חֲדָשׁוֹת

Hackers tried 2 methods of exploiting vulnerabilities in Sophos

Hackers tried 2 methods of exploiting a zero-day vulnerability in Sophos’ XG firewall, but Sophos says it made a temporary fix that mitigated the risks.

Attackers originally attempted to plant a Trojan in networks by exploiting the zero-day vulnerability, but then switched to ransomware.

The XG firewalls that received a hotfix were able to block the attacks, including the ransomware, which the company identified as Ragnarok.

This crypto-locking malware was first noticed in January, when security firm FireEye published a report on it, noting that its operators were trying to take advantage of flaws in Citrix’s ADC and Gateway servers at the time.

Sophos detected the first wave of these attacks in April when the hackers were attempting to take advantage of a zero-day SQL injection vulnerability in the XG firewall products.

CVE-2020-12271, allowed the attackers to target the firewall’s built-in PostgreSQL database server, then allowing the hackers to inject a single line of Linux code into databases that would enable them to plant malware within vulnerable networks.

The attackers attempted to plant a Trojan called Asnarök, which enables threat actors to steal user names and hashed passwords.

When Sophos analysts began to notice the attacks unfolding they rushed out a temporary fix to its customers.

The hackers then attempted to switch tactics.

During the initial attacks in April, the hackers left behind what Sophos calls a “backup channel” and other malicious files that would allow the attackers to re-enter a network if they had been detected and blocked.

When Sophos blocked the first firewall attack with a hotfix, the hackers attempted to leverage the EternalBlue vulnerability in older versions of Microsoft Windows and the DoublePulsar backdoor malware to re-enter networks and plant the Ragnarok ransomware.

The hotfix prevented the hackers from executing this newer attack because it disabled the malicious files.

Source: https://www.instagram.com/p/CAiSyUZAP6J/

הסויאש

זו סויאש מהודו. חובב אבטחת סייבר, יוטיובר, בלוגר, פרילנסר ופנטסטר. בדרך כלל הוא כותב מאמרים כדי לחלוק את הידע שלו עם העולם.

Recent Posts

אפליקציות ותוכנות מובילות למוזיקאים מתחילים

עם עלייתן של מגמות טכנולוגיות רבות, כל התעשיות קוטפות את הפירות. Different technologies

12 months ago

חלק עליון 9 טיפים לשמירה על בטיחותך בעת משחקים מקוונים

משחק מקוון הוא הרגיל האחרון בעולם הדיגיטלי המהיר של היום. The internet now offers

1 year ago

יתרונות וחסרונות של קבלת הרחבת מס עבור עסק הפינטק שלך

עונת המס: התקופה בשנה שאנשים ועסקים רבים חוששים. The weight of ensuring

1 year ago

חלק עליון 5 Games Which Became Most Popular in 2023 – Detailed Review!

As we enter in the final months of 2023, we can talk more clearly about

1 year ago

האם אגדת מיינקראפט תהיה בחינם?

מאז שחרורו ב 2011, Minecraft has become one of the most played video games

1 year ago

האם ניתן לשחק ב-Minecraft Java עם Xbox??

Minecraft פעיל כבר יותר מעשור, and in that time it has

1 year ago

This website uses cookies.