Attackers exploit 0-day code-execution flaw in the Sophos firewall

[ad_1] Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the security firm said on Sunday. The well-researched and developed attack exploited a SQL injection flaw in fully patched versions of the Sophos XG Firewall.…