Why Securing Remote Work is Crucial To Ensuring Business Continuity

If you had asked them in January, most organizations would probably have said things were humming along smoothly. Economic growth was strong, and in most cases budgets and security plans were being created and carried out without any need or intention to disrupt the status quo.

Then the entire world changed.

Within the space of a couple weeks, bustling offices were deserted one by one as federal, state, provincial and local governments issued stay-at-home and shelter-in-place orders, and employees boxed up their essential belongings and became part of the rapidly expanding global remote workforce.

While these moves were necessary to stem the spread of COVID-19, the disruption that this sudden change brought with it introduced a set of problems most businesses were ill-equipped to manage.

Companies that previously felt confident in their cybersecurity strategy suddenly found that they didn’t have the capacity or licenses to secure a full-scale mobile workforce. Worse, they needed to manage employees ill-prepared for the transition, many of whom didn’t understand the additional precautions required for safe remote work.

For hackers, though, these are the salad days — and the combination of inexperienced employees and unprepared businesses has brought them out in force. According to Reuters, hacking activity targeting corporations in the U.S. and elsewhere more than doubled in March, and preliminary reports show much the same for April. These threats highlight the urgent need for scalable Secure Remote Access and VPN license capacity to handle the new influx of remote employees while offering the same level of security offered on-prem.

Greater capacity for increased security

To help small- and medium-sized businesses (SMB) handle a rapidly expanding remote workforce, SonicWall has improved the scalability of its SMA 210 and 410 appliances — the 210 can now manage up to 200 remote VPN users, and the 410 can now support 400.

Many enterprises, governments and MSSPs are facing issues with scalability, too. To handle the influx of remote users on large distributed networks, the SonicWall SMA 1000 series allows these organizations to scale up to a million remote VPN users.

To scope which SMA solution is right for your organization, review the SonicWall Secure Mobile Access data sheet.

New public cloud options for the ‘new business normal’

The remote-work revolution coincides with another major shift in how enterprises work — the ongoing cloud transformation. The benefits of moving to a public cloud are myriad — including cost savings, greater agility, maximum uptime and quick and easy deployment.

While SonicWall has long supported private clouds, such as VMware ESXi and Microsoft Hyper-V, SonicWall SMA 500v and SMA 8200v virtual appliances can now be launched on AWS or Microsoft Azure, allowing businesses to realize these benefits at a time when they may need them the most.

Protect remote workers with special offers on SMA, VPN

Right now, budget concerns are at the forefront for many businesses. To help both new and existing customers implement necessary security during this time of crisis, SonicWall has launched several new ‘Work From Home Securely’ promotions to ensure organizations can implement comprehensive security in a cost-effective way.

With SonicWall’s new Work From Home Securely special offers on SMA and other solutions, there’s never been a better time — or a more crucial time — to secure your remote workforce.

Cybersecurity News & Trends

This week, hackers continued to capitalize on the COVID-19 pandemic, targeting the healthcare industry, oil companies and remote workers.


SonicWall Spotlight

Czech Cyber Officials Warn Of Serious Threat To Health Care Sector – Cyberscoop

  • Cybersecurity authorities in the Czech Republic have warned of an “extensive campaign of cyberattacks” on IT systems and health care facilities. At least one of the malicious files in the Czech advisory is part of a batch of code used in a remote access hacking tool, which SonicWall reported last month.

SonicWall Boundless Cybersecurity Platform for Remote Working – CRN

  • SonicWall’s new Boundless Cybersecurity model is designed to protect and mobilize large enterprises, small- and medium-sized businesses, and government agencies from the risks of a remote workforce.

2,000 Coronavirus Scammers Taken Offline in NCSC Phishing Crackdown – Experts Reaction –  Information Security Buzz

  • The UK’s National Cyber Security Centre, along with the City of London Police and several other government agencies, has launched a ‘Suspicious email reporting service’ for members of the public to alert the authorities to potential cyber-attacks.

Cybersecurity News

Hacking against corporations surges as workers take computers home – Reuters

  • Hackers are targeting remote workers, particularly in highly impacted areas where users’ confusion and anxiety makes them more susceptible to phishing.

FBI enlists internet domain registries in fight against coronavirus scams – Cyberscoop

  • Ongoing cooperation between the government and technology companies has resulted in the removal of hundreds of fraudulent websites that included “coronavirus,” “covid19” and related phrases in their names.

