Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Categories
Security Alerts

Security Alert: Sophos Firewall Vulnerability

WorkSmart is aware of the recently discovered security vulnerability affecting Sophos firewall. ManagedShield Firewalls provided as part of clients’ service plans have the patch installed and require no further action to mitigate this vulnerability.

We are continuing to work with clients that own their own firewall to ensure they’re protected.

What happened?

On March 25th, a critical security vulnerability, or flaw, was found in certain versions of Sophos firewalls.

The flaw, if exploited, allows a remote attacker to gain access to the firewall’s user portal or Webadmin interface.  That access would give attackers control over the firewall.

What are the next steps?

Sophos quickly released hotfixes. If automatic installation of hotfixes is enabled, the patch reached firewalls automatically. Some older versions and end-of-life products need to be manually verified to ensure that they have been patched.

We also recommend restricting external access to the firewall’s user portal and Webadmin. It is best practice to require logging into the firewall from inside the network; for remote access and management, you can use a VPN to connect.

In their security advisory, Sophos also recommended that organizations have the “Allow automatic installation of hotfixes’” feature enabled. 

The Importance of Updating Software

Keeping your systems regularly updated is critical in defending against known cyber threats. This applies not only to computers and servers but all devices and software within your environment. Vendors fix vulnerabilities through software updates, so keeping your systems updated can help to stop cyber-attackers in their tracks as they look for vulnerabilities.

Contact us today if you have any concerns about your firewall, or if you’d like to discuss how to proactively manage security updates. We’re here to help.


Related Content:

11 Tips for Protecting Your Small Business from Cyber Attacks

Sophos Security Advisory