OpenSSL man-in-the-middle vulnerability – Network Gateway product patch information

On June 5th, 2014 a vulnerability (CVE-2014-0224) was found in OpenSSL that impacts our network security products. Fortunately, as of the publication of this article, there are no known in-the-wild attacks. Of course, as you’ve come to expect from Sophos, we’ve wasted no time in getting to work on patches to fix this vulnerability.

The vulnerability exists in OpenSSL and can allow an attacker using a man-in-the-middle attack to decrypt and modify traffic between a vulnerable client and server. Both client and server must be vulnerable for this exploit to work. OpenSSL versions 1.0.1 and 1.0.2-beta are affected.

Continue reading

UTM Up2Date 9.2 Released

I am pleased to inform you that after a extended beta-period and also many thousand of customers already working with the soft-release version, today we have released Sophos UTM 9.2 to our Up2Date servers.

This major update to our UTM line introduces exciting new features like Advanced Threat protection, a new and intuitive Web Policy Management, Two-Factor-Authentication to name only a few and offers increased performance in throughput and reporting. Read on for download information, release notes, and all the details…

Continue reading