Sophos pushes out emergency patch to fix XG Firewall zero-day vulnerability

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers. The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access. See also: Hackers are selling two serious Zoom zero-day vulnerabilities for $500,000 Hundreds of thousands of stolen Zoom accounts for sale… [Continue Reading]