Creative Skype phishing campaign uses Google’s .app gTLD – Bleeping Computer

  • Attackers have deployed a phishing campaign against remote workers using Skype, luring them with emails that mimic notifications from the service.

Hackers Target Top Officials at World Health Organization – Bloomberg

  • The WHO’s security team has been the target of an increasing number of attempted cyber-attacks since mid-March. According to officials, WHO itself has not been hacked, but employee passwords have leaked through other websites.

Hackers Target Oil Companies as Prices Plunge – Wired

  • Espionage hackers have commenced a sophisticated spear-phishing campaign concentrated on U.S.-based energy companies. The goal: install a notorious trojan to siphon their most sensitive communications and data.

Virtual army rising up to protect healthcare groups from hackers – The Hill

  • A new network of white hat hackers—made up of more than 1,400 volunteers in 76 countries, from sectors including information security, telecommunications and law enforcement—has banded together under the name COVID-19 CTI League to help protect the healthcare industry. 

Apple iPhone May Be Vulnerable to Email Hack – The Wall Street Journal

  • Sophisticated hackers may be attacking Apple iPhones by exploiting a previously unknown flaw in the smartphone’s email software.

Customer complaint phishing pushes network hacking malware – Bleeping Computer

  • A new phishing campaign is targeting remote employees, using fake customer complaints to install a backdoor that will compromise the corporate network.

Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations – Security Week

  • With the use of new malware and a smartphone, researcher Mordechai Guri was able to exfiltrate data from air-gapped computers using vibrations from the machines’ internal fans.

 


In Case You Missed It

Covid-19 scams continue

As the shelter -in-place continues, the scams around Covid-19 are rampant in the wild. SonicWall Capture Labs threat research team observed more scams in recent weeks.

The stimulus checks from government’s financial aid  have started arriving, and so have the spam scams.

Malicious executable file posing as Covid-19 relief packages are being distributed in the wild.

Typical infection cycle.

The malicious executable file makes contact with attacker’s domain

It also adds and modifies files, and deletes registry key settings.

People are eager to read any information regarding Covid-19, some email scams have appealing subjects as illustrated below.

The excel attachment is a malicious file. Upon opening it gives a message to enable content.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

The file modifies some registry entries.

 

Spammers are also delivering emails with malicious attachments in other languages.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

IoCs:

7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

6b084f7f1ca3d991ffea3f8b5b1fa3d45d8f5fe8dcf7242209d353749b3f3ed9

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

b66a6021b7fe7a66a448a868a46495eed8e98945cd0c75232599173f4407994e

kiencuonghotel.vn

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • Kryptik.Covid.ELN
  • Downloader.COVID_7
  • TrojanDownloader.COVID
  • GAV:Downloader.XLS_12

 

Fake Android Zoom Video Meeting apps harbor malware/adware components

There has been a sharp rise in people working from home as a precautionary measure towards lowering the spread of Covid-19. As a result, work from home related tools have seen an uptick in demand and usage. The video-conferencing app Zoom has enjoyed a surge in demand the last few months and this has caught the attention of malware writers. We recently blogged about a malicious cryptominer that disguises itself as Zoom app.

SonicWall Capture Labs threats research team has observed malicious Android apps that use the name, user interface (UI) elements and parts of code of the legitimate Zoom app to infect unsuspecting users. We examine a few such cases in this blog.

Case I

  • Md5: f6d554abd32fd32a1bc75f65aef23bad
  • App Name: ZOOM Cloud Meetings
  • Package Name: com.judf.zoom

After installation and execution the first thing we see are full screen advertisements:

 

Later we see a login screen, but its not for Zoom. The login screen when translated says “Mobile Cloud Office”. This appears to be an app that is repackaged to look like the ‘Zoom’ app, but there are no other similarities:

The malware communicates with the following domains that have malicious indicators:

  • 101.132.111.180

 

  • sta.2980.com

 

  • toblog.ctobsnssdk.com

 

Device specific information that is exfiltrated during network communication includes:

  • Device type
  • OS version
  • IMEI (uuid in this case)
  • Region
  • OS version

 

This malware contains a library file in the assets folder:

 

We saw this library file on the device (post app installation) in a hidden folder:

 

This library file contains the following link:

 

This link was not accessed during our analysis, however there are multiple suspicious links and malicious apk files associated with this domain:

Below are few suspicious links listed by VirusTotal for this domain:

  • h[xx]p://c.appjiagu.com/ad/analy.html
  • h[xx]p://c.appjiagu.com/apk/cr.html (Hard-coded in the sample we analyzed)
  • h[xx]p://c.appjiagu.com/ad.html
  • h[xx]p://c.appjiagu.com/root.html

 

Case II

  • Md5: e640eb702de37deb80c0a763eb67dea6
  • App Name: Zoom
  • Package Name: net.droidjack.server

We saw few instances where the Android Remote Administration Tool (RAT) DroidJack embedded apps were named as Zoom.

