Cybersecurity News & Trends – 11-13-20

/0 Comments/in /by

This week, SonicWall expanded its Capture Cloud Platform with four new firewalls and a new Zero-Trust security solution.

SonicWall in the News

SonicWall Expands Boundless Cybersecurity With New High-Performance, Low-TCO Firewalls; Company Debuts Cloud-Native Ztna Solution to Secure Work-From-Anywhere Environments — Company Press Release

  • SonicWall today announced the expansion of its Capture Cloud Platform with the addition of the high-performance NSa 2700 firewall, three new TZ firewall options, and SonicWall Cloud Edge Secure Access, which delivers easy-to-deploy, easy-to-use zero-trust security.

SonicWall Capture Advanced Threat Protection Collects ICSA Labs Certification — Company Press Release

  • For the third consecutive quarter, cloud-based Capture Advanced Threat Protection (ATP) sandbox service has been vigorously tested in the detection of today’s most evasive threats and awarded the coveted ICSA Labs Advanced Threat Defense certification.

The 2020 Tech Innovators Awards — CRN

  • SonicWall was recognized as the winner of the networking category for its TZ570 and TZ670 series (slide 22) and was a finalist in the security network category for its Network Security Services Platform 15700 (slide 37).

Cybersecurity Industry in Detroit Is Growing and Mentors Are Starting With Young People — Detroit Free Press

  • In an article on how Detroit’s cybersecurity industry is growing, Bill Conner offers cybersecurity tips for more secure remote work.

Four New SonicWall Firewalls Announced — Storage Review

  • Storage Review covers SonicWall’s latest launch, focusing on Cloud Edge Secure Access and four all-new firewalls.

SonicWall Research: Ransomware, IoT Malware Attacks On The Rise — MSSP Alert

  • In a feature article on SonicWall’s Q3 Threat Data, MSSP Alert spotlights the surge in ransomware and IoT malware.

Industry News

Campari Site Suffers Ransomware Hangover — ThreatPost

  • Italian spirits brand Campari has restored its company website following a recent ransomware attack.

Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic — Threat Post

  • Following the Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.

Pressure grows to reinstall White House cyber czar — The Hill

  • Pressure to reinstate a cyber czar within the White House is growing, with bipartisan allies lining up on Capitol Hill to push such a proposal.

Zoom settles charges with FTC over deceptive security practices — Cyberscoop

  • The FTC has reached a deal with Zoom to settle allegations that the communications technology company misrepresented its security and privacy protections.

How to Avoid Paying Ransomware Ransoms — Data Center Knowledge

  • As private experts and government officials advise against indulging the bad guys, here are some tips for following that advice.

Treasury Asks if External Cyber Acts Qualify for Terrorism Risk Insurance Program — Nextgov

  • A request for comment reflects recommendations made by the Cyberspace Solarium Commission.

Major ransomware strain jumps from Windows to Linux — SC Magazine

  • A recently discovered file-encrypting Trojan, built as an executable and linkable format (ELF), encrypts data on machines controlled by Linux-based operating systems.

Hospital network hit by cyber attack restoring services — The Washington Times

  • Computer experts at the University of Vermont Medical Center are working to restore systems disabled in a cyberattack that has affected the hospital’s ability to provide some cancer treatments.

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware — Cyberscoop

  • Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victims with malicious software.

Microsoft Exchange Attack Exposes New xHunt Backdoors — Threat Post

  • An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen PowerShell backdoors.

U.S. seizes over $1 billion in bitcoin tied to ‘Silk Road’ — Reuters

  • The U.S. Justice Department announced it had seized over $1 billion worth of bitcoin associated with the underground online marketplace Silk Road.

Ransomware Attacks Surge 40% Globally In Q3: Report — Express Computer

  • While overall malware volume declined for the third consecutive quarter, ransomware attacks globally surged 40% to reach 199.7 million hits in the third quarter of this year.

