My XG Firewall reported as compromised.
I have the hotfix, and have reset all local passwords, disabled VPN, and disabled WAN access to the user portal (admin portal was already disabled).
I have HTTPS traffic inspection enabled for a couple hosts on my network. What's the likelihood that this compromise would have allowed the attacker to exfiltrate unencrypted traffic that was leaving those machines? I'm concerned about account credentials that the hosts would have been sending as users logged into email accounts, bank accounts, etc.
Thoughts? Should I be telling users that they need to change account passwords for every single service that accessed while connected in the past 2, 4, 10 days?
Thanks,
This thread was automatically locked due to age.
