SonicWall’s Michele Campbell, Dawn Ringstaff Named to CRN’s 2018 Women of the Channel List

/0 Comments/in /by

CRN, a brand of The Channel Company, has named two SonicWall employees, Michele Campbell and Dawn Ringstaff, to its prestigious 2018 Women of the Channel list, which recognizes top women in business for their vision, experience and influence in driving channel success.

In addition to being named to the Women of the Channel list, Campbell has the additional honor of also being recognized as a 2018 Woman of the Channel Power 100 honoree. The Power 100 belong to an exclusive group drawn from this larger list: women leaders whose vision and influence are key drivers of their company’s success and help move the entire IT channel forward.

“This accomplished group of leaders is steadily guiding the IT channel into a prosperous new era of services-led business models and deep, strategic partnerships,” said Bob Skelley, CEO of The Channel Company. “CRN’s 2018 Women of the Channel list honors executives who are driving channel progress doing will have lasting impact for years to come.”

Michele Campbell
Sr. Director, Global Channel Programs & Education Services, SonicWall

Campbell has been honored with the CRN Women of The Channel award three times over the course of her career, which includes 25 years of in-depth experience in the channel. In her role leading global channel programs and partner enablement at SonicWall, she led the charge in developing the SecureFirst Partner Program, which has had a significant impact on SonicWall in the past year with over 21,000 registered partners, 8,000 of those partners are new to SonicWall.

Campbell also introduced new partner enablement initiatives into the program, including SonicWall University to address the cybersecurity skills gap and train partners on insights gleaned by the SonicWall Capture Labs researchers, and new global marketing programs and incentives to help the SonicWall channel deliver cyber security solutions and services to small- and medium-sized businesses (SMBs).

Dawn Ringstaff
Regional Sales Director, SonicWall

Leveraging her 20 years of experience working in the channel, Ringstaff leads the team that is responsible for North American partner enablement, partner profitability and overall sales growth at SonicWall. During her decade at SonicWall, she has forged deep relationships with SonicWall’s North American partners, and was recognized internally at SonicWall as last year’s top-performing director on the channel and sales team in North America. As a seasoned channel sales leader, Ringstaff has mentored countless channel sales teams and at SonicWall she has been instrumental in helping many inside sales representatives transition to highly successful field territory channel managers.

The 2018 Women of the Channel list will be featured in the June issue of CRN Magazine and online at https://www.crn.com/wotc.

In addition to CRN naming Campbell and Ringstaff to the Women of the Channel list, CRN has included SonicWall and its executives on a number of additional prestigious lists since SonicWall became an independent cybersecurity company. In the past six months, SonicWall has been recognized with the following:

General Data Protection Regulation (GDPR): Background, Context & FAQs

/0 Comments/in /by

On May 25, the General Data Protection Regulation (GDPR) will officially go into effect in the European Union (EU). As you may have noticed, many organizations have been notifying end-users — regardless of their location — of updates to their terms of service (TOS) and privacy policies.

For the sake of simplicity, many companies are looking for vendors that help them align their privacy policies to adhere to compliance requirements worldwide versus having separate and distinct rules for every region. If GDPR remains the benchmark for data privacy, GDPR may become a welcome standard. However, if governing bodies decide to issue different data privacy laws for their own constituents, more confusion could be introduced across geographic customer bases.

To help further educate and build awareness, please reference these answers to the most popular questions about GDPR.

What is the GDPR?

The GDPR is legislation enacted by the EU to protect all EU citizens from privacy and data breaches. The GDPR applies to companies and organizations located in the EU, as well as to companies outside the EU that collect, use, transmit or store personal data of EU citizens, regardless of where the activities take place. At a high level, GDPR:

  • Takes effect on May 25, 2018
  • Applies generally to organizations located in the EU, as well as those outside the EU that handle the personal data of EU citizens
  • Applies specifically to data controllers and data processers; with a controller being a company that determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller
  • Is designed to protect the personal data of EU citizens, which is defined as any information about an identifiable person
  • Requires organizations to give individuals access to and control over their data, and to take reasonable measures to protect it

Why was the GDPR drafted?

GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. By making data protection law identical throughout member states, the EU believes this will collectively save companies €2.3 billion annually.

When will the GDPR apply?

GDPR will be effective in all EU member states on May 25, 2018. Until it becomes effective, the 1995 Data Protection Directive (Directive 95/46/EC) and other country-specific law will continue to apply. Countries outside the EU may have their own data privacy laws and organizations are obligated to comply with these laws as well.

Who does the GDPR apply to?

If you are an organization located within the EU or an organization located outside of the EU and collect, use, transmit or store personal data, monitor the behavior of EU data subjects, GDPR applies to your processing and holding the personal data, regardless of your company’s location.

What are the key differences between the GDPR and the prior data privacy directive in the EU?

Although the key principles of data privacy still hold true to the previous directive, here is a high-level summary of the enhancements and other changes:

Increased Territorial Scope (extra-territorial applicability)

GDPR will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behavior that takes place within the EU.

Enhanced Penalties

Under GDPR, organizations in breach of GDPR can be fined up to 4 percent of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements (e.g., not having sufficient customer consent to process data or violating the core of Privacy by Design concepts).

There is a tiered approach to fines (e.g., a company can be fined 2 percent for not having their records in order (Article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment). It is important to note that these rules apply to both controllers and processors — meaning cloud environments will not be exempt from GDPR enforcement.

Robust Consent Requirements

The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.

Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.

Breach Notification

Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

Right to Access

Data subjects have the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Right to be Forgotten (data erasure)

A data subject has the right (subject to certain exceptions) to have the data controller erase his/her personal data, cease further dissemination of the data and potentially have third parties halt processing of the data.