In Case You Missed It

Android spyware Bahamut spreads disguised as Voice of Islam app

/in /by

A spy campaign for Android was found spreading actively via the link – voiceofislam.info – which has been taken down. Cache page for this link shows weblinks which led the user to download a malicious apk file:

Original page images, posted on Twitter:

 

Infection cycle

Upon installation and execution, the app does not appear to perform a lot of activities to the user. In the background it contacts the attacker with device IMEI, this might be the registration mechanism usually observed in Android malware:

Contacts stored on the device are siphoned back to the attacker:

 

Spyware capabilities

This application contains a number of spyware components which aim at extracting sensitive user related information and sending it back to the attackers server – voiceofislam.info

Call logs:

 

Contacts:

 

Device information:

 

Media files with support for a number of extensions:

Interestingly the spyware has support for .crypt11 and .crypt12 file extensions which are encrypted Whatsapp chat history databases.

 

Location:

String encryption

This malware uses Blowfish encryption to encrypt strings using the key 9;_R%@c`gZxL9M{j”. This key has been linked with the Android spyware campaign Bahamut.

 

Network investigation

We observed the following VT graph for the domain voiceofislam.info:

The second malicious app identified from this graph – 6ef7ea19a000f2570c30ae3814b8482f – contains similar functionality as the one analyzed.

Upon further digging, we found another app related to this campaign via Koodous:

 

This app  ( MD5 – 9368dd657e410f8a9ba2b71c95cc0777) contains a similar code and component structure related to the previous app, but with a minor change. It uses a secret key K&M9B#)O/R\u0007=P%hA which again coincides with the known keys associated with Bahamut campaign.

Overall this malicious spyware aims at stealing sensitive user information from the infected devices. This malware is part of a larger campaign Bahamut, we can expect more spyware from this campaign to spread using different means in future.

 

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: AndroidOSBahamut.NS (Trojan)
  • GAV: AndroidOSBahamut.SM (Trojan)

 

Indicators of Compromise (IOC):

New SonicWall Products Drive Innovation; Offer Greater Flexibility, Performance and Low TCO

/0 Comments/in /by

With the ever-evolving security needs of our customers and partners, SonicWall is committed to staying ahead of the curve, leveraging the latest technologies to bring you solutions that keep you safer, more agile and more productive no matter where or how work gets done.

Our mission to help customers know the unknown, gain unified visibility and control, and leverage disruptive economics to do more with less is what drove Boundless Cybersecurity earlier this year.

As the next step in our commitment to Boundless Cybersecurity, we’re introducing a new series of products designed to help meet your unique cybersecurity and business needs — all while giving you more choice and budget flexibility.

Multi-gigabit threat performance for mid-sized networks: SonicWall NSa 2700

Earlier this year, we released new NSsp 15700, TZ670 and TZ570 firewalls built around our new SonicOS 7.0 architecture. Now, we’re bringing this same game-changing OS to small- to medium-sized businesses (SMB) and mid-sized networks.

The new SonicWall NSa 2700 firewall offers industry-leading performance and the highest port density in its class, with TLS 1.3 support that stops cyberattacks and eliminates bottlenecks.

For enterprises that have grown beyond the capacity of the TZ series, the NSa 2700 offers enterprise-grade security without the need for an enterprise-scale appliance — or the price tag that goes with it. The NSa 2700 mid-range firewall offers a full high-availability (HA) solution without traditional HA prices and delivers 3Gbps threat inspection throughput at a fraction of the price of the second-best next-generation firewall in its class.

To learn more about SonicWall NSa 2700, click here.

Cost-effective SD-Branch solutions: SonicWall TZ270, TZ370 and TZ470

Cybercriminals have shifted from focusing on large enterprises to targeting any organization they think they can gain access to — meaning you can no longer rely on size to protect you.

Designed for SMBs including distributed enterprises with SD-Branch locations, SonicWall’s Generation 7 TZ models combine industry-validated security effectiveness with best-in-class price performance.