These apps do not contain any Zoom related assets (icons and other UI elements) as we have seen in other such fake apps.  DroidJack infested apps are common and we have written blogs in more depth about such fake apps in the past. On a high level DroidJack has the following capabilities:

  • Read and delete call logs
  • Make calls
  • Read, write and delete SMS messages
  • Read, create and delete contacts
  • Take pictures from the front/back camera
  • Record videos from front/back camera

 

Case III

  • Md5: 30a1a22dcf7fa0b62809f510a43829b1
  • App Name: Zoom Package
  • Name: us.zoom.videomeetings

On installation and execution this app looks similar to the legitimate Zoom application. The icons, UI elements are on point:

However, reviewing the AndroidManifest.xml file gives clues about the malicious additions. On comparing this xml file of the malicious app against the clean Zoom app we see a distinct addition in the malicious counterpart. A new receiver – us.zoom.videomeetings.byfsl.Qrfde – and service – us.zoom.videomeetings.byfsl.Qxohs – are present as shown below:

 

Code comparison of the two apps show the distinct additions:

The code contains encoded parts which are added to keep the malicious components hidden from automated scanner tools and to make it difficult for security researchers to analyze the code.

 

Case IV

  • Md5: fb5243138a920129dd85bb0e1545c2be
  • App Name: Zoom Package
  • Name: us.zoom.videomeetings

This malicious app copies the icon and name of Zoom app well, but immediately upon execution we are shown advertisements instead of the Zoom login screen:

 

It downloads and shows ads related configuration from the domain – hxxp://sf3-ttcdn-tos.pstatp.com/obj/ad-pattern/renderer/package.json.This domain has a number of malicious indicators as seen on VirusTotal:

 

This adware contains additional components when compared to the original Zoom app:

 

SonicWall Capture Labs provides protection against this threat with the following signatures:

  • GAV: AndroidOS.Zoom.FK (Trojan)
  • GAV: AndroidOS.DroidJack.RT (Trojan)
  • GAV: AndroidOS.Zoom.FKE_2 (Trojan)
  • GAV: AndroidOS.Ad.UA (Trojan)

 

Indicators Of Compromise (IOC):

  • fb5243138a920129dd85bb0e1545c2be
  • 30a1a22dcf7fa0b62809f510a43829b1
  • e640eb702de37deb80c0a763eb67dea6
  • f6d554abd32fd32a1bc75f65aef23bad

Securing Telecommuters with Expanded Endpoint Visibility and Control

If there is one thing that the ongoing pandemic has taught us, it’s that telecommuting could become the new normal. But IT executives must tread carefully, because expanding the bounds of the enterprise introduces new risks and tends to erode the value of standard protection controls. To ensure continuity and security, organizations need to ensure that employees can operate remotely without being compromised by the myriad advanced threats out there. Can you have your cake and eat it too?

Let’s see how the SonicWall Capture Client 3.0 endpoint solution can help organizations navigate these challenges.

Reduce the attack surface with content filtering

Most malware threats are delivered through websites or links in emails. The vehicles may be fraudulent or genuine websites. Previously, with Capture Client 2.0, endpoints could be blocked from known malicious sites only.

Capture Client 3.0 now features comprehensive, client-based content filtering services. With inspection of both HTTP and HTTPS traffic, granular polices on what categories to allow and block, exclusions for trusted applications, and blacklists for untrusted applications, administrators can easily extend the network-based content filtering services to their off-network users.

Minimize risk with application vulnerability intelligence

Telecommuting often involves the use of a variety of productivity and collaboration applications like Slack and Zoom. Often, employees go looking for other tools that may not be corporate-managed. In any of these cases, threat actors will always be looking for vulnerable versions of applications running on user endpoints. And patching, well … patching is always a moving target, right?

