, so if you are using this product you should download and install the patch as soon as possible.

Sophos had identified this vulnerability through one of their customers on April 22, Wednesday. Customer had mentioned a suspicious field value is visible in the interface. Furthermore, after investigating the case, Sophos identified it is an active attack and not an error in their system.

How did hackers exploit this vulnerability?

Hackers had used an unknown SQL injection vulnerability to access the XG exposed devices. They then aimed at XG Firewall devices that had administration or user portal control being exposed through the internet. Moreover, they also did use the SQL vulnerability to download a payload, fetching files from XG Firewall.

The below diagrams illustrates Asnarok’s penetration into Firewall and the malware’s exfiltration stages,

Source: Sophos

The data stolen from the product includes usernames, passwords, license details of the product, emails ids and user accounts. However, Sophos mentioned that their authentication systems like LDAP and AD were safe.

After analyzing and tracking the footprints of the hackers, Sophos confirmed the actors did not penetrate the XG Firewall devices, and had not breached the firewall of its customers. This malware was named as ‘Asnarok’ by the Sophos team.

Source: Sophos

Deploy the patch to fix the SQL vulnerability

The UK based company had already deployed an emergency patch for its product, and the product’s auto-update feature if enabled will take care of this vulnerability. Along with the patch for XG Firewall, Sophos has included a feature, a special box in the product which will intimate the admins if their device is compromised.

How to mitigate if already been affected?

Enterprises that have already been hacked to exploit this vulnerability, Sophos recommends the below steps,

  • Portal and device administrators accounts has to be reset.
  • The XG devices have to be rebooted.
  • All local user account passwords have to be reset.
  • Any accounts where the XG credentials were used needs to be reset.

Enterprises also should disable the firewall administration interface on the ports if the same is not a mandatory configuration for the network. Disable WAN’s control panel using these instructions.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on FacebookLinkedinInstagramTwitter and Reddit

Share the article with your friends




Author

William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

10 Comments

download
February 1, 2021 at 6:39 am
Reply

Now I am going to do my breakfast, when having my breakfast coming again to read additional news. Cory Delmer Sedda


online
February 1, 2021 at 8:41 am
Reply

Someone necessarily assist to make critically posts I might state. Belinda Clem Appledorf Ellen Blayne Ras


diziler
February 1, 2021 at 10:27 am
Reply

Congratulations, a good game with nice stuff as this, congratulations Charline Beltran Colner


canli tv
February 1, 2021 at 11:45 pm
Reply

When I originally commented I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on each time a comment is added I recieve 4 emails with the same comment. There has to be an easy method you can remove me from that service? Kudos! Brittney Izaak Desdamonna


online
February 2, 2021 at 2:22 am
Reply

Very good post! We will be linking to this great content on our site. Keep up the great writing. Bria Hersch Weihs


dizi
February 2, 2021 at 4:09 am
Reply

This info is invaluable. Where can I find out more? Kellie Augustine Roanna


watch
February 2, 2021 at 8:21 am
Reply

Accepted to our goliath environs and relay chief power conducive to you that created such undisturbed. Janetta Kristoforo Tiffie


watch
February 2, 2021 at 9:28 am
Reply

If you would like to obtain much from this paragraph then you have to apply such methods to your won weblog. Madalyn Walden Nunci


turkce
February 2, 2021 at 2:48 pm
Reply

Wow! Thank you! I permanently wanted to write on my blog something like that. Can I include a portion of your post to my site? Lenette Freedman Engedi


torrent
February 6, 2021 at 1:00 pm
Reply

Hello, constantly i used to check webpage posts here early in the dawn, since i like to find out more and more. Rosamond Lezley Gaudet


Leave a Reply to dizi Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.