These new TZ firewall appliances offer all the user-friendliness and critical management capabilities of SonicOS 7.0. And despite their smaller size (and price tag), the new TZ appliances allow you to connect and secure up to 1 million connections (35,000 concurrent connections on SSL/TLS with DPI-SSL enabled).

Like their larger counterparts, the new TZ firewalls pack a lot of power, with 2.5 gigabit interfaces on the TZ470 and gigabit interfaces on the TZ370 and TZ270. All are available in wired and wireless models with 802.11ac Wave2, supporting integrated SD-WAN and offering expandable storage of up to 256 GB, Zero-Touch Deployment, and single-pane-of-glass management using our recently launched Network Security Manager.

TZ firewalls are also 5G- and LTE-ready, with a convenient USB 3.0 for 5G connectivity with several LTE and 5G modules from various ISPs qualified.

To learn more about SonicWall’s full range of new TZ firewalls, click here.

Zero-trust security that’s easy to deploy and use: SonicWall Cloud Edge Secure Access

The adoption of remote work, tighter collaborations with partners and BYOD have redefined perimeter security — and in today’s boundless enterprise, enforcing security policies has never been more challenging.

While VPN is a smart choice for specific deployment scenarios, it introduces its own set of challenges. While securing the perimeter is crucial, it’s no longer enough: To truly protect your network, cybersecurity must go wherever work gets done, and extend to wherever your assets reside.

With Cloud Edge Secure Access, SonicWall delivers easy-to-deploy, easy-to-use zero-trust security for site-to-site and hybrid cloud connectivity. This robust, cloud-native Secure Access Service Edge (SASE) offering can be configured by IT admins in as little as 15 minutes, and self-installed by end users in just 5 minutes.

Built around a Least-Privilege Access philosophy, SonicWall Cloud Edge Secure Access lets you limit access to only those who need it. With the power to control and protect network access to both managed and unmanaged devices based on identity, location and device parameters, you can now protect sensitive areas of your network and secure your resources without sacrificing productivity or flexibility.

And if you’re worried about DDoS, SlowLoris or SYN Flood, don’t be. Because it’s supported by over 30 global points of presence and built on Software-Defined Perimeter (SDP) core architecture, SonicWall Cloud Edge Secure Access is impervious to common cyberattacks.

SonicWall Cloud Edge Secure Access also proactively monitors environments, automatically activating a secure access connection in public Wi-Fi hotspots, further securing remote work by automatically securing unsecure Wi-Fi hotspots.

To learn more about SonicWall Cloud Edge Secure Access, click here.

Increased visibility and simplified multitenant management: Capture Client 3.5

Designed for MSSPs/MSPs, as well as enterprise customers that manage multiple tenants, Capture Client 3.5 endpoint protection offers simplified management of multiple tenants, translating to lower operational costs and faster response times.

With Capture Client 3.5, you can create and deploy new tenants through the adoption of baseline policies, while also offering customers the flexibility to build and deploy custom policies for specific tenants.

By offering a quick snapshot of the health of all tenants, Capture Client 3.5 provides administrators the ability to see infections and vulnerabilities instantly. The solution also offers more granular views, displaying which version of Capture Client is installed on each endpoint, which devices are online, what web content categories or domains get the most blocks, and which users cause the most alerts.

To learn more about SonicWall Capture Client 3.5, click here.

The ultimate firewall management tool, on-prem or SaaS: Network Security Manager (NSM) 2.1

With SonicWall NSM 2.1, we’re making centralized firewall management even better, bringing greater control and ease to your security operations center (SOC).

NSM 2.1 adds several new enterprise management capabilities, along with several options for NSM on-premises deployment. By leveraging a unified code base, firewall management is simplified regardless of whether you choose a SaaS or on-prem deployment.

This release also features Role-Based Access Controls (RBAC) for granular access based on device or user, Golden Templates to convert device configurations to your principal set, and Approval Workflow to help you roll out sanctioned security policies with a controlled and auditable process.

With the added security of two-factor authentication (2FA) and the continuous monitoring of Intelligent Platform Monitoring (IPM) system, NSM 2.1 does more than ever to ensure your network is protected, and running and performing optimally.