Data Portability

Under GDPR, a data subject has the right to receive the personal data concerning them, which they have previously provided in a ‘commonly used and machine-readable format’ and have the right to transmit that data to another controller.

Privacy by Design

Privacy by design, as a concept, has existed for years, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems.

More specifically, companies need to implement appropriate technical and organizational measures to effectively meet the requirements of GDPR and protect the rights of data subjects. Controllers must hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.

Data Protection Officers (DPO)

A DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale (e.g., Facebook, Google, etc.) or of special categories of data or data relating to criminal convictions and offences.

What counts as personal data under the GDPR?

The GDPR applies to ‘personal data,’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people. Personal data that has been pseudonymized (e.g., key-coded) can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

When can people access the data stored about them?

People can ask for access at “reasonable intervals,” and generally a response is required within one month. The GDPR requires transparency in how data is collected, what is done with it and how it is processed.

What is the “right to be forgotten”?

Individuals have the right to have their personal data deleted under certain circumstances. This is known as the ‘right to be forgotten.’ An individual has the right to have to request that his/her personal data be erased, to cease further dissemination of the data and potentially have third parties halt processing of the data.

When does the “right to be forgotten” apply?

The points below are subject to legal interpretation, but as outlined by the ICO, the “right to be forgotten” generally applies when:

  • The personal data is no longer necessary for the purpose which you originally collected or processed it for
  • You are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent
  • You are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing
  • You are processing the personal data for direct marketing purposes and the individual objects to that processing
  • You have processed the personal data unlawfully (i.e., in breach of the lawfulness requirement of the first principle)
  • You have to do it to comply with a legal obligation

What if they want to move their data elsewhere?

Under the GDPR, individuals have the right to obtain, reuse, move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

What are the data security requirements under the GDPR?

The GDPR requires personal data be processed to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage. It requires use of appropriate technical or organizational measures, which in many instances require the use of network security.

What if a data breach occurs?

If a data breach were to occur, it is the responsibility of the data controller and/or processor to inform the relevant data protection authority of certain data breaches within 72 hours of becoming aware of it.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, the data processor and/or controller must also inform those individuals without undue delay.

What about Brexit?

The United Kingdom (UK) is leaving the EU. But because the UK government only triggered Article 50 in March 2017, which sets in motion the act of leaving the EU within a two-year timeframe (though it could take longer), this means the GDPR will take effect before the legal consequences of Brexit. Organizations located in the UK must still comply and the GDPR applies to natural individuals who are citizens of the UK.

A new Data Protection Bill, put forward by the UK government in August 2017, essentially replicates the requirements of the GDPR into UK legislation, meaning those compliant with the GDPR should be compliant with the new UK data protection law.

By aligning with GDPR, the UK hopes to build an enhanced data protection mechanism that goes beyond the adequacy model the EU imposes on ‘third’ countries, allowing personal data to flow freely between the UK and EU.

Is the GDPR solvable with technology alone?

No. The GDPR requires a comprehensive approach to data privacy that includes sound policies, procedures, training and technology.

Isn’t GDPR just hype?

No. It is reality and by all indications this new EU regulation will be monitored and enforced by EU regulators. It must be taken especially seriously in light of recent revelations regarding the collection and use of personal data by various types of organizations.

Once GDPR is enforced, a flurry of breaches may be announced that will raise the profile of GDPR. Organizations will be under pressure to respond by getting the proper infrastructure in place. Fines for noncompliance could reach up to €20 million ($24 million USD) or 4 percent of annual global turnover.

SonicWall and the GDPR

SonicWall is working hard to ensure compliance with GDPR requirements. SonicWall takes information security seriously and has implemented policies and procedures for safeguarding personal data that is stored, processed and/or transferred by SonicWall.

These policies and procedures include, without limitation, physical and logical access restrictions, data classification, access rights, credentialing programs, record retention, data privacy, information security and the treatment of personal data and sensitive personal data throughout its lifecycle.

To learn more about how GDPR applies to SonicWall products and services, please read “How SonicWall Adheres to GDPR Requirements” and review the official SonicWall Privacy Statement.

How SonicWall Adheres to GDPR Requirements

/0 Comments/in /by

On May 25, the General Data Protection Regulation (GDPR) will officially go into effect. Like with any major legal reform, questions arise about timing, application, ramifications and more. With the GDPR mandate’s focus on privacy and related data, questions have increased tenfold.

SonicWall is working hard to ensure compliance with GDPR requirements. SonicWall takes information security seriously and has implemented policies and procedures for safeguarding personal data that is stored, processed and/or transferred by SonicWall.

These policies and procedures include, without limitation, physical and logical access restrictions, data classification, access rights, credentialing programs, record retention, data privacy, information security and the treatment of personal data and sensitive personal data throughout its lifecycle.

To help clarify how SonicWall products and services are impacted by GDPR policies, please review the following.

What is the GDPR?

The GDPR is legislation enacted by the European Union (EU) to protect all EU citizens from privacy and data breaches. The GDPR applies to companies and organizations located in the EU, as well as to companies outside the EU that collect, use, transmit or store personal data of EU citizens, regardless of where the activities take place. At a high level, GDPR:

  • Takes effect on May 25, 2018
  • Applies generally to organizations located in the EU, as well as those outside the EU that handle the personal data of EU citizens
  • Applies specifically to data controllers and data processers; with a controller being a company that determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller
  • Is designed to protect the personal data of EU citizens, which is defined as any information about an identifiable person
  • Requires organizations to give individuals access to and control over their data, and to take reasonable measures to protect it

Does the GDPR apply to SonicWall products?

