Google Chrome Zero-Day Attack
Google Chrome experienced a zero-day attack (a zero-day attack is when a threat actor exploits a vulnerability before software developers are aware and can find a fix). The attack was reported to Google by an anonymous security researcher, and Google acknowledges that it is actively exploited in the wild. Google released its updated version of Chrome, 99.0.4844.84, which is rolling out worldwide.
Users and organizations should update their instances of Google Chrome as soon as possible to 99.0.4844.84 for Windows, Mac and Linux to mitigate against CVE-2022-1096.
Individual users can check their version and update Google Chrome by going to Options (three dots in the upper right-hand corner) -> Settings -> About Chrome. If there is an update available, it will download it and prompt you to restart your Chrome.
Sophos recently disclosed a critically-rated vulnerability impacting Sophos firewall version 18.5 MR3 (18.5.3) and earlier. This vulnerability allows for remote code execution (RCE), which is when a malicious actor remotely accesses the Firewall’s user portal or Webadmin interface to bypass authentication and execute arbitrary code.
Organizations using Sophos firewalls should review the security advisory released, which contains hotfix versions for supported and unsupported end-of-life devices.
Review and configure your device using Sophos’ device access best practices guide.
If previously disabled, consider enabling “Allow automatic installation of hotfixes” to apply patches automatically when they’re released.