2024 Sees Sharp Increase in Microsoft Tool Exploits
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023
Sophos provides cybersecurity software and appliances, whose vulnerabilities, advisories, and deployments can affect network defense and endpoint security.
Search across headline titles and summaries.
Background for this topic.
Sophos is a cybersecurity vendor whose products include endpoint and server protection, network firewalls, email security, cloud-based administration, and managed detection services. The tag generally covers vulnerabilities and security advisories affecting these products, as well as their detection capabilities, updates, integrations, and operational use.
Security concerns vary by deployment. Internet-facing Sophos Firewall appliances and management interfaces are high-value targets: an unpatched vulnerability or exposed administrative service can enable unauthorized access to the appliance or connected networks. Administrators should monitor Sophos advisories, apply firmware and software updates promptly, restrict management access, and use strong authentication. Sophos Central and endpoint agents also hold broad administrative authority and collect security telemetry, so compromised accounts, unsafe exclusions, faulty policy changes, or disabled agents can reduce detection and containment. During an investigation, preserve relevant endpoint and firewall logs and verify that alert forwarding and response integrations are functioning rather than assuming protection is active.
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020
Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls…
Tianfeng Guan Allegedly Developed Zero-Day Exploit of Sophos XG FirewallThe U.S. federal government rolled out its heavy guns Tuesday against a Chinese hacker allegedly at the center of a zero-day exploit used to hack firewalls made by Sophos, unsealing an indictment, rolling out sanctions and offering $10 million for information leading to the suspect's arrest.