March 31, 2022 at 05:56PM

■■■■■ Sophos’ CVE-2022-1040 Zero-Day was used by state sponsored threat actor in the wild says Sophos.

The exploit can be triggered remotely via crafter HTTP-POST request at authentication page of the firewall.

Workarounds exist. Best one is to take the Sophos consoles offline from www (host internally).

● The exploit was used by apparently Russia and China based Ragnarok ransomeware group to push their malware.