Attackers exploit 0-day code-execution flaw in the Sophos firewall
Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday.
The company disclosed that the attackers then downloaded and installed a series of scripts that lead to their ability to execute code intended to stead users’ names, usernames, and the cryptographically hashed form of the passwords. Sophos has since released a hotfix that mitigates the vulnerability. Other data potentially targeted in the attack included IP address allocation permissions for firewall users as well as the version of the custom operating system running. Sophos stated that it appears that the malware’s primary goal was data theft.