To learn more about SonicWall NSM 2.1, click here.

While SonicWall is excited to introduce these new products, we’d also like to thank our partners, who provided the valuable input that drove our innovations. Everything we do and everything we dream of at SonicWall is for our partners and customers, and we’re proud to offer you even more products and solutions to drive your business.

SonicWall TZ270/370/470: Accelerating Digital Transformation for SMBs & Secure SD-Branches

/0 Comments/in /by

Small businesses and distributed branch offices want to embrace the latest technological developments as much as larger businesses do. But while organizations are working hard to adopt and take advantage of digital transformation, there are several challenges specific to SMBs and branches.

For one, traditional small businesses or branches cannot keep up with today’s continuously evolving cyberattacks. These threats are increasingly targeted and strategized to maximize return on investment, exploiting the ever-increasing attack surface and new attack vectors to become stealthier and more dangerous.

Secondly, the surge of mobile and IoT devices connecting to the network has led to network performance degradation and unpredictable application performance.

Finally, the traditional branch and WAN market is undergoing a massive disruption with the adoption of cloud applications. SD-WAN technology has been a major catalyst in providing the required cloud application performance at significantly lower costs. But adopting multiple point products for security and SD-WAN poses interoperability, deployment, management and visibility challenges that add to the overall cost and time spent to roll out solutions across branches.

An integrated approach is critical for a smooth digital transformation. While there are many products that claim to feature capabilities supporting digital transformation, few offer a complete feature set with high performance at a low total cost of ownership.

Introducing TZ270, TZ370 and TZ470 – integrated SD-Branch platforms with industry-leading performance

In August, we expanded our TZ series with the addition of the TZ570 and TZ670, designed for modern branches. Today, we’re excited to add even more new products to the TZ line of secure SD-Branch appliances. The SonicWall TZ270, TZ370 and TZ470 (and their wireless counterparts, the TZ270W, TZ370W and TZ470W) feature state-of-the-art hardware specially designed to handle the requirements of small businesses and modern software-defined branches.


TZ270
TZ270W
TZ370
TZ370W
TZ470
TZ470W

The groundbreaking performance capabilities of the new TZ series appliances allow automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, all over multi-gigabit wired and 802.11ac Wave 2 wireless networks. TZ470 is the first desktop form-factor firewall in its class to include multi-gigabit interfaces. In addition to high port density, high-speed processors and robust onboard memory, the new TZ Series appliances include expandable storage of up to 256GB, perfect for small businesses and secure SD-Branches.

Specifications at a glance:

  • Up to 2.5Gbps of threat prevention performance
  • 10GbE interfaces
  • 11ac Wave 2 wireless
  • Expandable storage up to 256GB
  • USB 3.0 super speed ports for 5G/LTE USB modems

The new TZ appliances are powered by SonicOS 7.0. Launched in August, this completely reimagined operating system provides multiple new features, including support for the new TLS 1.3 encryption standard. More details about the new SonicOS 7.0 can be found here.

Integrated approach for digital transformation

So how do the new TZ270, TZ370 and TZ470 help businesses with digital transformation?

We know that threats are continually evolving. More than simply a replacement for its predecessor, the new TZ series lineup delivers award-winning security solutions with third-party certifications and reviews that meets the need for high-speed threat prevention. Advanced threats such as unknown and zero-day attacks concealed in encrypted web traffic are thwarted using Capture, SonicWall’s cloud-based, multi-engine sandboxing service with patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technology.

With built-in SD-WAN provided at no additional cost, the new TZ series can effectively replace expensive WAN connection technologies and standalone SD-WAN appliances to provide application performance for critical cloud applications through QoS features. Additionally, the use of multi-gigabit interfaces in conjunction with SonicWall Switches and SonicWave access points ensure networks can keep up with the high bandwidth needs rising from the increased mobile devices.