With Application Vulnerability Intelligence, Capture Client will now give real-time visibility of applications and any vulnerabilities found on them. Administrators can not only prioritize which applications to patch, but also blacklist processes launched by unauthorized applications.

Leverage Active Directory properties for granular policy assignment—anywhere

The other side of telecommuting is the explosive adoption of cloud services like O365 and Azure Active Directory (AD). Enterprises often apply granular policies based on AD properties associated with users and devices (e.g., marketing users have access to social networking and IT admins have access to advanced tools). Capture Client now also supports granular policy assignments based on these properties like group membership, and it doesn’t matter if the directory is hosted on-premise or in the cloud.

Expand server protection with Linux Support

The move to the cloud also entails the increased usage of Linux-based workloads that need to be protected from malware threats. Capture Client 3.0 will also introduce support for the SentinelOne Linux agent to extend next-gen antivirus capabilities to Linux servers.

Have an easier time using the tools

In addition, Capture Client 3.0 has also introduced several usability enhancements, including:

  • A new notification center to review outstanding alerts
  • Customizable alert settings, with configurable priority levels
  • An improved and expanded dashboard with actionable intelligence
  • A simplified multi-tenant dashboard for MSSPs
  • More end-user notifications, including a notification when the endpoint is disconnected from the network

With Capture Client 3.0, enterprises can rest assured when extending telecommuting facilities to their employees. They get increased visibility, reduced attack surface and the extension of standard protections to remote endpoints, all within a lightweight, unified client.

Fake Zoom App installs a Cryptominer

With stay-at-home orders implemented in several states and cities in the country in an effort to slow the spread of the novel coronavirus, internet data usage has spiked with more people being online and confined to their homes. More people have been shopping for groceries online, making virtual doctor’s office visits, kids connecting to their online education portals, people working remotely and having virtual meetings or connecting with friends and relatives via online chat. The Sonicwall Capture Labs threat research team has analyzed several different coronavirus-related malicious online schemes since more people are connecting online from home with typically more relaxed security measures and cybercriminals are certainly taking advantage.

One videoconferencing software has gained so much popularity lately that cybercriminals have seen that as a perfect vector for their malicious activity. Zoom has become so popular that it is one of the most downloaded software applications. A malicious installer bundled with a crypto currency miner has been making the rounds online preying on unsuspecting users wanting to install this videoconferencing program.

Infection Cycle:

The Trojan uses the Zoom icon and comes as an Autoit compiled installer.

Upon execution it drops a legitimate Zoom installer and a cryptominer in the following directories:

  • %Temp%\Zoominstaller.exe (legitimate installer)
  • %Appdata%\Roaming\Microsot\Windows\helper.exe (cryptominer)

It will then execute the legitimate Zoom installer and a window will pop up to prompt the user of the program installation.

Meanwhile it adds the helper.exe as a ‘System Check’ scheduled task and then executes it.

Upon execution of helper.exe,  it creates a ‘Tor’ directory within %Appdata%\Roaming\Microsot\Windows\ folder and drops components of a Tor client.

It executes the Tor client by running “tor.exe” to setup the proxy environment using its own config.

It then spawns attrib.exe (a legitimate windows system file) and uses it as a mining client and begin mining through the local Tor proxy using the following command:

Once a mining session has ended, the Tor directory gets deleted and will just be recreated on the subsequent run, thus leaving very little evidence of infection.

We urge our users to only use official and reputable websites as their source of software installer. Always be vigilant and cautious when installing software programs particularly if you are not certain of the source.

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: Autoit.OLS_2 (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions

 

Cybersecurity News & Trends

This week, SonicWall brings Boundless Cybersecurity to the remote workforce; Emotet, Ryuk and Trickbot deliver a 1-2-3 punch; and hackers use Apple for phishing bait.


SonicWall Spotlight

SonicWall Introduces Boundless Cyber Security Platform – Information Age

  • Boundless Cybersecurity aims to address a growing cybersecurity business gap and the complexity of securing remote workers compared to those working at company headquarters.

SonicWall: More Than 21,500 SecureFirst Partners Worldwide – MSSP Alert

  • SonicWall adds 1,100 SecureFirst partner in February and unveils a Boundless Cybersecurity model to protect mobile and remote workers against cyberthreats.

How to protect yourself against online COVID-19 scammers – Security Watch Info

  • As the COVID-19 pandemic continues to dominate the news cycle, cybercriminals are capitalizing on fear, stress and people’s desire for answers to gain access to personal information.