Yes, but only to a very limited extent. SonicWall products help customers enable security in their networks (and to thus better comply with the GDPR), but SonicWall generally does not have access to, nor does it collect or use, the personal data of individuals.

The GDPR, therefore, does not apply to SonicWall products in most cases. Our customers’ use of our products by itself does not subject SonicWall to GDPR.

However, if SonicWall hosts a solution that is sold to a customer and the hosted solution allows a customer to access or use personal data in that hosted environment, then SonicWall may be subject to certain aspects of the GDPR. In those cases, SonicWall must ensure that adequate security is in place to protect that hosted environment.

In summary:

  • SonicWall typically does not collect, store or transmit the personal data of natural individuals in the EU
  • The GDPR does not apply to SonicWall firewall hardware appliances without a subscription to the SonicWall Capture Advanced Threat Protection sandbox service
  • GDPR may apply to the SonicWall Capture Cloud Platform to the extent it enables end-user designated personnel to access their network data in an environment hosted by SonicWall
  • Where GDPR applies, it requires SonicWall to have adequate network security for its hosted environment
  • SonicWall expects to be compliant with the GDPR by May 25, 2018, to the extent it applies to the company’s range of security solutions and services
  • SonicWall is undertaking a comprehensive third-party audit to confirm the compliance of its products and solutions

GDPR and SonicWall hosted solutions

Presently, SonicWall directly maintains a majority of the systems used for our hosted solutions versus outsourcing this activity to a third party.

In the limited circumstances that SonicWall leverages third-party services, SonicWall works to ensure that it and its third-party provider have the appropriate safeguards in place to protect personal data as required by GDPR. SonicWall uses a number of technological and operational approaches in its physical security program to mitigate security risks to the extent reasonably practicable.

Our team is working to determine that appropriate measures are in place to prevent unauthorized persons from gaining access to systems within which data is processed and continually monitor any changes to the physical infrastructure, business and known threats.

We are also considering best practice measures used by others in the industry while balancing its approach toward security by considering elements of control that include architecture, operations and systems.

SonicWall customers are given the opportunity to choose the location of their primary data center where their information will be hosted. However, limited data may be transferred to other SonicWall locations for the purpose of providing services to our customers.

Can SonicWall help companies become GDPR-compliant?

SonicWall acts as a provider of network security and content-based security solutions, and security of data is a key aspect in achieving data privacy principles.

We assist companies to secure their data in a smarter way. In the wake of burgeoning legislation and increased hacker intelligence, it is vital for organizations to encrypt their traffic and files, whether these are stored online or offline.

Using high-performance Deep Packet Inspection, SonicWall can spot malware and other nefarious traffic and behavior from among encrypted files, further safeguarding an organization.

SonicWall provides industry-leading machine learning technology to detect and block zero-day malware. We address advanced cyber threats, “malware cocktails” and related ransomware no matter if they are encrypted or clear, in email, on the web or in file exchange, regardless of the device in use. Our expertise in automated breach prevention means we don’t just spot malware, we prevent attacks from becoming successful.

To learn more about how GDPR applies to SonicWall products and services, please review the official SonicWall Privacy Statement.

Cyber Security News & Trends – 05-11-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Cybersecurity Sourcebook 2018 Looks at Evolving Data Threat Landscape Database Trends & Applications

  • This article explains the serious need to safeguard data using key SonicWall threat data. Specifically, they’ve included stats sharing that cyberattacks are becoming the number-one risk to businesses, brands, operations, and financials, and that there were 9.32 billion malware attacks in total in 2017, representing an 18.4% increase over 2016.

FBI Calls Attention to ‘BEC’ Scams CRN

  • In an article detailing the rise of BEC scams by the FBI, SonicWall President and CEO Bill Conner is quoted for his insight on the issue noting that technology such as DPI SSL can help as a preventative to potential breaches.

New Product Awards The American Business Awards

  • In this rundown of award winners, SonicWall is named Silver Winner in the category New Product or Service of the Year for its Capture Advanced Threat Protection Sandbox Service.

Cyber Security News

Phishing Threats Move to Mobile Devices Dark Reading

  • Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data. Users are 18 times more likely to be exposed to a phishing attack than to malware.

FCC Says ‘Net Neutrality’ Rules Will End on June 11 Reuters

  • The FCC in December repealed the Obama-era “net neutrality” rules, allowing internet providers to block or slow websites as long as they disclose the practice. The FCC said the new rules will take effect 30 days from Friday.

Android Security: Malicious Apps Sneak Back Into Google Play After Tweaks ZDNet

  • Symantec researchers have discovered malware in Google Play, the official Android app marketplace, after it had previously been removed.

FBI Says Internet Crimes Caused Reported Losses of $1.42 Billion in 2017 The Washington Times

  • The FBI’s Internet Crime Complaint Center (IC3) received 301,580 complaints last year from individuals reporting a combined total of roughly $1.42 billion in related losses, according to the office’s 2017 Internet Crime Report.

Publicly Disclosed Breaches Down Drastically in Q1 2018 Dark Reading

  • Risk Based Security is reporting a significant drop in publicly disclosed breaches. Q1 2018 has been the quietest first quarter since 2012.

In Case You Missed It

Upcoming Webinars & Events

May 30
Webinar
11 a.m. PDT
Identify and Stop Malware in the Quickest and Most Accurate Way Possible
> Register Now

June 4
Webinar
1 a.m. PDT
Technical Deep Dive – Securing Office 365 with SonicWall Email Security
> Register Now

Microsoft Security Bulletin Coverage for May 2018

/in /by

Sonicwall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-0765 .NET and .NET Core Denial Of Service Vulnerability
There are no known exploits in the wild.

