Over the weekend eacs received the following notification from Sophos;
"Sophos received a report on April 22, 2020, regarding a suspicious field value visible in the XG Firewall management interface. The incident was determined to be a SQL injection attack against physical and virtual XG Firewall units."
Sophos has supplied us with a hotfix that prevents this intrusion and eacs has remediated all managed services customers where necessary. eacs will be contacting other non-managed customers who may have been affected today and together with Sophos, we will continue to closely monitor the situation and will provide further updates as appropriate.