SECOM CO., LTD, a $15B enterprise and one of the largest security integration companies in the world, invests in the two global cloud physical security leaders, accelerating the use of AI and improving safety and security.
Related Posts
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
"An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit ( Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. […] Read More
BleepingComputer
Sophos Firewall Password Disclosure Vulnerability: Patch Now!
Sophos Firewall Password Disclosure Vulnerability: Patch Now!
Sophos, a well-known cybersecurity solutions provider, has promptly resolved a significant security vulnerability discovered in their Firewall system.
The flaw, reported by IT für Caritas eG, affected the Secure PDF eXchange (SPX) feature and could have exposed sensitive data.
The flaw only impacted users who chose the “specified by sender” option for the password type in the SPX feature.
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Password Disclosure Vulnerability
The password disclosure vulnerability (CVE-2023-5552) allowed an attacker to access the password of the encrypted PDF file generated by the SPX feature.
This could have compromised the confidentiality and integrity of the data contained in the PDF file. IT für Caritas eG, a German IT service provider, discovered and responsibly disclosed the flaw.
Users who have enabled the default setting of “Allow automatic installation of hotfixes” on their Sophos Firewall are unaffected by this issue.
Temporary Solution
Users concerned about this flaw can apply a temporary solution by changing the “Password type” option in their SPX template to “Generated and stored for the recipient.”
This will prevent the password from being disclosed to an attacker.
Permanent Solution
Users who want to resolve this flaw completely should make sure they are running a supported version of Sophos Firewall.
Sophos has released hotfixes for several versions, including:
v19.5 MR3 (19.5.3) and older
v19.5 MR3 and MR2 (Hotfixes released on October 12, 2023)
v20.0 EAP1, v19.5 MR1-1, MR1, and GA (Hotfixes released on October 13, 2023)
v19.0 MR3, MR2, MR1-1, and MR1 (Hotfixes released on October 13, 2023)
Additionally, the fix for this flaw is included in v19.5 MR4 (19.5.4) and v20.0 GA.
Users using older versions of Sophos Firewall are strongly advised to upgrade to the latest version to get the best protection and this important fix.
This incident reminds users of the importance of updating their software and applying patches and hotfixes as soon as possible to maintain a strong cybersecurity posture.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post Sophos Firewall Password Disclosure Vulnerability: Patch Now! appeared first on Cyber Security News.
Cyber Security News