Select Page
SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products. An initial post on the company’s knowledgebase pages on Friday claimed that the NetExtender VPN client model 10.x and the SMB-focused SMA 100 series were at risk.

However, an update over the weekend clarified that impacted models were confined to its Secure Mobile Access (SMA) version 10.x offering running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

These provide client employees with secure remote access to internal resources — capabilities in high demand during the pandemic. As such, there is an apparent advantage to attackers in finding bugs to exploit in such tools.

“We believe it is extraordinarily important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly state-of-the-art threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There is no more information for now on what the attackers were after and how they carried out the intrusion. However, SonicWall also clarified that its firewall products, SonicWave APs and SMA 1000 Series product line are unaffected.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have decided that this use case is not susceptible to exploitation,” it added. “We advise SMA 100 collection administrators to create specific access rules or disable Virtual Office and HTTPS administrative get entry to from the internet while we continue to investigate the vulnerability.”

Since the begin of the COVID-19 crisis, security and infrastructure providers have come under increasing scrutiny as attackers look for holes in products which could provide them with large-scale access to customer environments.

Back in April last year, it emerged that sophisticated ransomware groups were exploiting flaws in VPN products to assault hospitals, while in October, the US warned that APT groups were chaining VPN exploits with the Zero logon flaw to target public and private sector organizations.

Products from Fortinet (CVE-2018-13379), MobileIron (CVE-2020-15505), Juniper (CVE-2020-1631), Pulse Secure (CVE-2019-11510), Citrix NetScaler (CVE-2019-19781) and Palo Alto Networks (CVE-2020-2021) were all highlighted as at risk.

A Million Compromised Accounts Discovered at Top Gaming Firms

A Million Compromised Accounts Discovered at Top Gaming Firms

Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials in December 2020, and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm KELA. It detects and analyzes intelligence from a curated set of Darknet sources, providing clients with fully targeted intelligence decided to investigate the top 25 publicly listed companies in the sector based on revenue.

Kela found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020. After scouring dark web marketplaces, it discovered a thriving market in-network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

Intellfence Podcast

Intellfence Podcast

New Episodes!

The Intellfence Security Podcast

The Security note is an information security related podcast that brings you the latest news and information on all aspect of information security.

I

About Security Notes Podcast

Cras luctus ornare est, sed pharetra mauris vestibulum in. In nulla sem. Consectetur et tristique non, pulvinar pretium ante. Cras aliquam risus ullamcorper odio interdum facilisis. Vestibulum vitae augue tempor, commodo sapien ut, condimentum. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Cras luctus ornare est, sed pharetra mauris vestibulum in.

Stay Connected to Get The Latest Podcast Alerts

Meet The Hosts

Amanda Doe

Amanda Doe

Cameron James

Cameron James

Ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum ornare nunc ut elit maximus convallis. Pellentesque rhoncus placerat nisi non lobortis. Etiam efficitur bibendum consequat. In porta mauris ac lacus sollicitudin, vel sagittis nisl sodales. Proin vitae blandit urna, ac sodales orci. Ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum ornare nunc ut elit maximus convallis. Pellentesque rhoncus placerat nisi n

Get In Touch

Pellentesque rhoncus placerat nisi non lobortis. Etiam efficitur bibendum consequat. In porta mauris ac lacus sollicitudin, vel sagittis nisl sodales. Proin vitae blandit urna.

workshops

workshops

Our Security Workshops and Events

Join us in one of our Events.

The Understanding Zero Trust Security

Zero Trust is a security concept based on the idea that organizations must verify anything before it can be part of the network communication.  So, the strategy around Zero Trust boils down to – don’t trust anyone. This workshop teaches participant to understand what Zero Security is and how to implement it.

Security Workshop: SDLC Threat Modelling

In this workshop our expert will take you through the basic questions involved in Threat Modeling. You will learn about the main ideas behind threat modelling and how to bring security and software development together in the SDLC and to collaborate on a shared understanding and development of the system.

Security Workshop: Practical Guide To Cloud Security And Migration

In this workshop our cloud security expert will be taking you through the building blocks of Cloud security. Where do you start? What to be bewared of, and what you need do right to have a successful secure cloud migration for your organization.

Understanding Data Loss Prevention (DLP)

Data Loss is one of the biggest security challenges faced by companies today. This pose significant risks to the organization. This one day program focuses on how organisation can use DLP systems to leverage security to protect their data in use and in transi.

CyberSecurity Friday COMING SOON

The Cybersecurity Friday is a weekly information security event that features top security professional who are willing to share their knowledge with the security community. It is an opportunity to learn from experience speakers from various areas within the cybersecurity arena.

SDLC Threat Modelling

SDLC Threat Modelling

Security Workshop:
Threat Modeling In Software Development Life Cycle (SDLC)

 

Join us in our Threat Modeling workshop and learn how to manage security risk during system development.

Online Workshop (2 CPE)

About The Threat Modeling In SDLC Workshops

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

The purpose of threat modeling is to provide systematic analysis of what controls or defences need to be included to defend a giving system against potential attack, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

WHO SHOULD ATTEND

  • CISO’s
  • Security Risk Managers
  • Security Engineers
  • Information Security Managers.
  • Information Security Directors.
  • All other security professionals who want to be kept up to date.

 

The Content

In this workshop our expert will take you through the process of Threat modeling and teach you to answer questions involved in the process such as

“Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.

In this workshop we will learn the following:

  • The main idea behind threat modeling and how to build security by default and by design into system development.
  • How to use threat modeling to ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
  • Integrating threat modeling into software development methodology such as waterfall, Agile and DevOps
  • Learn about threat modeling Methodologies such as STRIDE, Pasta, Trike, CAST, etc.
  • Threat modeling stages and examples.
  • Able to identify threats and compliance requirements during SDLC and evaluate their risks.
  • Learn to balance risks, controls, and usability.
  • Define and build the required controls.
  • Identify where building a control is unnecessary, based on acceptable risk.
  • Document threats and mitigation.
  • Identification of security test cases / security test scenarios to test the security requirements