Andrew Brandt

It's amazing to me.

It's now 2020.

You know, we now have the team up and running.

I've got a couple of people working with me.

We're publishing a few blogs a week.

And I find out from internal people within the company that there's a security incident.

And the security incident started with a tech support call

where someone sent an email to their support technician and said, hey, my firewall is showing this URL in the user interface, and I didn't put it there, and I don't know why it's there.

So the Sophos has a firewall called the XG firewall.

At this point, it was just called the XG firewall.

And the firewall has its own operating system.

It's running a version of Linux in it.

It has a UI that's running on the front of it so that you can manage it.

This is not good at all.

And they found that essentially every firewall that was facing the public internet was affected by this bug.

they pushed out a hotfix to these firewalls.

A hotfix is like a little software patch that can run in real time.

They can live update all the firewalls remotely with these hotfixes.

It doesn't require the firewall to reboot to be enabled.

And they felt like they had analyzed the attack and figured out exactly how the threat actors were leveraging their access.