CVE-2018-0824 Microsoft COM for Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-0854 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-0905 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-0943 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-0945 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-0946 Scripting Engine Memory Corruption Vulnerability
IPS :13323 Scripting Engine Memory Corruption Vulnerability (MAY 18)

CVE-2018-0951 Scripting Engine Memory Corruption Vulnerability
IPS :13324 Scripting Engine Memory Corruption Vulnerability (MAY 18) 2

CVE-2018-0953 Scripting Engine Memory Corruption Vulnerability
IPS :13325 Scripting Engine Memory Corruption Vulnerability (MAY 18) 3

CVE-2018-0954 Scripting Engine Memory Corruption Vulnerability
IPS :13326 Scripting Engine Memory Corruption Vulnerability (MAY 18) 4

CVE-2018-0955 Scripting Engine Memory Corruption Vulnerability
IPS :13327 Scripting Engine Memory Corruption Vulnerability (MAY 18) 5

CVE-2018-0958 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-0959 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-0961 Hyper-V vSMB Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-1021 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-1022 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-1025 Microsoft Browser Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-1039 .NET Framework Device Guard Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8112 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8114 Scripting Engine Memory Corruption Vulnerability
IPS :13328 Scripting Engine Memory Corruption Vulnerability (MAY 18) 6

CVE-2018-8115 Windows Host Compute Service Shim Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-8119 Azure IoT SDK Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2018-8120 Win32k Elevation of Privilege Vulnerability
ASPY :5145 Malformed-File exe.MP.35

CVE-2018-8122 Scripting Engine Memory Corruption Vulnerability
IPS :13329 Scripting Engine Memory Corruption Vulnerability (MAY 18) 7

CVE-2018-8123 Microsoft Edge Memory Corruption Vulnerability
ASPY: 5049 Malformed-File html.MP.71

CVE-2018-8124 Win32k Elevation of Privilege Vulnerability
ASPY: 5145 Malformed-File exe.MP.35

CVE-2018-8126 Internet Explorer Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8127 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-8128 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8129 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8130 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8132 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8133 Chakra Scripting Engine Memory Corruption Vulnerability
ASPY: 5135 Malformed-File html.MP.76

CVE-2018-8134 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8136 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-8137 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8139 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8141 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-8145 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8147 Microsoft Excel Remote Code Execution Vulnerability
ASPY: 5137 Malformed-File xls.MP.61

CVE-2018-8148 Microsoft Excel Remote Code Execution Vulnerability
ASPY: 5138 Malformed-File xls.MP.62

CVE-2018-8149 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8150 Microsoft Outlook Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2018-8151 Microsoft Exchange Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8152 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8153 Microsoft Exchange Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2018-8154 Microsoft Exchange Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8155 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8156 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8157 Microsoft Office Remote Code Execution Vulnerability
ASPY: 5140 Malformed-File xls.MP.63

CVE-2018-8158 Microsoft Office Remote Code Execution Vulnerability
ASPY: 5141 Malformed-File rtf.MP.23

CVE-2018-8159 Microsoft Exchange Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8160 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-8161 Microsoft Office Remote Code Execution Vulnerability
IPS: 13331 Microsoft Office Remote Code Execution (MAY 18) 1

CVE-2018-8162 Microsoft Excel Remote Code Execution Vulnerability
ASPY: 5138 Malformed-File xls.MP.63

CVE-2018-8163 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2018-8164 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8165 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8166 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8167 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8168 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8170 Windows Image Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2018-8173 Microsoft InfoPath Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2018-8174 Windows VBScript Engine Remote Code Execution Vulnerability
IPS: 13321 Windows VBScript Engine Remote Code Execution Vulnerability (MAY 18)

CVE-2018-8177 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8178 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2018-8179 Microsoft Edge Memory Corruption Vulnerability
IPS: 13322 Microsoft Edge Memory Corruption Vulnerability (MAY 18)

CVE-2018-8897 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.

Adobe Flash (APSB18-16) Coverage :

