Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

New post for PNC’s former CCOPittsburg Biz Journals (US)

  • SonicWall CMO David Chamberlin is featured for his recent appointment to the company following his position as PNC’s former CCO in Pittsburg, Penn.

Foreshadow Vulnerability (L1TF) Introduces New Risks to Intel Processors  — SonicWall Blog

  • Foreshadow, the latest vulnerability to hit microprocessors, comes from the same family as Spectre. SonicWall customers with Capture Advanced Threat Protection (ATP) sandbox service activated are protected.

Cyber Security News

NIST Small Business Cybersecurity Act Becomes Law – Security Week

  • U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act into law on Tuesday (August 14, 2018). It requires NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”

Foreshadow and Intel SGX software attestation: ‘The whole trust model collapses’ – The Register

  • In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact.

The state of cybersecurity at small organizations – CSO Online

  • A research survey of 400 cybersecurity professionals in small organizations, found that SMBs are being compromised due to human error, ignorance and apathy.

U.S. investor sues AT&T for $224 million over loss of cryptocurrency – Reuters

  • U.S. entrepreneur and cryptocurrency investor Michael Terpin filed a $224 million lawsuit on Wednesday against telecommunications company AT&T, accusing it of fraud and gross negligence in connection with the theft of digital currency tokens from his personal account.

Cryptojacking attacks: One in three organizations say they’ve been hit with mining malware – ZDNet

  • Almost a third of organizations say they’ve been hit by cryptojacking attacks in the last month, as cyber criminals continue their attempts to push malware designed to secretly use processing power to generate cryptocurrency.

Hundreds of Netflix, HBO, DirecTV and Hulu credentials for sale on dark web – SC Magazine

  • Hundreds of stolen Netflix, HBO, DirecTV and Hulu accounts found at an average price of $8.81, less than the cost of a monthly subscription for most of the services which range from $7.99 per month for Hulu’s lowest tier plan to $15 per month for HBO Go.

FBI Warns of Cyber Extortion Scam – Dark Reading

  • Extortion is a very old crime that’s being given new life in the cyber world. A recent public service announcement from the FBI warns computer users to be on the lookout for threats that use stolen information to tailor extortion demands to specific email addresses.

In Case You Missed It

Foreshadow Vulnerability (L1TF) Introduces New Risks to Intel Processors

/0 Comments/in /by

A group of 10 threat researchers have disclosed a trio of new Spectre-based vulnerabilities that affect Intel chipsets. Named Foreshadow, the threats leverage a CPU design feature called speculative execution to defeat security controls used by Intel SGX (Software Guard eXtensions) processors.

“At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache,” the research team published in its 18-page report Aug. 14.

The vulnerabilities are categorized as L1 Terminal Faults (L1TF). Intel published an overview, impact and mitigation guidance, and issued CVEs for each attack:

The research team found that Foreshadow abuses the same processor vulnerability as the Meltdown exploit, in which an attacker can leverage results of unauthorized memory accesses in transient out-of-order instructions before they are rolled back.

Conversely, Foreshadow uses a different attack model. Its goal is to “compromise state-of-the-art intra-address space enclave protection domains that are not covered by recently deployed kernel page table isolation defenses.”

“Once again, relentless researchers are demonstrating that cybercriminals can use the very architecture of processor chips to gain access to sensitive and often highly valued information,” said SonicWall President and CEO Bill Conner. “Like its predecessors Meltdown and Spectre, Foreshadow is attacking processor, memory and cache functions to extract sought after information. Once gained, side-channels can then be used to ‘pick locks’ within highly secured personal computers or even third-party clouds undetected.”

 

Does SonicWall protect customers from Foreshadow?

Yes. If a customer has the Capture Advanced Threat Protection (ATP) sandbox service activated, they are protected from current and future file-based Foreshadow exploits, as well as other chip-based exploits, via SonicWall’s patent-pended Real-Time Deep Memory Inspection (RTDMITM) technology.

