WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers

Spread the love
The letters WTF in a giant speech bubble.

Enlarge (credit: Getty Images)

Security vendor WatchGuard quietly fixed a critical vulnerability in a line of its firewall devices and didn’t explicitly disclose the flaw until Wednesday, following revelations hackers from Russia’s military apparatus exploited it en masse to assemble a massive botnet.

Law enforcement agencies in the US and UK on February 23 warned that members of Sandworm—among the Russian government’s most aggressive and elite hacker groups—were infecting WatchGuard firewalls with malware that made the firewalls part of a vast botnet. On the same day, WatchGuard released a software tool and instructions for identifying and locking down infected devices. Among the instructions was ensuring appliances were running the latest version of the company’s Fireware OS.

Putting customers at unnecessary risk

In court documents unsealed on Wednesday, an FBI agent wrote that the WatchGuard firewalls hacked by Sandworm were “vulnerable to an exploit that allows unauthorized remote access to the management panels of those devices.” It wasn’t until after the court document was public that WatchGuard published this FAQ, which for the first time made reference to CVE-2022-23176, a vulnerability with a severity rating of 8.8 out of a possible 10.

Read 9 remaining paragraphs | Comments

4 thoughts on “WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers

  1. I don’t even know the way I ended up here, however I thought
    this post was great. I do not understand who you might be however certainly you’re going to a famous blogger should you aren’t already.
    Cheers!ux of click here to see

  2. Howdy would you mind letting me know which webhost you’re
    utilizing? I’ve loaded your blog in 3 completely different browsers and I must say this blog loads a
    lot faster then most. Can you suggest a good hosting provider at
    a reasonable price? Thanks a lot, I appreciate it!

  3. I’m impressed, I must say. Rarely do I come across a blog
    that’s both educative and engaging, and without a doubt, you have hit the nail on the head.
    The problem is an issue that not enough men and women are speaking intelligently
    about. I am very happy that I came across this during my hunt for something
    concerning this.

  4. Pretty great post. I simply stumbled upon your blog and wanted to mention that I’ve truly
    loved browsing your blog posts. After all I will
    be subscribing for your feed and I am hoping you write again soon!

Leave a Reply

Your email address will not be published. Required fields are marked *