CVE-2018-4944 Type Confusion Vulnerability

ASPY: 5143 Malformed-File swf.MP.588

Following is the coverage for Adobe Acrobat Reader Bulletin APSB18-16
CVE-2018-4946 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4947 Heap Overflow vulnerability
ASPY 1648 : Malformed-File pdf.MP.305
CVE-2018-4948 Heap Overflow vulnerability
ASPY 1647 : Malformed-File emf.MP.56
CVE-2018-4949 Out-of-bounds read vulnerability
ASPY 1649 : Malformed-File emf.MP.57
CVE-2018-4950 Out-of-bounds write vulnerability
There are no known exploits in the wild
CVE-2018-4951 Out-of-bounds read vulnerability
ASPY 1654 : Malformed-File emf.MP.58
CVE-2018-4952 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4953 Type Confusion vulnerability
There are no known exploits in the wild
CVE-2018-4954 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4955 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4956 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4957 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4958 Use After Free vulnerability
ASPY 5131 : Malformed-File pdf.MP.307
CVE-2018-4959 Use After Free vulnerability
ASPY 5142 : Malformed-File pdf.MP.308
CVE-2018-4960 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4961 Use After Free vulnerability
ASPY 5146 : Malformed-File pdf.MP.309
CVE-2018-4962 Out-of-bounds read vulnerability
ASPY 5147 : Malformed-File pdf.MP.310
CVE-2018-4963 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4964 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4965 Buffer Errors vulnerability
There are no known exploits in the wild
CVE-2018-4966 Heap Overflow vulnerability
There are no known exploits in the wild
CVE-2018-4967 Out-of-bounds write vulnerability
There are no known exploits in the wild
CVE-2018-4968 Heap Overflow vulnerability
ASPY 5152 : Malformed-File emf.MP.62
CVE-2018-4969 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4970 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4971 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4972 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4973 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4974 Use After Free vulnerability
ASPY 5151 : Malformed-File pdf.MP.313
CVE-2018-4975 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4976 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4977 Use After Free vulnerability
ASPY 5151 : Malformed-File pdf.MP.313
CVE-2018-4978 Heap Overflow vulnerability
ASPY 5150 : Malformed-File emf.MP.61
CVE-2018-4979 Security bypass vulnerability
There are no known exploits in the wild
CVE-2018-4980 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4981 Out-of-bounds read vulnerability
ASPY 1649 : Malformed-File emf.MP.57
CVE-2018-4982 Heap Overflow vulnerability
ASPY 5150 : Malformed-File emf.MP.59
CVE-2018-4983 Use After Free vulnerability
ASPY 5149 : Malformed-File pdf.MP.312
CVE-2018-4984 Heap Overflow vulnerability
There are no known exploits in the wild
CVE-2018-4985 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4986 Out-of-bounds read vulnerability
There are no known exploits in the wild
CVE-2018-4987 Untrusted pointer dereference vulnerability
ASPY 5148 : Malformed-File pdf.MP.311
CVE-2018-4988 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4989 Use After Free vulnerability
There are no known exploits in the wild
CVE-2018-4990 Double Free vulnerability
There are no known exploits in the wild
CVE-2018-4993 Data leakage (sensitive) vulnerability
ASPY 1650 : Malformed-File pdf.MP.306

Roaming Mantis attacks Android devices in Asia, likely behind OTP codes (May 8, 2018)

/in /by

Sonicwall Capture Labs Threats Research Team observed another rampant Android threat that is targeted mainly towards Asian countries. This malware campaign – coined Roaming Mantis – began spreading via hijacked router DNS settings.

Hijacked DNS settings of a router belonging to a particular domain allows attackers to point the users visiting the legitimate domain to malicious websites, these websites can then push malicious payloads onto the visitor’s devices via pop-ups. The user typically trusts these pop-up’s as they appear to originate from a legitimate website. This technique was used to push malicious Android apps to victims and thereby spread further. We analyzed few such malicious apps belonging to the Roaming Mantis campaign in this blog.

Infection Cycle

Once the app is opened it opens a dex file named db in one of its folders – /assets:

Then it Base64 decodes the contents of this file and saves it locally as test.dex in one of the app folders named “a”:

Later it loads this file using DexClassLoader. Apart from the above activity, the original classes.dex file that is loaded as part of the app requests for device administrative privileges:

From the set of samples we analyzed, each sample contacted one of the two domains listed below:

  • my.tv.sohu.com
  • baidu.com

We saw limited network activity during our analysis thereby limiting the activity shown by the malware. Regardless there are a number of malicious components present in the code (specifically in the decoded test.dex) that showcase the capabilities of this threat:

Browser redirect

Once the test.dex file is decoded and loaded, the malware overlays the screen with an error message that is likely chosen from the code below:

Then the malware shows a spoofed Google authentication page on a webserver started on the device at a random port. This screen shows the users account (obtained as described below) and requests for name and date of birth.The malware accesses accounts present on the device and presents that on the spoofed page in an effort to make it look authentic:

The above image shows the malware access accounts present on the device – Google and Twitter in our case – and use it to its advantage.

Values verification code/OTP code

Close inspection of one of the error message in the above point shows how this app gives importance to verification codes. The complete error message is stored as parts, interesting ones are as below:

  • Account No.exists risks, use after certification
  • Find the new version, please use after updating
  • Would you like to grant this permission to ” + b + ‘?’, “After opening the permissions, \”” + b + “\” will be able to access the web page more quickly , and enhance the phone’s Internet experience
    구글 계정이 이상이 있습니다.음성검증을 들어 인증번호를 입력하여 구글 계정을 검증하도록합니다. 아니면 정상사용에 영향을 끼칠 것입니다. – Translation – I have an anomaly on my Google account. For voice verification, enter your verification number to verify your Google account. Or it will affect normal use
  • 인증번호 – Translation – Verification Number
  • 인증번호를 입력하세요 – Translation – Please enter your verification number

Monitor apps

The malware monitors presence of certain hardcoded apps on the device, these include:

  • Banking apps – com.wooribank.pib.smart, com.kbstar.kbbank, com.ibk.neobanking, com.sc.danb.scbankapp, com.shinhan.sbanking
  • MMORPG games – com.ncsoft.lineagem, com.nexon.axe, com.nexon.nxplay
  • OTP apps – kr.co.neople.neopleotp, com.atsolution.android.uotp2

As highlighted above this malware keeps an eye on OTP apps.

Dangerous permissions requested

This malware requests for a number of dangerous permissions during installation, few of them stand out as they can be correlated with stealing verification codes/OTP:

  • Send sms
  • Read sms
  • Receive mms
  • Receive sms
  • Record audio

Network communication

As mentioned in an earlier point, the malware has one hard-coded domain name (out of the two for this campaign). For each hard-coded domain it contains specific user accounts, for instance for baidu.com the following user accounts are present (separated by a “|”):

  • haoxingfu88
  • haoxingfu12389
  • wokaixin158998

The only network communication we saw during our analysis was GET requests from the malware to a specific user profile on baidu:

Hidden code

The malware contains an interesting piece of code as shown below:

Correlating this with the user accounts present in the code reveals the mystery of the code above. The malware extracts specific data from the web page using the code above as a search pattern :

The data present on the web page after the search pattern is – 傀傸傸偠傠傠傠偘傀傠偘傰傸傈僨傀僨僸傸傀

Upon correlating the characters one by one with a Unicode chart we obtained the following:

  • 80B8B860A0A0A05880A058B0B888E880E8F8B880

We did not see further network activity during our analysis, as a result we could not ascertain what happens once this code is extracted or the significance of this code.

