From Sonic Systems to SonicWall: 30 Years of Cybersecurity Evolution

/0 Comments/in , /by

This month marks 30 years since SonicWall’s founding in 1991. To celebrate, we’ll be spending the month of August spotlighting the history, people, products, partners and customers that have helped shape SonicWall over the past three decades and will continue to inspire us in the years ahead.

The SonicWall of today is internationally recognized as a leading cybersecurity company. But even among those in the industry, many aren’t aware that before there was SonicWall, there was a SonicWALL. But our story starts before even that — with two brothers in the Ethernet card business.

The Sonic Systems Years (1991-1995)

In the early 1990s, Sreekanth Ravi, who had previously owned a company that produced graphic expansion cards for Apple, saw an opportunity. The networking technology built into the Apple Macintosh product line at the time, LocalTalk, was very limited — and the Ethernet cards then available to expand these capabilities were prohibitively expensive.

Along with his brother, Sudhakar Ravi, he formed Sonic Systems (later to be called SonicWall) in 1991. The name Sonic Systems was chosen to evoke ideas of speed: the company was originally in the business of producing Ethernet cards to help transition the Apple Macintosh market from LocalTalk to the faster and more versatile Ethernet.

The new company’s first product, an Ethernet card for the NuBus and SE expansion slots, made its debut in the fall of 1991, and was so successful that by the following year, Apple OEMs were relying on Sonic Systems’ software to connect LocalTalk to Ethernet.

Building on these early wins, Sonic Systems soon expanded its product catalog to include Ethernet bridges, hubs, switches and more. But as Apple increasingly absorbed the functionality of these products into its systems, the market for aftermarket peripherals started to dry up. Sonic Systems diversified once again, shifting from peripherals to external appliances.

The Democratization of the Firewall (1996-1998)

But it wasn’t until 1996 that Sonic Systems began to consider branching out into firewalls. As the company grew, Sreehanth Ravi began looking for a firewall to safeguard Sonic Systems’ own internet connection. But to his dismay, he soon found that the firewalls available at the time, even the software-based ones, cost nearly $20,000. This was an enormous expense for a company that, at the time, had fewer than 40 employees and only minimal internet connectivity needs.

Once again sensing an opportunity, Sreekanth asked his brother to explore the feasibility of producing affordable NAT (Network Access Translation)/firewall appliances. That same year, the company released its final dedicated Macintosh offering, and its new mission became to provide firewall technology that was as affordable as it was effective.

In October 1997, Sonic Systems released the Interpol security appliance, which became a huge hit. But while the company’s focus on firewalls was permanent, the name Interpol was not: The following year, Sonic Systems rebranded the device as the “SonicWALL.”

Growth and Acquisition (1999-2015)

1999 brought many changes for Sonic Systems. Following in the footsteps of its most successful product, the company changed its own name to SonicWALL. That year also brought expansion into Europe and a successful initial public offering (IPO). SonicWALL executed a Secondary Public Offering, which raised additional funds, in March 2000.

This rapid advancement pace paid dividends — by 2002, the company had shipped its 250,000th unit — so SonicWALL kept it up. Recognizing that many SMBs wished to outsource their cybersecurity monitoring and management, SonicWALL introduced its Managed Security Services Provider program in 2005, kicking off a commitment to partnering with MSSPs that continues to this day.

Capping off a decade characterized by acquisitions — including enKoo, Aventail Corporation, Ignyte Technology, SecureCom and RedCreek — SonicWALL itself was acquired by Thoma Bravo in 2010, and again by Dell in 2012.

SonicWall Hits Its Stride (2016-Today)

2016 brought three important developments. That year, SonicWall was acquired by Francisco Partners, who rebranded the company as “SonicWall.” Cybersecurity and networking veteran Bill Conner was named SonicWall president and CEO, a position he has held ever since. And SonicWall’s SecureFirst partner program, designed to support, recognize and provide resources to SonicWall partners, also made its debut that year.

More big announcements would follow as the 2010s wound down, including the unveiling of the SonicWall Capture Cloud Platform, Real-Time Deep Memory Inspection (RTDMI™) technology, and Capture Security Center, all of which would further cement SonicWall as a leader in advanced threat protection.

