Hundreds of Sophos Firewall servers remain vulnerable to two publicly identified critical security vulnerabilities, lasting over 10 months since they were first discovered.
The two vulnerabilities, Taipan and Whitewizard, were first publicly identified in December 2019, but despite being patched, thousands of Sophos Firewall devices remain vulnerable and open to attack.
Taipan is a remote code execution vulnerability that allows an attacker to execute malicious code on an affected system with full root privileges. This could enable an attacker to gain complete control over a vulnerable system, enabling them to access sensitive corporate and personal information.
Whitewizard is a privilege escalation vulnerability that allows an attacker to execute malicious code with administrator privileges. This could enable an attacker to gain access to sensitive systems and data.
While Sophos was quick to address the flaws and patch affected systems, a patch should be the first step to ensuring the security of a system and not the last.
Organisations need to stay vigilant and take regular cybersecurity audits to make sure all their systems are up to date with the latest patches and security measures.
In addition to patching, organisations should exercise multi-layered security measures such as two-factor authentication, encryption, and data loss prevention solutions to protect against cyber attacks.
Meanwhile, the security community is actively scanning for vulnerable Sophos devices and hounding the vendor for its delayed response.
It is imperative for organisations to take swift action to protect their systems and data to stay ahead of potential cyber attacks and prevent compromised information from causing any financial or reputational damage.