Cybersecurity News

North Korea hacking threatens U.S., other countries, international financial system: U.S. State Department – Reuters

  • The FBI joined the U.S. Departments of State, Treasury and Homeland Security in issuing an advisory about North Korean cyberthreats, warning the financial sector is particularly at risk.

Czechs Warn Hackers Are Preparing Cyber Attacks on Hospitals – Bloomberg

  • According to the Czech National Cyber and Information Security Agency, a campaign of cyberattacks on the country’s hospitals is expected in the coming days, Bloomberg reports.

The Pentagon Hasn’t Fixed Basic Cybersecurity Blind Spots – Wired

  • Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.

FBI warns of ongoing COVID-19 scams targeting govt, health care – Bleeping Computer

  • The U.S. Federal Bureau of Investigation has warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers.

The secret behind “unkillable” Android backdoor called xHelper has been revealed – Ars Technica

Emotet, Ryuk, TrickBot: ‘Loader-Ransomware-Banker Trifecta’ – Bank Info Security

  • The “loader-ransomware-banker” trifecta—Emotet, Ryuk and Trickbot—is stronger than the sum of its parts, causing millions of dollars in damages over the past few years.

Someone is passing around Valorant beta keys that are actually malware – Cyberscoop

  • Gamers hoping to access a closed beta for the video game Valorant are receiving keylogger software instead, as hackers attempt to capitalize on the hype surrounding the upcoming Riot Games release.

Apple Is Top Pick for Brand Phishing Attempts – Dark Reading

  • Have you received a suspicious-looking email purporting to be from Apple? You aren’t alone—10% of all brand phishing attempts in the first quarter of 2020 used the Apple brand in an attempt to deceive recipients.

In Case You Missed It

‘Boundless Cybersecurity’ Protects Organizations Mobilizing for the New Business Normal

A new ‘business normal’ has arrived for each and every enterprise, organization, business and government agency. It’s a new work reality where everyone is mobile, everyone is remote and everyone is less secure.

This sudden shift has accelerated future technology, communication, networking and cybersecurity plans.

The era of the ‘anytime, anywhere business’ is here now, forever changing the shape of the IT and business landscape. The massively expanding distributed IT reality — fueled by the proliferation of apps and devices, the pervasive cloud, borderless organizations, sensors everywhere — is creating an unprecedented explosion of exposure points for businesses.

These combined forces dramatically escalate risk, making the cost of conventional security prohibitive and the shortage of trained personnel more acute. Constrained budget and staffing resources can’t keep up, creating a growing ‘cybersecurity business gap’ that is unbridgeable with conventional security approaches.

So, how do organizations protect the integrity of their business when nearly 100% of their workforce is remote, everything is open and accessible, breach is inevitable, conventional solutions fall short, and increasing scrutiny creates mounting pressure?

More than ever, what’s needed is a shift to a new Boundless Cybersecurity Model that mobilizes organizations for the new business normal — all while breaking free of the constraints of the past. This new model moves organizations from conventional and constrained strategies to a modern, proactive and boundless model.

What is Boundless Cybersecurity?

A new global climate and fast-moving market dynamics accelerate the need for Boundless Cybersecurity, which proactively mitigates cyberattacks across organizations’ boundless exposure points, including a ‘boundless’ workforce of remote, mobile and cloud-enabled users. Boundless Cybersecurity is rooted by three core principles:

  • Know the unknown. Detect evasive and cutting-edge threats with SonicWall’s innovation in technology, like the Capture Advanced Threat Protection (ATP) cloud sandbox service, patent-pending Real-Time Deep Memory InspectionTM (RTDMI), machine learning and deep cyber threat intelligence.
  • See everything. Everywhere. No more management siloes. Gain unified visibility and control that integrates the technology, services and solutions you need for end-to-end security (e.g., Capture Security Center).
  • Scale your TCO. SonicWall has architected ways to leverage truly disruptive and scalable economics to make it cost-effective to protect any enterprise, SMB, organization or government

With SonicWall Boundless Cybersecurity, executives, decision-makers and administrators can finally bridge the cybersecurity business gap, mitigating escalating risk from boundless points of exposure — all with less cost and human intervention than conventional security.

“Boundless Cybersecurity” protegge le organizzazioni impegnate nel definire una nuova “normalità operativa”

C’è una nuova “normalità operativa” per tutte le imprese, le organizzazioni, le aziende e gli enti pubblici. Si tratta di una nuova realtà lavorativa all’insegna della mobilità, del telelavoro e di una minore sicurezza per tutti.

