Sophos XG Firewall Exploited By Zero-Day Bug, Patch Released
A previously unknown SQL injection vulnerability in the Sophos XG Firewall gave hackers access to customers’ local usernames and hashed passwords for several days. The Abingdon, U.K.-based platform security vendor said it learned late Wednesday of an attack against its physical and virtual XG Firewall units when a suspicious field value was discovered inside the device’s management interface. The attack…