Community Security Blog

3CX Desktop Application Attack

2023-03-31T00:09:53Z

Overview On Wednesday, March 29, 2023, Sophos MDR Operations and Sophos X-Ops Threat Intelligence started investigating an attack on the Voice Over Internet Protocol (VOIP) client, 3CXDesktop. The attack includes a digitally signed and trojanized ver...(read more)

Best Practices for Sophos Central Intercept X Endpoint

2022-02-26T01:51:00Z

Our latest video on Sophos Techvids outlines best practices for configuring your threat protection policy for Intercept X in Sophos Central. Also check out our related Community Techtips episode available on-demand! Intercept X is a powerful produc...(read more)

Hardening Your Sophos Firewall

2022-02-25T19:40:00Z

Here are some recommendations to harden the overall security of your Sophos Firewall. Table of Contents Keep Your Firmware Updated and Hotfixes Enabled Limit Firewall Device Access Lock Down Remote Access to Other Network Systems Use Multi-Factor ...(read more)

Advisory: FORCEDENTRY Attack (CVE-2021-30860)

2021-09-15T17:15:00Z

Overview Canadian privacy and cybersecurity activist group The Citizen Lab has announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems. The attack is widely being described by the nickname FORCEDENTRY. If...(read more)

Advisory: Confluence Server Webwork OGNL injection (CVE-2021-26084)

2021-09-05T21:44:00Z

Last updated 2021-09-10 UTC 11:55 On August 25, 2021, Atlassian released a security advisory detailing a vulnerability in their on-premises Confluence Server and Confluence Data Center products. The advisory contained instructions to immediate...(read more)

Information regarding ProxyShell

2021-08-25T20:34:00Z

Last updated 2021-08-31 UTC 09:30 On August 21, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of active exploitation of ProxyShell vulnerabilities CVE-2021-34473, CVE-2021-34523, and CVE-2021-3...(read more)

PetitPotam Attack

2021-07-28T15:11:00Z

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, with proof of concept code published. Many organizations utilize Microsoft Active Directory Certificate Services, wh...(read more)

Kaseya VSA Supply-Chain Ransomware Attack

2021-07-02T03:34:00Z

First updated 2021-07-02, 19:50 UTC Last updated 2021-07-06, 04:10 UTC Sophos is aware of a supply chain attack that uses Kaseya to deploy a variant of the REvil ransomware into a victim’s environment.The attack is geographically dispersed. Org...(read more)

Advisory: PrintNightmare (CVE-2021-34527), the zero-day hole in Windows

2021-06-30T20:40:00Z

Overview Researchers from the cybersecurity company Sangfor, have documented an as-yet-undisclosed Windows Print Spooler Remote Code Execution bug, widely being described by the nickname PrintNightmare. If exploited, this vulnerability could provide ...(read more)

Advisory: Multiple Vulnerabilities (AKA FragAttacks) in WiFi Specification

2021-05-12T08:00:00Z

Overview On May 12, 2021, the researcher Mathy Vanhoef released a security advisory disclosing multiple medium severity CVEs for the 802.11 Wireless Network Specification, which is applicable to a wide variety of WiFi products. These vulne...(read more)

勧告: Exim の複数の脆弱性 (別名 21Nails)

2021-05-10T04:11:00Z

To view the English version of this blog, please click here. 概要 2021 年 5 月 4 日、Qualys は、広く使用されているオープンソースのメッセージ転送エージェント (MTA) である Exim メールソフトウェアについて、複数の CVE を公開するセキュリティアドバイザリをリリースしました。これらの脆弱性は、ローカルおよびリモートの攻撃者によって使用される可能性があり、Exim のバージョン 4.94....(read more)

Advisory: Resolved LPE in Endpoint for MacOS (CVE-2021-25264)

2021-05-07T09:13:00Z

Overview A local privilege escalation vulnerability in Sophos Endpoint products for MacOS was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vul...(read more)

Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

2021-05-04T21:57:00Z

To view the Japanese version of this blog, please click here. Overview On May 4, 2021, Qualys released a security advisory disclosing multiple CVEs for the Exim mailer software, a widely used open-source message transfer agent (MTA). T...(read more)

Advisory: Resolved RCE in Sophos Connect Client for Windows (CVE-2021-25265)

2021-03-01T10:29:00Z

Overview A remote code execution vulnerability in Sophos Connect Client version 2.0 for Windows was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. Th...(read more)

Advisory: Multiple Dnsmasq Vulnerabilities (AKA DNSpooq) in Sophos RED

2021-01-19T18:23:00Z

Overview Dnsmasq released a security advisory, dated January 19, 2021, disclosing details on multiple CVEs that can be triggered by a remote DNS response. The impacted dnsmasq versions are older than version 2.83. If successfully exploited by a malic...(read more)