2024-12-27 08:11:13 Pacfic
Sophos Firewall Fixes Critical Remote Execution Flaws - 6d
Sophos has released updates for its Firewall product to address three critical vulnerabilities that could lead to Remote Code Execution (RCE) and privilege escalation. These flaws, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, require immediate patching to prevent potential exploitation. There is currently no evidence that the shortcomings have been exploited in the wild.
US Sanctions Chinese Firm for Firewall Hacks - 8d
The US Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for their involvement in a global firewall compromise in April 2020. This hack exploited a zero-day vulnerability, impacting tens of thousands of firewalls, including those of critical infrastructure companies. Guan Tianfeng has also been indicted by the Department of Justice for developing and deploying malware, leading to a $10 million reward for information on the company or Guan. This coordinated action highlights the ongoing threat posed by Chinese cyber actors.