SonicWall Network Security Manager (NSM) offers a centralized management and analytics platform through cloud and on-prem form factors. Small businesses with limited IT staff and lack of cybersecurity skillset can take advantage of the Zero-Touch deployment and unified policy enforcement offered by NSM to save both time and money on deployment. Consolidated security across edge, access and endpoint networks — using TZ series firewalls, SonicWall switches, SonicWave access points and Capture Client endpoint client, all managed through a single pane of glass— amplifies cross-product visibility and control. This end-to-end security stack provides a strong, unified security posture that eases management and offers peace of mind, all at a lower TCO than similar solutions currently on the market.

Test-drive the technology

Test drive the new TZ Series-based solution on SonicWall live demo: https://livedemo.sonicwall.com.

To learn more about the new TZ Series, watch the launch video or visit https://www.sonicwall.com/products/firewalls/entry-level/.

New SonicWall NSa 2700: High Performance and Consolidated Security at Lower TCO

/0 Comments/in /by

2020 has brought exponential growth in network traffic, including a 25% to 35% spike in March alone. As the demands on network firewalls continue to increase, many have struggled to keep up without becoming a bottleneck. Meanwhile, cybercriminals are becoming increasingly successful at breaching perimeter defenses using advanced techniques like encrypted threats and embedded malware.

To address this changing cybersecurity landscape, some companies have deployed multiple security point products. According to CSO Online, enterprises have an average of 75 products deployed to secure their network and cloud infrastructure. But these disparate point products pose challenges of their own, including management complexity and lack of interoperability — which in turn have led to an explosion in overall operating costs.

Today’s enterprises need a next-generation firewall that can accommodate the continuing increase in network traffic, while at the same time consolidating security controls to stop evasive threats.

Introducing SonicWall NSa 2700: A Gen 7 NGFW for Medium and Distributed Enterprises

The SonicWall Network Security Appliance (NSa) 2700 is a next-generation firewall (NGFW) that delivers industry-leading performance at the lowest total cost of ownership in its class. NSa 2700 protects mid-size networks with comprehensive integrated security services like malware analysis, encrypted traffic inspection, cloud application security and reputation services. It also supports centralized management with a truly intuitive single user interface, significantly improving operational efficiency.

SonicWall NSa 2700 includes advanced networking features such as HA/clustering, SD-WAN, dynamic routing, and virtual routing and forwarding. It combines validated security effectiveness and best-in-class price performance in a single rack unit appliance with high port density. In short, medium enterprises can now get the performance, networking and security capabilities they need from their next-generation firewalls without breaking the bank.

NSa 2700 Next Generation Firewall Highlights

Appliance at a glance

NSa 2700 is an energy-efficient, reliable appliance in a compact 1U chassis. Powered by the next-generation SonicOS 7.0 operating system, it is capable of processing millions of connections while delivering multi-gigabit threat prevention throughput. The following are a few high-level features that make NSa 2700 an attractive option for medium and distributed enterprises:

  • 16 x 1 GbE interfaces
  • 3 x 10 GbE interfaces
  • 3 Gbps of threat prevention performance
  • 6 Gbps of application inspection performance
  • 5 million stateful and 500,00 DPI connections
  • 21,500 connections per second
  • Dedicated management port

Powered by the new SonicOS 7.0

The SonicWall NS2700 runs on SonicOS 7.0, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve both their security and operational efficiency.

SonicOS 7.0 features:

More details about the new SonicOS 7.0 can be found here.

NSa 2700 Deployment Options

SonicWall NSa 2700 has two main deployment options for medium and distributed enterprises:

Internet Edge Deployment

In this standard deployment option, SonicWall NSa 2700 protects private networks from malicious traffic coming from the Internet, allowing you to:

  • Deploy a proven NGFW solution with highest performance and port density (including 10 GbE connectivity) in its class
  • Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet — all without compromising performance
  • Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and reputation services

Medium and Distributed Enterprise Deployment

The SonicWall NS2700 supports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. By leveraging NSa’s high port density, which includes 10 GbE connectivity, enterprises can support distributed branches and wide area networks. This deployment allows organizations to:

  • Provide direct secure Internet access to distributed branch offices instead of back-hauling through corporate headquarters
  • Allow distributed branch offices to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency
  • Reduce complexity and improve operations by using a central management system, which is accessed through an intuitive, single-pane-of-glass user interface

Overall Solution Value

The new NSa 2700 offers enterprises a best-in-class next-generation firewall with high speed and port density, all at a lower total cost of ownership. With integrated security services like malware analysis, URLF and cloud application security, NSa 2700 offers enterprises superb protection from advanced threats.

