Posts

Showing posts with the label Sophos Firewall

The Rising Threat of ToolShell: Unpacking the July 2025 SharePoint Zero-Day Exploits

Image
Anatomy of the ToolShell Exploit Chain Beginning around July 7, 2025, adversaries exploited a deserialization flaw in SharePoint’s on-premises service (CVE-2025-53770) to upload a malicious spinstall0.aspx payload, triggering code execution within the w3wp.exe process. A secondary path-traversal flaw (CVE-2025-53771) then enabled privilege escalation and lateral movement across corporate networks . Security researchers at Eye Security and Palo Alto Networks’ Unit 42 observed attackers bypassing identity controls – MFA and SSO – to exfiltrate machine keys, deploy persistent backdoors, and chain ransomware operations within hours of initial compromise . State-Backed Actor Involvement Microsoft attributes the campaign primarily to Storm-2603, assessed with moderate confidence to be China-based, alongside historically linked groups Linen Typhoon and Violet Typhoon . These actors have a track record of blending cyber-espionage with financially motivated ransomware like Warlock and Lo...
Post a Comment
Read more

Critical Sophos Firewall Vulnerabilities: Lessons and Actions

Image
In today’s hyper-connected digital ecosystem, where the Internet of Things (IoT) powers enterprises and critical infrastructure, network security has become paramount. At the forefront of securing networks for countless businesses is Sophos Firewall , a trusted product renowned for robust protection and advanced capabilities. However, even the most reliable defenses can have vulnerabilities. This was starkly demonstrated by the discovery of three critical vulnerabilities: CVE-2024-12727 , CVE-2024-12728 , and CVE-2024-12729 . These vulnerabilities highlight the persistent threats in our digital landscape and the importance of vigilance. Exploiting these flaws could enable attackers to perform remote code execution (RCE) , gain unauthorized SSH access , and manipulate SQL injection vulnerabilities to compromise networks. Sophos’s swift response—rolling out hotfixes, firmware updates, and mitigation guidelines—is commendable. However, organizations must act decisively to ...
Post a Comment
Read more