Communication via SMTP

The malware contains code which indicates it can communicate with the attacker via smtp protocol. The below code shows how it can send an email with “new information” about the infected device:

Root check

The malware contains code where it check if the device is rooted. We did not see any specific actions that might be taken if the device is rooted/unrooted:

Targeted attack

A lot of things in the code point towards the fact that this malware might be targeted towards users in Asia, Korea in particular:

  • Korean language is present at a number of places in the code
  • A number of bankings apps targeted are from Asia – Woori Bank, Shinhan Bank
  • MMORPG games and OTP apps are Asian as well – AxE, Neople OTP
  • Both the domains my.tv.sohu and baidu are registered from Beijing and display content which is regional in nature

Hard-coded commands

The malware appears to contain a number of hard-coded commands:

Overall this malware campaign appears to be targeted towards Asian countries. Apart from its capability to harvest sensitive information from the infected device, it is particularly interested in OTP verification codes. The current set of samples target Banking and Gaming apps for their OTP codes but this can change to other types of apps as well.

Sonicwall Capture Labs provides protection against this threat with the following signatures:

  • AndroidOS.Banker.MNT
  • AndroidOS.Banker.DX

Following are apps that were targeted in the samples we analyzed:

  • com.wooribank.pib.smart
  • com.kbstar.kbbank
  • com.ibk.neobanking
  • com.sc.danb.scbankapp
  • com.shinhan.sbanking
  • com.hanabank.ebk.channel.android.hananbank
  • nh.smart
  • com.epost.psf.sdsi
  • com.kftc.kjbsmb
  • com.smg.spbs
  • com.webzen.muorigin.google
  • com.ncsoft.lineagem19
  • com.ncsoft.lineagem
  • kr.co.neople.neopleotp
  • kr.co.happymoney.android.happymoney
  • com.nexon.axe
  • com.nexon.nxplay
  • com.atsolution.android.uotp2

Following are MD5’s of few samples that we analyzed for this threat:

  • 03108e7f426416b0eaca9132f082d568
  • 1cc88a79424091121a83d58b6886ea7a
  • 2a1da7e17edaefc0468dbf25a0f60390
  • 31e61e52d38f19cf3958df2239fba1a7
  • 34efc3ebf51a6511c0d12cce7592db73
  • 4d9a7e425f8c8b02d598ef0a0a776a58
  • 808b186ddfa5e62ee882d5bdb94cc6e2
  • 904b4d615c05952bcf58f35acadee5c1
  • a21322b2416fce17a1877542d16929d5
  • 1bd7815bece1b54b7728b8dd16f1d3a9
  • 307d2780185ba2b8c5ad4c9256407504

What is MU-MIMO wireless technology?

/0 Comments/in /by

Did you know that wireless technology dates back to the 19th century? Through the years, great inventors like Michael Faraday, Thomas Edison and Nicola Tesla helped mold the concepts and theories behind electromagnetic radio frequency (RF).

It wasn’t until 1997, however, that the first 802.11 technology was introduced, which is known as the 802.11 legacy standard today. Since then, each new standard either introduced new technology or significantly improved over an older one.

The same holds true for 802.11ac technology. 802.11ac Wave 1 offered a significant enhancement over its predecessor, 802.11n. 802.11ac Wave 1 provided higher channel bandwidth and a new modulation scheme, significantly increasing the max data rates.

The Wave 2 wireless standard

Technology is always replaced and improved upon. Here, 802.11ac Wave 1 technology was replaced by today’s 802.11ac Wave 2 technology. With technologies like the Multi-User Multiple Input Multiple Output (MU-MIMO), increased channel width and more spatial streams (SS) than ever before to make Wave 2 technology a game-changer. Even though the theoretical maximum data rate as per the Wave 2 standard is 6.9 Gbps (8SS AP), the theoretical maximum with a 4SS access point (AP) is 3.5 Gbps.

Specs802.11n802.11ac Wave 1802.11ac Wave 2
Frequency band2.4 GHz and 5 GHz5 GHz5 GHz
MIMO supportSU-MIMOSU-MIMOMU-MIMO
Max channel width40 MHz80 MHz160 MHz
Max Spatial streams448
Modulation64-QAM256-QAM256-QAM
Beamformingimplicit and explicitexplicitexplicit
Backward compatibility11a/b/g11a/b/g/n11a/b/g/n
Max data rates600 Mbps1.7 Gbps6.9 Gbps

Compare the evolution of wireless capabilities from 802.11n to today’s Wave 2 standard.

What is MU-MIMO and how is it different from SU-MIMO?

MU-MIMO is a Wave 2 technology. With Single User Multiple Input Multiple Output (SU-MIMO), the AP is able to talk to only one client at a time. However, with MU-MIMO technology the AP can now transmit up to four devices at a time in the downstream direction.

Talking to more devices in a single transmission decreases airtime, increases efficiency and delivers a better user experience. For MU-MIMO to work, both the AP and the client must support the technology. Since the 11ac Wave 2 technology is backwards-compatible, if the Wave 2 AP has to transmit to a Wave 1 device it will fall back to the Wave 1 technology and use SU-MIMO to transmit.

