Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I am glad that we have chosen Sophos

VishvasChitale

Dear Ravi and Kandarp @ Team Sophos

First of all thank you very much for getting our system got hot fixed in record time in this difficult time of covid-19  outbreak crisis . As per our communication yesterday We have changed  password of all Users as well Admin and Vpn users .I have gone through various community discussion and really appreciate that Sophos team accepted the breach and published root cause of the same and fix difficult time of covid-19  outbreak crisis . This requires lot of courage and transparency . I am glad that we have chosen Sophos.  I will be happy if you can share me the analysis of our firewall by the Team. I would also Like to get rid of Alert as per the attachment . I fell that this should get clear after we have followed the steps.

 

With Warm and Best Regards

Vishvas Chitale



This thread was automatically locked due to age.
Parents
  • 0

    I agree that they were quick in making a hotfix available once they were notified... From a CUSTOMER.  I have events in my logs from the attacker IP going back to 3/28.  That is 4 weeks, FOUR! weeks before a hotfix was made available.  Sophos should have their firewalls exposed in lab and acting like Honeypots with people watching them closely.  What is really grinding my gears about this whole thing is that I am unable to find out how to make system originating traffic visible in logs or my syslog server.  How am I to know when the firewall is compromised and talking to some C2 server?

Reply
  • 0

    I agree that they were quick in making a hotfix available once they were notified... From a CUSTOMER.  I have events in my logs from the attacker IP going back to 3/28.  That is 4 weeks, FOUR! weeks before a hotfix was made available.  Sophos should have their firewalls exposed in lab and acting like Honeypots with people watching them closely.  What is really grinding my gears about this whole thing is that I am unable to find out how to make system originating traffic visible in logs or my syslog server.  How am I to know when the firewall is compromised and talking to some C2 server?

Children