“Fortunately, prior to Meltdown and Spectre being made public in January 2018, the SonicWall team was already developing Real-Time Deep Memory Inspection (RTDMITM) technology, which proactively protects customers against these very types of processor-based exploits, as well as PDF and Office exploits never before seen,” said Conner.

RTDMI is capable of detecting Foreshadow because RTDMI detection operates at the CPU instruction level and has full visibility into the code as the attack is taking place. This allows RTDMI to detect specific instruction permutations that lead to an attack.

“The guessed-at branch can cause data to be loaded into the cache, for example (or, conversely, it can push other data out of the cache),” explained Ars Technica technology editor Peter Bright. “These microarchitectural disturbances can be detected and measured — loading data from memory is quicker if it’s already in the cache.”

To be successful, cache timing must be “measured” by the attack or it can’t know what is or is not cached. This required measurement is detected by RTDMI and the attack is mitigated.

In addition, RTDMI can also detect this attack via its “Meltdown-style” exploit detection logic since user-level process will try to access privileged address space during attack execution.

Notice

SonicWall customers with the Capture Advanced Threat Protection (ATP) sandbox service activated are NOT vulnerable to file-based Foreshadow processor exploits.

How does Foreshadow impact my business, data or applications?

According to Intel’s official L1TF guidance, each variety of L1TF could potentially allow unauthorized disclosure of information residing in the SGX enclaves, areas of memory protected by the processor.

While no current real-world exploits are known, it’s imperative that organizations running virtual or cloud infrastructure, as well as those with sensitive workloads, apply microcode updates released by Intel (linked below) immediately. Meanwhile, SonicWall Capture Labs will continue to monitor the malware landscape in case these proofs of concept are weaponized.

“This class of attack is something that will not dissipate,” said Conner. “Instead, attackers will only seek to benefit from the plethora of malware strains available to them that they can formulate like malware cocktails to divert outdated technologies, security standards and tactics. SonicWall will continue to innovate and develop our threat detection and prevention arsenal so our customers can mitigate even the most historical of threats.”

What is speculative execution?

Speculative execution takes place when processors execute specific instructions ahead of time (as an optimization technique) before it is known that these instructions actually need to be executed. In conjunction with various branch-prediction algorithms, speculative execution enables significant improvement in processor performance.

What is L1 Terminal Fault?

Intel refers to a specific flaw that enables this class of speculative execution side-channel vulnerabilities as “L1 Terminal Fault” (L1TF). The flaw lies in permissions checking code terminating too soon when certain parts of the memory are (maliciously) marked in a certain manner.  For more information, please see Intel’s official definition and explanation of the L1TF vulnerability.

Are chips from other vendors at risk?

According to the research team, only Intel chips are affected by Foreshadow at this time.

What is Real-Time Deep Memory Inspection (RTDMI)?

RTDMI technology identifies and mitigates the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Our Capture Labs team has performed malware reverse-engineering and utilized machine learning for more than 20 years,” said Conner. “This research led to the development of RTDMI, which arms organizations to eliminate some of the biggest security challenges of all magnitudes, which now includes Foreshadow, as well as Meltdown and Spectre.”

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

To learn more, download the complimentary RTDMI solution brief.

How do I protect against Foreshadow vulnerability?

Please consult Intel’s official guidance and FAQ. To defend your organization against future processor-based attacks, including Foreshadow, Spectre and Meltdown, deploy a SonicWall next-generation firewall with an active Capture ATP sandbox license.

For small- and medium-sized businesses (SMB), also follow upcoming guidance provided via the new NIST Small Business Cybersecurity Act, which was signed into law on Aug. 14. The new policy “requires the Commerce Department’s National Institute of Standards and Technology to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

NIST also offers a cybersecurity framework to help organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

Stop Memory-Based Attacks with Capture ATP

To mitigate file-based processor vulnerabilities like Meltdown, Spectre and Foreshadow, activate the Capture Advanced Threat Protection service with RTDMI. The multi-engine cloud sandbox proactively detects and blocks unknown mass-market malware and memory-based exploits like Foreshadow.