MU-MIMO improves wireless speed, performance

Faster data transmission with MU-MIMO improves efficiency and ensures more airtime for all clients.  802.11ac Wave 2 enhancements lead to faster data rates, providing higher throughputs, better performance and user experience.

With a 4SS AP, operating on 160MHz channel, sending data to a 3SS client device, the maximum data rate that can be achieved is 2.6 Gbps. However, this is the maximum theoretical data rate. For reference, the latest Apple MacBook Pro is a 3SS 802.11ac Wave 1 device. The MacBook Air is a 2SS 802.11ac Wave 1 device and the Galaxy S3 is a 1SS 802.11ac Wave 1 device.

Overall, MU-MIMO increases network capacity and throughput. This allows the wireless network to meet the rising demand for data-hungry applications. Since the wireless access point can talk to multiple devices at the same time, the number of devices in the queue decreases, resulting in reduced wait time and latency. Increase in the overall network capacity and reduced latency benefits not just the Wave 1 and Wave 2 devices, but also the legacy clients. More than one client is needed to take advantage of MU-MIMO.

Specs1SS2SS3SS4SS
4SS, 80MHz43386713001733
4SS, 160MHz867173326003466

Wave 2 access point data rates in Mbps with different client types.

What happens during MU-MIMO transmission?

A MU-MIMO-capable AP sends a sounding signal to the client devices in the network. Each of the clients sends back a Channel State Information (CSI) based on the information it receives from the sounding signal. The AP calculates the phase and signal strength based on the CSI it receives from each client and selects the MU-MIMO-capable devices that can be grouped in one transmission.

Does MU-MIMO rely on any external factors?

Yes, MU-MIMO relies heavily on multipath and beamforming. Multipath is the process of two or more signals reaching the client at the same time or within nanoseconds of each other. Multipath happens due to RF barriers like walls, metal surfaces and concrete that cause the signals to reflect, refract, etc. Beamforming, however, directs the signal in the direction of the client.

Is it the right time to buy 802.11ac Wave 2 or should I wait for 802.11ax?

According to multiple analyst sources, the Wi-Fi market is not slowing down. For instance, IHS forecasts 11ac Wave 2 technology to increase 12 percent annually for the next three years. There are a number of Wave 2-capable devices in the market today and this will increase in the near future.

Should you wait for 802.11ax? The answer is simple: no. You are looking at a couple of years for the full-fledged adoption of 11ax products. The standard in itself is expected to be ratified in late 2019 after which it needs to pass interoperability testing by Wi-Fi Alliance.

Once manufacturers release 11ax-capable APs that are certified by the Wi-Fi Alliance, mainstream adoption will occur, which is expected to be around 2020. At the same time, 11ax-capable client devices are required to reap the full benefits of the 11ax network. For the next couple of years, 11ac Wave 2 technology will remain the next-gen wireless connectivity standard.

Where can I buy Wave 2 wireless access points?

SonicWall SonicWave Wave 2 access points (432i/432e/432o 802.11ac) provide all the benefits of Wave 2 technology. You can expect superior performance and reliability with these access points. MU-MIMO technology enables SonicWave 400 series access points to transmit up to four devices at the same time.

To implement best practices in wireless networking and wireless security, download our complimentary technical brief, “SonicWall Wireless Network Security.” Learn how SonicWall wireless network security solutions can alleviate performance and security concerns, enabling you to extend your business network without jeopardizing its integrity.

Password stealer sends data to a remote FTP server

/in /by

The SonicWall Capture Labs Threat Research Team has observed a Trojan dropping an FTP client. This is specially crafted to connect to a hardcoded remote FTP server to send stolen stored password information from a victim’s machine. It also drops a multitude of scripts which are executed in succession to perform the infection.

Infection Cycle:

The Trojan purports to be a PDF file using the following icon:

Figure 1: Icon used by the Trojan

Upon execution this Trojan opens an empty jpg file using a photo editor which then throws an error as shown in the figure below:

Figure 2: Microsoft Photo editor error when opening an empty image file

It creates a subdirectory named”AadobeRead” within the  “Adobe”  folder in the %APPDATA% directory. It then drops the following files:

  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\adbr01.exe  [detected as GAV: Stealer.PASS (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\adbr02.exe [detected as GAV: Stealer.PASS (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\870.afr (ftp commands and credentials)
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\sun.afr (ftp commands and credentials)
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\abb1.bat [detected as GAV: Adob.BAT (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\hvv02.bat [detected as GAV: Adob.BAT_4 (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\hvv03.bat [detected as GAV: Adob.BAT_3 (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\Adob9.vbs [detected as GAV: Adob.VBS_4 (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\istart.vbs  [detected as GAV: Adob.VBS_4 (Trojan)]
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\BReader.exe (a non-malicious sleep module)
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\245.jpg  (this is the empty JPG file)
  • %APPDATA%\Adobe\Adobe Inc\AdobeRead\Adobeta.exe [detected as GAV: Fake.FTP (Trojan)]

The vbscript named istart.vbs is what starts the entire process. It runs the batch file named “hvv02.bat” which copies the files into the %APPDATA% directory as outlined above.

Figure 3: istart.vbs file stealthily runs hvv02.bat

Figure 4: hvv02.bat creates a copy of the rest of its malicious components

Hvv02.bat then runs another vbscript named “Adob9.vbs” which in turn runs hvv03.bat. This last batch file is responsible for running the rest of the executable files used to steal all stored password information and save them into a file. Its own FTP client named “Adobeta.exe” is used to connect to a remote server to send out all the information gathered.

