A vulnerability has been detected by a security researcher on the Sophos Cyberoam firewall device that has reported the necessary patches.
This flaw could potentially be exploited by a hacker to access the internal network of a company without the need for a password. Such a flaw has also been previously identified on private virtual networks owned by a few vendors such as Palo Alto Networks, Pulse Secure, and Fortinet.
- Apple Safari browser will no longer accept new HTTPS Certificates with a validity period of more than 398 days
- The Shadow Brokers using Pakistani Cyber Security Software
- 5 WAYS to stand out in an Interview Job in the field of Information Security
- IT Specialist Copied Russian Railway Employees Data and Post It on Internet
- New York Police Department (NYPD) Networks Get Infected with Ransomware
Big companies like Uber and Twitter are among the victims of attacks from this type of loophole, forcing Homeland Security to issue warning notices. The researcher believes that a hacker could exploit this vulnerability by using an IP address of a device. For that, it is enough for him to go on search engines like Shodan.
Sophos said it made corrections on September 30 on 99% of devices on display. The rest could not be processed because users turned off the automatic update feature. She also said patches will be available on her CyberoamOS operating system in the coming days.
The Cyberoam device is used by large companies. It serves primarily as a gateway to facilitate network access to users in a secure manner. It also has a virtual private network, or VPN, which allows employees to connect from another place than the local business.