Last week cyber security company Sophos reported its XG Firewall product had been subject to a Structured Query Language (SQL) injection attack. The company said that customised malware known as ‘Asnarok’ was used to gain access to vulnerable physical and virtual XG Firewall devices – see further information and links on the NCSC website: https://www.ncsc.gov.uk/sophos-vulnerability-statement
Organisations who have signed up to the NCSC-CNR service will have received an alert about this incident. If you are not currently signed up for the CNR service the NCSC will not know whether this incident has had an impact on your organisation. Please could you let them know if you use a Sophos XG Firewall? If you do use a Sophos XG firewall, NCSC recommends that you note the advice around passwords and look to reset passwords related to the firewall as a priority and that administrators reissue certificates to the firewalls. They are happy to provide any further advice if required. Contact Simon.h@ncsc.gov.uk
Further advice and support, including how to sign up for the CNR service, can be found here: https://bfff.co.uk/cyber-security-advice-and-support/