EXPLORE CAPTURE ATP

July 2018 Cyber Threat Intelligence: Malware, Ransomware Attack Volume Still Climbing

/0 Comments/in /by

Just a month removed from the mid-year update to the 2018 SonicWall Cyber Threat Report, the cyber threat landscape continues its volatile pace.

Analyzing the team’s most recent data, SonicWall Capture Labs threat researchers are recording year-to-date increases for global malware, ransomware, TLS/SSL encrypted attacks and intrusion attempts.

In addition, the SonicWall Capture Advanced Threat Protection sandbox, with Real-Time Deep Memory Inspection (RTDMITM), discovered an average of 1,413 new malware variants per day in July.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through July 2018:

  • 6,904,296,364 malware attacks (88 percent increase from 2017)
  • 2,216,944,063,598 intrusion attempts (59 percent increase)
  • 215,722,623 ransomware attacks (187 percent increase)
  • 1,730,987 encrypted threats (80 percent increase)

In July 2018 alone, the average SonicWall customer faced:

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered by Capture ATP with RTDMI each day

The SonicWall Capture Security Center displays a 70 percent year-over-year increase in ransomware attacks.

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

 

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

GET THE UPDATE

Upgrade Your SonicWall Next-Generation Firewall with ‘3 & Free’ Program

/0 Comments/in /by

Some good things should never end.

One of the most successful promotions in company history, SonicWall’s ‘3 & Free’ incentive is now a permanent component of our Customer Loyalty program.

In an escalated cyber threat landscape, it’s more important than ever to ensure your organization’s networks, data and applications are protected against today’s most malicious cyberattacks, including the most recent Foreshadow processor exploits. In fact, in July 2018 alone, the average SonicWall customer faced:

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered each day by SonicWall Capture Advanced Threat Protection (ATP) sandbox with Real-Time Deep Memory InspectionTM

When you upgrade your SonicWall hardware you gain the latest in next-generation firewall (NGFW) technology and access to the SonicWall Capture Advanced Threat Protection (ATP) service. It’s a cloud-based, multi-engine sandbox that stops both known and unknown cyberattacks from critically impacting your business.

What is the SonicWall ‘3 & Free’ Program?


Once a limited-time promotion, the SonicWall ‘3 & Free’ is now a mainstay offering to loyal SonicWall customers. It’s an easy, cost-effective way for customers to upgrade to the very latest SonicWall next-generation firewall appliance for free.

Eligible customers may receive a complimentary NGFW appliance by purchasing a bundle that includes a three-year subscription of the SonicWall Advanced Gateway Security Suite from their authorized SonicWall SecureFirst partner.

This security suite includes everything you need to stay protected against today’s modern attacks, including ransomware, encrypted threats, zero-day attacks and processor-based exploits. It offers:

  • Capture Advanced Threat Protection (ATP) sandbox
  • Gateway Anti-Virus and Anti-Spyware
  • Intrusion Prevention Service
  • Application Control
  • Content Filtering Service
  • 24×7 Support

SonicWall’s exclusive security subscription service also includes SonicWall Real-Time Deep Memory Inspection (RTDMI). A patent-pending technology, RTDMI™ enables Capture ATP to detect and block malware that does not exhibit any malicious behavior or hides weaponry via encryption. This protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

Upgrade Your SonicWall Firewall

Ready to upgrade? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

BEGIN UPGRADE

Microsoft Security Update August 2018

/in /by

Zero day CVE’s in the wild:

Find below the two zero day CVE’s for which SonicWall has provided protection with the specified signatures

CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability

This is publicly known and being exploited in the wild.  Windows safe file formats have been abused by attackers for running malicious shell commands. Remote code execution can be achieved with minimal to no user interaction.

