Security firm Sophos has asked that its customers install version of the Web Protection Appliance immediately. At the end of February, staff at security firm SEC Consult discovered vulnerabilities in the product’s web-based user interface. Sophos has closed the security holes in the latest version. The vulnerabilities allow attackers to harvest sensitive data such as passwords and session cookies and provide access to private certificate keys.<more>

Leave a Reply

Your email address will not be published. Required fields are marked *