To learn more about the new NSa 2700, watch the video or click here.

Microsoft Security Bulletin Coverage for November 2020

/in /by

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-16998 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131

CVE-2020-17010 Win32k Elevation of Privilege Vulnerability
ASPY 125:Malformed-File exe.MP.165
CVE-2020-17038 Win32k Elevation of Privilege Vulnerability
ASPY 124:Malformed-File exe.MP.164

CVE-2020-17047 Windows Network File System Denial of Service Vulnerability
IPS 15220:Windows Network File System Denial of Service (CVE-2020-17047)

CVE-2020-17051 Windows Network File System Remote Code Execution Vulnerability
IPS 15223:Windows Network File System Remote Code Execution (CVE-2020-17051)

CVE-2020-17052 Scripting Engine Memory Corruption Vulnerability
IPS 15221:Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)

CVE-2020-17053 Internet Explorer Memory Corruption Vulnerability
IPS 15222:Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)

CVE-2020-17056 Windows Network File System Information Disclosure Vulnerability
IPS 15226:Windows NFS Information Disclosure (CVE-2020-17056)

CVE-2020-17057 Windows Win32k Elevation of Privilege Vulnerability
ASPY 123:Malformed-File exe.MP.161

CVE-2020-17061 Microsoft SharePoint Remote Code Execution Vulnerability
ASPY 126:Malformed-File exe.MP.166
IPS 15224: Microsoft SharePoint Remote Code Execution (CVE-2020-17061) 1
IPS 15225: Microsoft SharePoint Remote Code Execution (CVE-2020-17061) 2

CVE-2020-17087 Windows Kernel Local Elevation of Privilege Vulnerability
ASPY 117:Malformed-File exe.OT.1
GAV:CVE-2020-17087

CVE-2020-17088 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 122:Malformed-File exe.MP.160

Following vulnerabilities do not have exploits in the wild :
CVE-2020-1325 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1599 Windows Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-16970 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16979 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16981 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16982 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16983 Azure Sphere Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-16984 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16985 Azure Sphere Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16986 Azure Sphere Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-16987 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16988 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16989 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16990 Azure Sphere Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16991 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16992 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16993 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16994 Azure Sphere Unsigned Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16997 Remote Desktop Protocol Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16999 Windows WalletService Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17000 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17001 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17004 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17005 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17006 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17007 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17011 Windows Port Class Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17012 Windows Bind Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17013 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17014 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17015 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17016 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17017 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17018 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17019 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17020 Microsoft Word Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17021 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17024 Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17025 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17026 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17027 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17028 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17029 Windows Canonical Display Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17030 Windows MSCTF Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17031 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17032 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17033 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17034 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17035 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17036 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17037 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17040 Windows Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17041 Windows Print Configuration Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17042 Windows Print Spooler Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17043 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17044 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17045 Windows KernelStream Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17046 Windows Error Reporting Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-17048 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-17049 Kerberos Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17054 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-17055 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17058 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-17060 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17062 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17063 Microsoft Office Online Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17064 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17065 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17066 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17067 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17068 Windows GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17069 Windows NDIS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17070 Windows Update Medic Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17071 Windows Delivery Optimization Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17073 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17074 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17075 Windows USO Core Worker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17076 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17077 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17078 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17079 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17081 Microsoft Raw Image Extension Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17082 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17083 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17084 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17085 Microsoft Exchange Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-17086 Microsoft Raw Image Extension Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17090 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17091 Microsoft Teams Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17100 Visual Studio Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-17101 HEIF Image Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17102 WebP Image Extensions Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17104 Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17105 AV1 Video Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17106 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17107 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17108 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17109 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17110 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17113 Windows Camera Codec Information Disclosure Vulnerability
There are no known exploits in the wild.

