OpenSSL man-in-the-middle vulnerability – Network Gateway product patch information

On June 5th, 2014 a vulnerability (CVE-2014-0224) was found in OpenSSL that impacts our network security products. Fortunately, as of the publication of this article, there are no known in-the-wild attacks. Of course, as you’ve come to expect from Sophos, we’ve wasted no time in getting to work on patches to fix this vulnerability.

The vulnerability exists in OpenSSL and can allow an attacker using a man-in-the-middle attack to decrypt and modify traffic between a vulnerable client and server. Both client and server must be vulnerable for this exploit to work. OpenSSL versions 1.0.1 and 1.0.2-beta are affected.

Continue reading

Email encryption that makes compliance easy

secure-email-gateway-transparent-encryptionEmail is a common source of data loss. With governments across the globe increasing the penalties for breaches, encryption is the best way to secure data sent by email and comply with data security regulations.

Like everything else we do at Sophos, we’ve made protecting your email simple.

Sophos UTM Email Protection and our Sophos Email Appliances include our cutting-edge SPX technology that simplifies encryption without slowing down your business.

Continue reading