GAV: 15756 DeepLink.B_3

CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability

A memory corruption vulnerability exists in the Microsoft Windows VBScript engine due to incorrect handling of a dynamic Array variable. A remote attacker can exploit this vulnerability by enticing a user to open a crafted web page using Internet Explorer or a crafted Microsoft Office document.

IPS: 13465 Scripting Engine Memory Corruption Vulnerability (AUG 18) 3

Critical & Important vulnerabilities:

Find below the other critical & important vulnerabilities for which SonicWall has provided protection with the specified signatures:

CVE-2018-8266 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13463 Chakra Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8344 Microsoft Graphics Remote Code Execution Vulnerability
IPS: 13464 Microsoft Graphics Remote Code Execution Vulnerability (AUG 18)
CVE-2018-8345 LNK Remote Code Execution Vulnerability
SPY: 5225 Malformed-File lnk.MP.3
CVE-2018-8353 Scripting Engine Memory Corruption Vulnerability
IPS: 13458 Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8355 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13454 Scripting Engine Memory Corruption Vulnerability (AUG 18) 2
CVE-2018-8371 Internet Explorer Memory Corruption Vulnerability
IPS: 11663 Scripting Engine Memory Corruption Vulnerability 1
CVE-2018-8372 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13454 Scripting Engine Memory Corruption Vulnerability (AUG 18) 1
CVE-2018-8376 Microsoft PowerPoint Remote Code Exectuion Vulnerability
SPY: 5221 Malformed-File pps.MP.2
CVE-2018-8379 Microsoft Excel Remote Code Execution Vulnerability
IPS: 13456 Microsoft Excel Remote Code Execution (AUG 18)
CVE-2018-8383 Microsoft Edge Spoofing Vulnerability
IPS: 13455 Microsoft Edge Spoofing Vulnerability (AUG 18)
CVE-2018-8384 Chakra Scripting Engine Memory Corruption Vulnerability
IPS: 13459 Chakra Scripting Engine Memory Corruption Vulnerability (AUG 18) 3
CVE-2018-8387 Microsoft Edge Memory Corruption Vulnerability
IPS: 13460 Microsoft Edge Memory Corruption Vulnerability (AUG 18)
CVE-2018-8389 Internet Explorer Memory Corruption Vulnerability
IPS: 13461 Internet Explorer Memory Corruption Vulnerability (AUG 18)
CVE-2018-8403 Microsoft Browser Memory Corruption Vulnerability
IPS: 13462 Microsoft Browser Memory Corruption Vulnerability (AUG 18)
CVE-2018-8401 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8401 (Exploit)
CVE-2018-8404 Win32k Elevation of Privilege Vulnerability
GAV: CVE-2018-8404 (Exploit)
CVE-2018-8405 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8405 (Exploit)
CVE-2018-8406 DirectX Graphics Kernel Elevation of Privilege Vulnerability
GAV: CVE-2018-8406 (Exploit)

Find below the additional vulnerabilities that are not active or publicly known. SonicWall may release signatures as vulnerability information becomes available:

CVE-2018-0952 Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8253 Cortana Elevation of Privilege Vulnerability
CVE-2018-8273 Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2018-8302 Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8316 Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8338 Windows DHCP Server Remote Code Execution Vulnerability
CVE-2018-8339 Windows Installer Elevation of Privilege Vulnerability
CVE-2018-8340 ADFS Security Feature Bypass Vulnerability
CVE-2018-8341 Windows Kernel Information Disclosure Vulnerability
CVE-2018-8342 Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8343 Windows NDIS Elevation of Privilege Vulnerability
CVE-2018-8346 LNK Remote Code Execution Vulnerability
CVE-2018-8347 Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8348 Windows Kernel Information Disclosure Vulnerability
CVE-2018-8349 Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-8350 Windows PDF Remote Code Execution Vulnerability
CVE-2018-8351 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8357 Internet Explorer Elevation of Privilege Vulnerability
CVE-2018-8358 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8359 Scripting Engine Information Disclosure Vulnerability
CVE-2018-8360 .NET Framework Information Disclosure Vulnerability
CVE-2018-8370 Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8374 Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8377 Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8378 Microsoft Office Information Disclosure Vulnerability
CVE-2018-8380 Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8381 Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8382 Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8385 Scripting Engine Memory Corruption Vulnerability
CVE-2018-8388 Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8390 Scripting Engine Memory Corruption Vulnerability
CVE-2018-8394 Windows GDI Information Disclosure Vulnerability
CVE-2018-8395 Microsoft Edge Spoofing Vulnerability
CVE-2018-8396 Windows GDI Information Disclosure Vulnerability
CVE-2018-8397 GDI+ Remote Code Execution Vulnerability
CVE-2018-8398 Windows GDI Information Disclosure Vulnerability
CVE-2018-8399 Win32k Elevation of Privilege Vulnerability
CVE-2018-8400 DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8412 Microsoft (MAU) Office Elevation of Privilege Vulnerability