Figure 5: Adob9.vbs which runs another batch file

Figure 6: hvv03.bat has all the commands to save and send all stolen data.

To ensure persistence within the system this Trojan adds a run key in the registry which runs a batch file to start the entire process all over.

  • “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /V “32455cent” /t REG_SZ /F /D “%appdata%\Adobe\Adobe Inc\AdobeRead\abb1.bat”

Figure 7: abb1.bat runs Adob9.vbs

The files 870.afr and sun.afr contain the commands and credentials used to connect to the remote FTP server.

Figure 8: 870.afr and sun.afr

Below are the connections made to a remote server:

Figure 9: First connection made

Figure 10: Second connection made using different credentials

The report files “Email Password Recovery Report” and ” Browser Password Recovery Report” along with the victim machine’s IP Configuration are saved within the same APPDATA directory following the naming convention as set by the hvv03.bat file.

Figure 11: Sample Password recovery report

SonicWALL Capture Labs provide protection against this threat with the following signature:

  • GAV: Stealer.PASS (Trojan)
  • GAV: Adob.BAT (Trojan)
  • GAV: Adob.BAT_3 (Trojan)
  • GAV: Adob.BAT_4 (Trojan)
  • GAV: Fake.FTP (Trojan)

Joomla! User Notes SQL Injection

/in /by

Joomla! is a free and open source content management system (CMS) used for building websites and for publishing web content. It is estimated to be the second most used content management system on the Internet after WordPress.

An SQL injection vulnerability exists in the Joomla! com_users component due to insufficient input validation of the filter “category_id”. This component can be invoked by accessing the following URI.
 
/administrator/index.php?option=com_users&view=notes
 
The method getListQuery() in the com_users component gets called to create an SQL SELECT query to list all the user notes for the value passed in the HTTP request. One such key is category_id and the value of category_id gets used in the SQL query without proper validation. So a malicious user can craft a HTTP request with a value of category_id that modifies the constructed SQL query to perform operations that the programmer did not originally intend. Successful exploit can lead to sensitive information disclosure, tamper with existing data or execute administration operations on the database.
 
 
 
An example of the crafted HTTP request to the vulnerable server  is given below:
 
POST /joomla/administrator/index.php?option=com_users&view=notes HTTP/1.1\r\n
Text data: filter%5Bcategory_id%5D=7+AND+ascii(substring((SELECT+concat(1,password,0x2F)+ from+#__users+limit+0,1), 2,1))>31&
 
This can be mitigated by upgrading to the latest non-vulnerable version of the software.
 
SonicWALL Threat Research Team have the following signatures to protect their customers.
IPS 13316: Joomla! User Notes SQL Injection
WAF 1001: Blind SQL Injection Attack Variant 5
WAF 9002: Blind SQL Injection Attack Variant 1
WAF 9004: Blind SQL Injection Attack Variant 3
WAF 9006: SQL Injection Attack 2
WAF 9045: SQL Injection Attack 11

Cyber Security News & Trends – 05-04-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

FBI Calls Attention to ‘BEC’ Scams  CRN

  • In an article detailing the rise of BEC scams by the FBI, SonicWall President and CEO Bill Conner is quoted for his insight on the issue noting that technology such as DPI SSL can help as a preventative to potential breaches.

A Bitcoin Podcaster Brilliantly Trolled His Own Hacker  The Verge

  • A podcaster’s web domain was hacked and held for ransom via remote hackers. Ransomware data from SonicWall’s 2018 Cyber Threat Report was cited.

Bringing Visibility to the Midmarket  Data Breach Today

  • In a video interview with ISMG’s Data Breach Today, SonicWall’s Bill Conner shares his vision to ensure smaller and mid-sized businesses have a clear view of the threat landscape taking aim at their companies. In the video he expands on the SME visibility challenge, SonicWall’s solutions to improve alerts and analytics and how SonicWall is addressing customer cloud security concerns.

Jonesboro Council Tackles Cybersafety  The Clayton News Daily

  • Due to the recent Atlanta data breach, other cities are taking the initiative to bolster their preventative cybersecurity measures such as Georgia’s Jonesboro City Council who recommend SonicWall’s TZ300 Firewall solution to protect the city’s financial data.

Cyber Security News

North Korea’s Antivirus Software Whitelisted Mystery Malware The Register

  • North Korea’s very own antivirus software has been revealed to be based on a 10-year-old application made by Trend Micro, but with added nasties.

Commonwealth Bank Lost Data on Nearly 20M Customers  ZDNet

  • The Commonwealth Bank of Australia (CBA) is unsure of where data on millions of customers has gone, after it was revealed that magnetic tapes comprising information used to print account statements may not have been properly disposed of.

Breaches Drive Consumer Stress Over Cybersecurity  Dark Reading

  • As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.

This Password-Stealing Malware Uses Facebook Messenger to Spread Further  ZDNet

  • A form of malware which uses fake Facebook Messenger messages to spread has suddenly surged back into life and has developed new tricks to steal passwords, steal cryptocurrency and engage in cryptojacking.

House Appropriations Panel Should Step Up Cyber Oversight, Member Urges  Nextgov

  • Dutch Ruppersberger, D-Md., sent out a report Monday outlining key areas the panel should focus on, including the threat of adversary nations stealing U.S. government hacking tools, cyber threats against industrial control systems that manage chemical and gas plants and ways to surge information sharing about cyber threats within industry sectors.

In Case You Missed It

Upcoming Webinars & Events

May 8
Webinar
11 a.m. PDT
Under the Hood: How to Responsibly Decrypt & Inspect Encrypted Traffic
> Register Now