Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

December 11, 2024 at 05:52PM The US government has charged Chinese national Guan Tianfeng for allegedly hacking 81,000 Sophos firewall devices in 2020 using a severe zero-day vulnerability (CVE-2020-12271). An arrest warrant has been issued, and a $10 million reward is offered for information about him and his operations in China. ### Meeting Takeaways: 1. … Read more

US Charges, Sanctions Chinese Man Accused of Sophos Firewall Hacking

December 11, 2024 at 05:49AM The US government has charged Chinese national Guan Tianfeng for his involvement in hacker attacks on Sophos firewalls, compromising around 81,000 devices globally. The attacks exploited zero-day vulnerabilities and were linked to Sichuan Silence Information Technology. Sanctions against Guan and the company were also announced, with rewards offered for information. … Read more

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

December 11, 2024 at 01:36AM The U.S. government charged Chinese national Guan Tianfeng for hacking thousands of Sophos firewalls in 2020, exploiting a severe zero-day vulnerability. He allegedly conspired to access and exfiltrate data, targeting critical U.S. infrastructure. Sanctions were imposed against his company, Sichuan Silence, linked to Chinese intelligence agencies. ### Meeting Takeaways from … Read more

NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices

November 1, 2024 at 10:45AM The NCSC reported a stealthy backdoor, dubbed ‘Pygmy Goat,’ discovered on compromised Sophos XG firewall devices. This malware is designed to operate on a wider variety of Linux-based devices, raising security concerns regarding its potential impact on broader systems. **Meeting Notes Takeaways:** 1. **Discovery of a Backdoor**: A stealthy network … Read more

Sophos backports RCE fix after attacks on unsupported firewalls

December 12, 2023 at 12:36PM Sophos issued a backported security update for CVE-2022-3236 for end-of-life firewall firmware versions due to active exploitation by hackers. The flaw allows remote code execution in the User Portal and Webadmin. Despite automatic updates, over 4,000 devices remained vulnerable. Sophos advised updating to specific versions or using workarounds to mitigate … Read more