Adobe Flash Security Bulletin APSB18-25

CVE-2018-12824  Out-of-bounds read
SPY: 5219 Malformed-File swf.MP.223
CVE-2018-12825  Security bypass
SPY: 5223 Malformed-File swf.MP.225
CVE-2018-12826  Out-of-bounds read
SPY: 5222 Malformed-File swf.MP.224
CVE-2018-12827  Out-of-bounds read
SPY: 5224 Malformed-File swf.MP.226
CVE-2018-12828 Use of a component with a known vulnerability

Adobe Reader Security Bulletin APSB18-29

CVE-2018-12799 Untrusted pointer dereference
SPY: 5220 malformed-File pdf.MP.319
CVE-2018-12808 Out-of-bounds write

Jenkins CI server at Risk: High risk vulnerability

/in /by

Jenkins is an open source build automation tool written in Java. It is the most widely used tool for Continuous Integration (CI) & Continuous Delivery (CD). It offers hundreds of plugins to support software build development, deployment & test automation process. Jenkins CI server runs on servlet containers such as Apache Tomcat. It supports various version control software such as subversion, Git, CVS, Perforce etc.

A serious policy bypass vulnerability has been reported in Jenkins CI server (CVE-2018-1999001). This is due to insufficient validation of login requests by Jenkins instance. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable Jenkins CI server. Successful exploitation causes Jenkins to revert to default settings granting administrator access to anonymous users

CVE-2018-1999001 : 

Unauthenticated users could provide maliciously crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. This configuration file contains basic configuration of Jenkins, including the selected security realm and authorization strategy. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

Root configuration file: JENKINS_HOME\config.xml

[ This contains basic configuration of the Jenkins instance. ]

User Configuration file: JENKINS_HOME\users\<username>\config.xml

[This contains user information such as the users password and role.]

When an user attempts to login Jenkins web interface, the following HTTP POST request is sent to the Jenkins instance:

Upon receiving the login request, Jenkins instance calls getOrCreate() function. getOrCreate()  checks if the current path to the user’s config.xml file contains any unsanitized directory traversal character. If unsanitized directory traversal character is found, the config.xml file is moved to a different file path in order to fix another vulnerability.

Fig:1 code snippet from User.java in Jenkins

If a user attempts to login with an username “..”, config file path will become JENKINS_HOME\users\..\config.xml  i.e JENKINS_HOME\config.xml.  ‘If’ statement unsanitizedLegacyConfigFile exists & contains bad characters passed. As a result,  Jenkins instance moves the config.xml to a different path JENKINS_HOME/$002e$002e/config.xml. When Jenkins get restarted without config.xml in the home directory, it reverts to default settings allowing administrator access to anonymous users

Patch:
SonicWall has observed attackers leveraging this vector. We strongly recommend all customers to update the Jenkins to version 2.133
Find below the Security advisory from Jenkins:

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897

Sonicwall Threat Research Lab provides protection against this exploit with the following signature:

  • IPS: Jenkins CI Server Authentication Bypass

Fortnite's release on Android is not security-friendly

/in /by

It’s finally here! One of this year’s most successful game Fortnite is finally available for Android devices since August 9th. This has been wished for by many Android gamers but this dream comes with the following caveats:

  • Device exclusivity – For the first 3 days this game can be installed only on Samsung devices.
  • No Play store – This device is not available on the official Google Play store, it has to be downloaded from Samsung Galaxy Apps Store

Issue I: Device Exclusivity
The issue with device exclusivity is that people have come up with ways to install this app on other devices. There are already modified versions of the app that overcome this – [PORT] Fortnite for Android with device check disabled (v5.2.0)

Then there are YouTube videos spreading on this topic:

We have already covered how YouTube videos are being used to propagate Fortnite related scams in one of our previous blog posts.
Issue II: Absence on Play Store
Another issue that may lead to serious implications is the fact that this app is not available on the official Android Playstore. This means users will have to allow “install from unknown sources” feature on their devices which is not safe. This may encourage users to take the dangerous route in the future as well.

Even before this, YouTube video scam has been propagating side-loading Fortnite apps. This move of not including Fortnite on PlayStore further encourages users to follow this route. However Google has taken a positive step by showing a notification that this app is not available on the Play Store to prevent users from installing a different app that may claim to be Fortnite:

We advise our readers to avoid installing Fortnite or any other app from a third party store as it falls outside Google’s protective umbrella. It may be tempting to give this game a try but please avoid doing so until this app is fully supported on the Play Store.

Sonicwall Capture Labs continues to protect users from fake Fortnite apps via the following signatures:

  • AndroidOS.Fortnite.AN
  • AndroidOS.DroidJack.MA_2

Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

DHS Has New Cyber Collaboration Center, But Private Companies May Hesitate to Share — Law.com

  • SonicWall CEO Bill Conner discusses the challenges faced by the new DHS National Risk Management Center initiative in relation to cooperation from the private sector.

ADT Acquires MSSP SDI, Eyes Small Business Cybersecurity Market Growth — MSSP Alert

  • ADT, the monitored security and home and business automation solutions provider, has acquired Secure Designs Inc. (SDI), a well-known MSSP and SonicWall partner that manages firewall equipment for small business customers.

The Changing Data Security Landscape — Database Trends and Applications

  • The SonicWall 2018 Cyber Threat Report is used in an analysis of the overall risk landscape for cybersecurity.

SonicWall to expand product engineering facility in India — ETCIO

  • Debasish Mukherjee, Country Manager India & SAARC SonicWall sat down with ETCIO to discuss the country’s expansion in Bangalore, India.

Cyber Security News

The Sensors That Power Smart Cities Are a Hacker’s Dream — Wired

  • Research from IBM Security and data security firm Threatcare that looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes.

Network of 15,000 bots used to spread cryptocurrency giveaway spam via Twitter — SC Magazine

  • A recently developed methodology for identifying Twitter bot accounts in large quantities turned up a cryptocurrency scam botnet operation found to leverage at least 15,000 bots to submit bogus tweets and likes.

Internet of Things Adoption to Rise Despite Security, Data Integration Challenges — The Wall Street Journal

  • Firms continue to adopt Internet of Things technologies, but believe large-scale deployments and returns on investment may take longer than expected to materialize due to ongoing security and implementation challenges.

iPhone Chipmaker Blames WannaCry Variant for Plant Closures — Bloomberg

  • Taiwan Semiconductor Manufacturing Co. blamed a variant of the 2017 WannaCry ransomware for the unprecedented shutdown of several plants, as it ramps up chipmaking for Apple Inc.’s next iPhones

Atlanta’s Reported Ransomware Bill: Up to $17 Million — Bank Info Security

  • The cost of the city of Atlanta’s mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million.

In Case You Missed It

EVERBE RANSOMWARE actively spreading in the wild.

/in /by

The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of EVERBE [Everbe.RSM] actively spreading in the wild.