These developments laid the groundwork for the arrival of SonicWall’s Boundless Cybersecurity platform in 2020. While the arrival of the COVID-19 pandemic elevated the need for secure remote work, SonicWall had long anticipated this shift and was ready to meet it head on.

As a result, the Boundless Cybersecurity platform, two years in the making, was primed to help businesses quickly and securely meet their business continuity needs in a work reality where everyone is remote, mobile and unsecure. Designed to close the cybersecurity gap created by an increase in attack surface and a shortage of cybersecurity personnel, the Boundless Cybersecurity model allows businesses to know the unknown, provides real-time visibility and enables breakthrough economics.

Today, SonicWall has brought the vision of Boundless Cybersecurity to more than 500,000 customers in 215 countries, and, on the heels of a two-year refresh of its product portfolio, the company is ideally suited to continue helping businesses of all sizes face the ever-changing threat landscape.

“While the last five years were important chapters in this journey, we have more goals to achieve, milestones to mark and history to be made,” SonicWall President and CEO Bill Conner said. “SonicWall is always forward-looking. And that’s how the company — and its people — have been a mainstay in the industry for more than 30 years.”

Microsoft Security Bulletin Coverage for August 2021

/in /by

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2021. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
IPS 2045: Windows NFS Remote Code Execution (CVE-2021-26432)

CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability
IPS 2044: Scripting Engine Memory Corruption Vulnerability (CVE-2021-34480)

CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 207: Malformed-File exe.MP.197

CVE-2021-36948 Windows Update Medic Service Elevation of Privilege Vulnerability
ASPY 208: Malformed-File exe.MP.198

The following vulnerabilities do not have exploits in the wild :
CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26430 Azure Sphere Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-33762 Azure CycleCloud Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34484 Windows User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-34486 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34487 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34524 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-34536 Storage Spaces Controller Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-34537 Windows Bluetooth Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-36941 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-36942 Windows LSA Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-36943 Azure CycleCloud Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.

The Top 12 Cybersecurity Books – Recommendations from SonicWall Leadership and Employees

/0 Comments/in /by

In celebration of National Book Lover’s Day, we polled SonicWall leadership and employees for the all-time standout cybersecurity books. Here’s what they recommend.

Cybercrime headlines have become a regular fixture in the daily news. As we connect to the internet for everything from work and school to social interactions, cybercriminals have taken advantage of a widening pool of potential targets.

According to the latest data in the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, ransomware attacks were up 151% year to date through June 2021. In fact, SonicWall Capture Labs threat researchers recorded more ransomware attacks during the first half of 2021 than all over 2020.

As a result, cybersecurity has grown from a dedicated technology industry to a general interest topic. That’s why we’ve put together a list of cybersecurity books that everyone should — and can — read. From our employees’ responses, we’ve crafted a list of books that share wisdom gained from real-life experiences and threat research, all while providing a highly entertaining read.