SonicWall Capture ATP Receives ICSA Labs ATD Certification

/0 Comments/in /by

With data breaches continuing to make headlines almost daily and new attack vectors surfacing seemingly every month, it is important to protect your environment against unknown threats.

We’re excited to announce that SonicWall Capture Advanced Threat Protection (ATP) has received ICSA Labs Advanced Threat Defense Certification for the third consecutive quarter.

ICSA Labs, an independent division of Verizon, tested a combination of our NSa 3600 Next-Gen Firewall and Cloud-based Capture ATP, featuring our Real-Time Deep Memory Inspection™ (RTDMI) engine, for 33 days and put the combined solution through 1,412 test runs to verify its effectiveness. As a result, Capture ATP received a 99.6% detection rate for previously unknown threats with just one false positive.

Of threats one hour old or less, SonicWall Capture ATP detected over 99% of these new threats,” according to the report. It also noted, “The SonicWall solution was also over 99% effective against threats between one and two hours old,” proving the effectiveness of the solution against unknown threats.

What is ICSA Advanced Threat Defense?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is aimed at vendor solutions designed to detect new threats that other traditional security products miss. Thus, the focus is on how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives. The minimum required score for passing the test is 75%.

SonicWall TZ Series Earns CRN Accolade, NSsp Firewall Named Finalist

/0 Comments/in , /by

Consistently and historically delivering on its promise to provide superior products and technical expertise to more than its 20,000 partners worldwide, SonicWall has been recognized by CRN®, a brand of The Channel Company, with a 2020 CRN Tech Innovator Award.

SonicWall was named the winner of the networking category for its TZ570 and TZ670 entry-level firewall series, while its Network Security Services Platform (NSsp) 15700 was a finalist in the security network category.

“We strive to deliver the technology and services that will continue to give our partners the competitive edge and technical support that’s needed in today’s marketplace,” said SonicWall SVP and Chief Revenue Officer Bob VanKirk. “Our long history working closely with the channel has given us the ability to listen well to their needs, and then develop, educate and deliver on what they need to safeguard their customers. The SonicWall team looks forward to delivering security solutions that will set them apart in a marketplace that has become saturated and often overwhelming for organizations looking to find the right fit.”

CRN’s annual award program honors innovative vendors in the IT channel across 49 technology categories, in key areas ranging from cloud to security to storage to networking. CRN editors assessed hundreds of vendor products along multiple criteria, including uniqueness, key capabilities, technological competency, and addressing customer needs.

“CRN’s Tech Innovator Awards celebrate technology vendors that empower end-users and promote business growth for solution providers with pioneering, purpose-built solutions,” said Blaine Raddon, CEO of The Channel Company.

The SonicWall TZ series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without the enterprise-grade complexity. Installation and operation are made easy with Zero-Touch Deployment and simplified centralized management. SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service with patent-pending Real-Time Deep Memory Inspection (RTDMI™) helps detect against today’s most nefarious cyberattacks.

Designed for large enterprises, service providers, and MSSPs, the SonicWall NSsp 15700 consolidates industry-validated security effectiveness and best-in-class price-performance into a next-generation firewall. Its multi-instance architecture supports multiple firewalls on a single appliance with dedicated resources so administrators can run different software versions and configurations without the typical constraints of multitenancy architectures like resource starvation.

Cybersecurity News & Trends – 11-06-20

/0 Comments/in /by

This week, there were no reports of cybercriminal meddling in the U.S. election. But hospitals, government agencies, human rights groups, embassies and more weren’t so lucky.

