Security Affairs
Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild. The security firm reported […]

Sophos Firewall User Portal interface

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue.

Sophos backports the fix for the critical code injection vulnerability CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering that threat actors are actively exploiting the flaw in attacks in the wild.

The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. 

In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs. The most severe issue addressed by the security vendor is the flaw CVE-2022-3236.

“A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.” reads the advisory.

In September Sophos warned of this critical code injection security vulnerability (CVE-2022-3236) affecting its Firewall product which was being exploited in the wild. Sophos confirmed that this vulnerability was being used to target a small set of specific organizations, primarily in the South Asia region.

Sophos Firewall User Portal interface

“The vulnerability was originally fixed in September 2022. In December 2023, we delivered an updated fix after identifying new exploit attempts against this same vulnerability in older, unsupported versions of the Sophos Firewall.” reads the update provided by the vendor.

No action is required if organizations have upgraded their firewalls to a supported firmware version after September 2022.

All the vulnerable devices are running end-of-life (EOL) firmware. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have “accept hotfix” turned on.

Attackers commonly hunt for EOL devices and firmware from any technology vendor, so we strongly recommend that organizations upgrade their EOL devices and firmware to the latest versions.”

In January 2023, researchers from cyber security firm VulnCheck scanned internet-facing Sophos Firewalls and found more than 4,000 firewalls that were too old to receive a hotfix.

Below is the list of remediation included in the advisory:

  • Ensure you are running a supported version
  • Hotfixes for the following versions published on September 21, 2022:
    • v19.0 GA, MR1, and MR1-1
    • v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
  • Hotfixes for the following versions published on September 23, 2022:
    • v18.0 MR3, MR4, MR5, and MR6
    • v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
    • v17.0 MR10
  • Hotfixes for the following versions published on December 6, 2023:
    • v19.0 GA, MR1, and MR1-1
  • Hotfixes for the following versions published on December 8, 2023:
    • v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
  • Hotfixes for the following versions published on December 11, 2023:
    • v17.0 MR10
  • Fix included in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), v19.5 GA and above
  • Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections, and this fix

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, command injection)