  1. The Smartest Person in the Room
    2021, Christian Espinosa
    Christian Espinosa has poured his experience as an IT engineer and company CEO into this book with a fresh approach to cybersecurity. The book is detailed with business management insights and guidance for strategic planning. It is designed to help executives and managers solve the weakest link in cybersecurity: people. According to Espinosa, high intelligence and talent lose meaning when companies lack effective communication, intelligence and self-confidence, leaving organizations weak and vulnerable to exploitation. Espinosa outlines a seven-step methodology for turning a company’s greatest weakness into robust defense against the most common cyberthreats.
  2. Practical Cyber Security for Extremely Busy People
    2020, Daniel Farber Huang
    A guidebook written in concise, easily consumed sections designed to help individuals take actional steps to protect themselves, their families and their careers from cyber threats and online exploitation. Learn how to prevent companies from tracking your online movements, secure your online bank accounts and prevent identity theft. This book makes personal cybersecurity less intimidating and more efficient for any internet user.
  3. Cybersecurity and Cyberwar: What Everyone Needs to Know
    2014, P.W. Singer, Allan Friedman
    New York Times best-selling author P. W. Singer and renowned security expert Allan Friedman give us a simple and informative resource for deciphering our ongoing problems with cybersecurity. The narrative is wrapped around several essential questions: how cybersecurity works, why it matters and what we can do to help it along. The narrative is well-illustrated, with excellent stories and anecdotes that offer important and entertaining points about major players in cybersecurity.
  4. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
    2015, by Kim Zetter
    Kim Zetter is an investigative journalist who is well-known for her coverage of cybersecurity and national security issues. While this book is a bit older, it builds a case for the identity of the creator of Stuxnet and how the malware was used to sabotage Iran’s nuclear production infrastructure. In addition, the book illustrates how the malware went on to trigger a new age of warfare and threat. Finally, Zetter goes beyond the history of hacking attacks and makes several predictions about new threats we face.
  5. Social Engineering: The Science of Human Hacking
    2018, Christopher Hadnagy
    Written by Christopher Hadnagy, an IT educator and entrepreneur, Social Engineering illustrates how ‘social’ hackers think. Hadnagy points out that it’s much easier to trick someone into sharing their passwords than to exert the brute force necessary to hack into a system. This book examines social hackers’ psychological tactics and tricks to steal identities, commit fraud, and gain access to even the largest and most well-protected enterprise computer systems.
  6. The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
    2018, by David E. Sanger
    Written by New York Times national security correspondent David Sanger, The Perfect Weapon describes the confluence between cyberweapons and geopolitics. Sanger summarizes how hacking tools have transformed into cheap weapons utilized by democracies, despots, and terrorists alike and used virtually anonymously. Sanger reminds us that two American presidents — Bush and Obama — showed the world how it is done by launching the first massive state attack to destroy Iran’s nuclear centrifuges. Yet, ironically, America and its allies were badly unprepared when other state actors tuned the very same weapons against them. This book should be on everyone’s list because it illustrates “the perils of technological revolution, where everyone is a target.”
  7. Cult of the Dead Cow
    2019, Joseph Menn
    Author Joseph Menn describes his life as a teenage member of a hacker’s ‘club’ with a weird name. Menn explains the group’s genesis, how they worked, a few of their exploits, and how they became the country’s oldest and most respected ethical hacking group. According to Menn, the group coined the word “hacktivism” to force large corporations to rethink security protocols and protections for personal data. As of the book’s publication, the group and its followers are still engaged in hacktivism against misinformation and promoting security measures that help make personal data safer.
  8. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
    2019, Andy Greenberg
    Author Andy Greenberg, a senior editor for WIRED magazine, writes a riveting narrative about a series of devastating cyberattacks that span three years (from 2014 to 2017) that started with utility companies in the U.S. and Europe and NATO administrative offices. The attacks resumed with a well-known deployment of malware known as NotPetya that paralyzed global corporations, railways, postal services, hospitals and did about $10 billion in damage. At the time, it was an unprecedented and the most destructive cyberattack the world had seen. Greenberg’s examination explores the realities of state-sponsored cyberattacks and still-relevant insights on the implications of a new type of global warfare.
  9. The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
    2019, by Richard A. Clarke, Robert K. Knake
    The Fifth Domain is written by two former U.S. presidential cybersecurity officials, Richard Clarke and Robert Knake. The authors open by listing the four known domains of warfare —land, air, sea, and space — adding the fifth domain: cyberspace. Next, they offer detailed profiles of several high-profile attacks and the lessons learned. Finally, the deeper dive gives us technical details about system resiliency that corporations and organizations can adopt to keep them out of trouble.
  10. Cyber Warfare – Truths, Tactics & Strategies
    2020, Dr. Chase Cunningham, foreword by Gregory J. Touhill
    This book clearly and plainly defines strategies and tactics for cybersecurity. Written by retired chief U.S. Navy cryptologist and cyber forensic analyst Dr. Chase Cunningham, the book is a quick read and easily digestible despite some of the high-level technical narratives. Readers gain an understanding of the tactics that threat adversaries use in the modern distributed IT world. Dr. Cunningham also dives into emerging cybersecurity issues such as machine learning, artificial intelligence, and deep fakes.
  11. Tribe of Hackers: Security Leaders
    2020, Marcus J. Carey and Jennifer Jin
    This volume is one of four books under the “Tribe of Hackers” title, written for people who want to work and succeed in the expanding field of information security. One of the series’ best editions, the book focuses on leadership training specifically for cybersecurity in a collection of essays written by non-corporate global thinkers from the field. Published by Wyle, a publisher that specializes in nonfiction business instructionals, this book and the companion series is a great way to kick off a career or grow an existing one.
  12. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
    2012, Kevin Mitnick
    Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escapes — and a portrait of a visionary who forced the authorities to rethink the way they pursued him, and forced companies to rethink the way they protect their most sensitive information.