EVERBE encrypts the victim’s files with a strong encryption algorithm until the victim pays a fee to get them back.

Contents of the EVERBE ransomware

Infection Cycle:

The Ransomware adds the following files to the system:

  • Malware.exe
    • %App.path%\ !=How_recovery_files=!.txt
      • Instruction for recovery

Once the computer is compromised, the Ransomware copies its own executable into %Userprofile% folder and runs the following commands:

The Ransomware encrypts all the files and appends the . Everbe extension onto each encrypted file’s filename.

After encrypting all personal documents the Ransomware shows the following webpage containing a message reporting that the computer has been encrypted and to contact its developer for unlock instructions.

Sonicwall Capture Labs provides protection against this threat via the following signature:

  • GAV: Everbe.RSM (Trojan)

SonicWall at Black Hat 2018

/0 Comments/in /by

Now in its 21st year, Black Hat USA promises to bring together 17,000 information security experts to provide attendees with the very latest in cyber research, development and trends. This six-day event begins with four days of training for security practitioners of all levels (Aug. 4-7) followed by the two-day main event including briefings, business hall, arsenal and more (Aug. 8-9).

SonicWall is excited to be attending this year’s Black Hat event in Las Vegas. We’ll be providing attendees with hands-on experiences and showcasing our newest solutions. Visit us at Booth 564 in the Shoreline Hall to chat with our experts and explore the latest in security trends, threat intelligence and powerful cyber security solutions that help protect organizations in a fast-moving cyber arms race.

Live Demos

The SonicWall booth will feature five demo stations showcasing products across our entire portfolio, including the new SonicWall Capture Security Center. Our security experts will be on hand to take you through our Capture Cloud Platform, Capture ATP with Real-Time Deep Memory Inspection™ , Capture Client and our the newest next-generation firewall (NGFW) solutions.

Featured Presentations

Join our in-booth team to hear our featured presentation: “Keeping pace with the ever-changing threat landscape.” Our experts will go inside SonicWall Capture Labs telemetry data to provide insight into the advances being made by both security professionals and cybercriminals. In this session we’ll dig into the data, provide actionable insights and share our vision for automated real-time breach detection and prevention.

Each day, SonicWall will be joined by a special guest speaker: Daniel Bernard, VP of Business & Corporate Development, at SentinelOne. Learn how SonicWall and SentinelOne together ensure automatic remediation of malicious attacks, such as ransomware, in the event of infection by reversing system and file modifications.

Time Presentation
Wednesday
10:30 a.m.- 2 p.m. Keeping Pace with the Shifting Threat Landscape
2 p.m. Special Guest Speaker: Daniel Bernard, VP, SentinelOne
2:30-6:30 p.m. Keeping Pace with the Shifting Threat Landscape
Thursday
10.30 a.m. – 2 p.m. Keeping Pace with the Shifting Threat Landscape
2 p.m. Special Guest Speaker: Daniel Bernard, VP SentinelOne
2:30 p.m.- 4:30 p.m. Keeping Pace with the Shifting Threat Landscape

It wouldn’t be Vegas without a little magic and the chance for some winnings. Each day at Booth 564, in addition to our demos and presentations, we’ll have exclusive giveaways and even an illusionist. Join us and leave armed with the best cybersecurity information and some exclusive SonicWall swag like power banks, webcam covers, pens, notebooks and even fake bitcoin.

To keep up with us at the show, follow @SonicWall on Twitter and look for the hashtag #BHUSA.

Business Hall Hours

Mandalay Bay, Las Vegas | Booth 564

  • Wednesday, August 8: 10 a.m.- 7 p.m. PDT
  • Thursday, August 9: 10 a.m.- 5 p.m. PDT

Business Hall Access

  • Briefings Pass and/or Trainings Pass holders have unlimited access to the Business Hall and all Features
  • A Business Pass is available for purchase to individuals without Briefings and/or Trainings Passes and grants unlimited access to the Business Hall and all Features.

All Times PDT

Helpful resources