A vulnerability has been detected by a security researcher on the Sophos Cyberoam firewall device that has reported the necessary patches.
This flaw could potentially be exploited by a hacker to access the internal network of a company without the need for a password. Such a flaw has also been previously identified on private virtual networks owned by a few vendors such as Palo Alto Networks, Pulse Secure, and Fortinet.
- The Shadow Brokers using Pakistani Cyber Security Software
- 5 WAYS to stand out in an Interview Job in the field of Information Security
- IT Specialist Copied Russian Railway Employees Data and Post It on Internet
- New York Police Department (NYPD) Networks Get Infected with Ransomware
- The Number of Cyber Attacks on Windows 7 Increased by More Than 71%
Big companies like Uber and Twitter are among the victims of attacks from this type of loophole, forcing Homeland Security to issue warning notices. The researcher believes that a hacker could exploit this vulnerability by using an IP address of a device. For that, it is enough for him to go on search engines like Shodan.
Sophos said it made corrections on September 30 on 99% of devices on display. The rest could not be processed because users turned off the automatic update feature. She also said patches will be available on her CyberoamOS operating system in the coming days.
The Cyberoam device is used by large companies. It serves primarily as a gateway to facilitate network access to users in a secure manner. It also has a virtual private network, or VPN, which allows employees to connect from another place than the local business.