Questa rapida trasformazione ha accelerato i piani per la tecnologia, le comunicazioni, le reti e la cibersicurezza del futuro.

Siamo entrati nell’era dell’attività “sempre e dovunque”, che cambierà per sempre le caratteristiche dell’informatica e il panorama imprenditoriale. La realtà informatica distribuita che sta conoscendo una massiccia espansione – alimentata dalla proliferazione di applicazioni e dispositivi, del cloud pervasivo, delle organizzazioni senza confini, dei sensori ovunque – sta provocando un’esplosione senza precedenti dei punti di esposizione per le aziende.

Queste forze combinate fanno crescere i rischi in modo drammatico, rendendo proibitivi i costi della sicurezza convenzionale e più grave la mancanza di personale specializzato. Non è possibile far fronte ai limiti di bilancio e di personale, il che produce una crescente lacuna nel settore della cibersicurezza, impossibile da colmare con gli approcci alla sicurezza convenzionali.

Che cosa fanno allora le organizzazioni per proteggere l’integrità delle loro attività quando poco meno del 100% dei dipendenti lavora in remoto, tutto è aperto e accessibile, le violazioni sono inevitabili, le soluzioni convenzionali non sono più all’altezza e l’aumento dei controlli provoca pressioni sempre più forti?

Come mai prima d’ora, ciò che occorre è passare a un nuovo Modello di cibersicurezza illimitata, che mobiliti le organizzazioni per la nuova normalità operativa, il tutto liberandosi dai vincoli del passato. Questo nuovo modello comporta il passaggio delle organizzazioni da strategie convenzionali e limitate a modalità moderne, lungimiranti e illimitate.

Che cosa è la cibersicurezza illimitata?

Un nuovo clima globale e dinamiche di mercato in rapida evoluzione rendono più pressante l’esigenza di una cibersicurezza illimitata, in grado di mitigare in anticipo i ciberattacchi nei punti di esposizione esterni delle organizzazioni, compresi i dipendenti che lavorano in remoto e gli utenti mobili e che utilizzano il cloud. La cibersicurezza illimitata si basa su tre princìpi fondamentali:

  • Conoscere l’ignoto. Rilevare le minacce evasive e all’avanguardia tramite le innovazioni tecnologiche di SonicWall, come il servizio di sandbox nel cloud Capture Advanced Threat Protection (ATP), la tecnologia Real-Time Deep Memory InspectionTM (RTDMI) in attesa di brevetto, l’apprendimento automatico e l’intelligenza profonda delle ciberminacce.
  • Vedere tutto. Dovunque. Basta con la gestione a silos. Acquisite una visibilità e un controllo unificati, che integrino le tecnologie, i servizi e le soluzioni necessari per la sicurezza end-to-end (es., Capture Security Center).
  • Modulare il costo totale della proprietà. SonicWall ha messo a punto dei sistemi per sfruttare fattori economici decisamente dirompenti e modulabili, per proteggere in modo economico ed efficace, imprese, PMI, organizzazioni ed enti pubblici.

Con la cibersicurezza illimitata di SonicWall, funzionari, responsabili decisionali e amministratori possono finalmente colmare le lacune della cibersicurezza aziendale, mitigando i crescenti rischi derivanti dai punti di esposizione esterni, il tutto con costi e interventi umani minori rispetto alla sicurezza convenzionale.

Microsoft Security Bulletin Coverage for April 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0699 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability
ASPY 5926:Malformed-File exe.MP.134
CVE-2020-0794 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0821 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0934 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability
ASPY 5924:Malformed-File pfb.MP.6
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0952 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0955 Windows Kernel Information Disclosure in CPU Memory Access
There are no known exploits in the wild.
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability
ASPY 5922:Malformed-File exe.MP.132
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability
ASPY 5923:Malformed-File exe.MP.133
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0962 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0966 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0967 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability
IPS 14913:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968)
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0981 Windows Token Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0983 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0993 Windows DNS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5921:Malformed-File exe.MP.131
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1007 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1009 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1011 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1015 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1016 Windows Push Notification Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure
There are no known exploits in the wild.
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability
ASPY 5920:Malformed-File pfb.MP.5
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5919:Malformed-File exe.MP.130
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.