SonicWall in the News

FBI Warns That Hackers Are Targeting Hospitals While Coronavirus Admissions Surge — Vox

  • The FBI has warned of an increase in ransomware attacks, particularly Ryuk, on hospitals.
    * Syndicated on MSN

Ryuk This For A Game Of Soldiers: Ransomware-flingers Actively Targeting Hospitals In The Us, Cyber Agencies Warn — The Register

  • While countries such as the UK, Germany and India saw declines in Ryuk, the U.S. saw a staggering 145.2 million ransomware hits – a 139 per cent year-on-year increase.

Surge In Ryuk Ransomware Attacks Has Hospitals On Alert — Computer Weekly

  • Ryuk has surged during 2020, according to statistics provided by SonicWall’s Capture Labs, which has booked 67.3 million Ryuk attacks in 2020, one-third of all ransomware incidents so far this year.

Most Organizations Don’t Have An Election Cyber War Room. They Don’t Need One — Cybersecurity Dive

  • The latest technological developments are almost irrelevant if security is absent from company culture. It’s a matter of reminding organizations of their security hygiene.

Industry News

Officials on alert for potential cyber threats after a quiet Election Day — The Hill

  • Election officials are cautiously declaring victory after no reports of major cyber incidents on Election Day.

Scam PSA: Ransomware gangs don’t always delete stolen data when paid — Bleeping Computer

  • Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.

No indication foreign governments have successfully interfered with 2020 voting: DHS officials — The Washington Times

  • Department of Homeland Security officials said the federal government is confident that the nation’s voting systems are secure and unaffected by foreign interference, but they cautioned that America’s adversaries may still attempt to create problems.

UK cyber-threat agency confronts Covid-19 attacks — BBC

  • More than a quarter of the incidents which the UK’s National Cyber Security Centre (NCSC) responded to were COVID-related, according to its latest annual report.

Hacker is selling 34 million user records stolen from 17 companies — Bleeping Computer

  • A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches.

North Korean Group Kimsuky Targets Government Agencies With New Malware — Security Week

  • North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason’s security researchers say.

Hackers Bearing Down on U.S. Hospitals Have More Attacks Planned — Bloomberg

  • A Russia-based ransomware group responsible for a new wave of attacks against U.S. hospitals is laying the groundwork to cripple at least ten more.

First the Good News: Number of Breaches Down 51% Year Over Year — Dark Reading

  • But the number of records put at risk experiences a massive increase.

US shares info on Russian malware used to target parliaments, embassies — Bleeping Computer

  • US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies.

Hackers are on the hunt for Oracle servers vulnerable to potent exploit — Ars Technica

  • Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

In Case You Missed It

Ragnar Locker Ransomware

/in /by

Overview:

SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Ragnar Locker Ransomware.

Cyberattacks using Ragnar Ransomware have impacted Biological E Ltd, Capcom, and Campari Group.
A description of the corporations that were hit last week and this week are below:

  • Biological E limited is a privately held biopharmaceutical company based in Hyderabad, Telangana, India.
  • Capcom Co., Ltd. is a Japanese video game developer and publisher.
  • Campari, is an Italian company active since 1860 in the branded beverage industry. It produces spirits, wines, and soft drinks.

Ragnar injects a module capable of collecting sensitive data from infected machines and uploads the data it finds to their servers. The ransomware notifies the victim of the files that will be released to the public if the ransom is not paid.

Ransomware document:

Further down the document:

Ragnar Key is at the bottom of the document:

Static Layer, Information:

Overview of sample, checking for any corruption within the PE file format.

Command-Line overview of sample:

Dynamic Information:

Shellcode Buffer:

Shellcode Entry:

Some Shellcode Functionality:

Anti-Debugging Block:

Supported Systems:

  • Windows 10
  • Windows 8.1
  • Windows 8.0
  • Windows 7
  • Windows Vista

SonicWall, (GAV) Gateway Anti-Virus, provides protection against this threat:

  • GAV: RagnarLocker.RSM_2 (Trojan)

Appendix:

Sample SHA256 Hash: 0766beb30c575fc68d1ca134bd53c086d2ce63b040e4d0bbd6d89d8c26ca04f6