Honorable Mention

It may not be a book about cybersecurity, but we cannot end this list without mentioning this upcoming release from Colonel Chris Hadfield.

Colonel Hadfield left a lasting impression on SonicWall employees globally when he kicked off the global Boundless 2020 virtual partner conference last August. Hadfield is set to release The Apollo Murders, a fictional account of three astronauts in a tiny spaceship, a quarter million miles from home, in October 2021. His debut thriller, The Apollo Murders is a high-stakes thriller unlike any other. Hadfield captures the fierce G-forces of launch, the frozen loneliness of space, and the fear of holding on to the outside of a spacecraft orbiting the Earth at 17,000 miles per hour as only someone who has experienced all of these things in real life can.

Cybersecurity News & Trends

/0 Comments/in /by

This week, the tectonic Mid-Year Update to the 2021 SonicWall Cyber Threat Report continued to reverberate in the press, while SonicWall President and CEO Bill Conner finds himself selected for two CRN leadership lists. In other news, hackers hit Microsoft and diplomats, a Joint Cyber Defense Collaborative goes active, U.S. Senators’ “horror show,” the U.S. State Department (and other agencies) get low scores for cybersecurity, and Swisslog’s “Swiss cheese” problem.

SonicWall in the News

How remote work raises the risks of cyberattacks — Axios

  • SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report continues to feature prominently in the press. Axios noted that as the pandemic drove more of the American workforce into remote offices, cyberattacks increased. The story cited stats from the report: Between 2019 and 2020, ransomware cyberattacks rose 62% worldwide and 158% in North America.

How remote work raises the risk of cyber and ransomware attacks— Yahoo! News

  • SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report also appeared in Yahoo! News. The story highlighted the mention of stats from the FBI that observed a 20% rise in cyberattacks between 2019 and 2020. Also, from the report, the collective cost of ransomware attacks reported to the bureau rose more than 200% in 2020 to roughly $29.1 million.

The Challengers Power List— Forbes India

  • SonicWall’s own Debasish Mukherjee, VP of Regional Sales, APAC, was featured in a discussion about how businesses have faced pandemic challenges head-on and helped their companies grow. Mukherjee goes into detail on how SonicWall bridges cybersecurity gaps for enterprises, governments, and SMBs.

The Top 25 I.T. Innovators Of 2021— CRN

  • Bill Conner, President and CEO of SonicWall, was named to CRN’s Top 25 Innovators of 2021 list for his work evolving SonicWall beyond the firewall to deliver security for the endpoint, email and cloud. He also helped develop Cloud Edge Secure Access to allow customers to control and protect network access to managed and unmanaged devices based on identity, location and device parameters.”

The Top 100 Executives Of 2021— CRN

  • Bill Conner, President CEO of SonicWall, also found himself on CRN’s Top 100 Executives for 2021. CRN honors leaders who are setting the pace for the rest of the I.T. industry.

Industry News

Microsoft Exchange Used to Hack Diplomats Before 2021 Breach— Bloomberg

  • Late last year, while investigating the hack of an Italian retailer, researchers at the Los Angeles-based cybersecurity company Resecurity stumbled across five gigabytes of stolen data squirreled away on a cloud storage platform. During the previous three and half years, hackers stole the data from foreign ministries and energy companies by hacking their on-premises Microsoft Exchange servers.

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats— The Wall Street Journal

  • The U.S. launched the Joint Cyber Defense Collaborative and tapped Amazon, Google, Microsoft, and other companies to help combat ransomware and other cyberthreats. The creation of the joint initiative follows massive cyberattacks on critical U.S. infrastructure. “This will uniquely bring people together in peacetime so that we can plan for how we’re going to respond in wartime,” says Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Senators highlight national security threats from China during rare public hearing— The Hill

  • The Senate Intelligence Committee held a rare public hearing earlier this week to stress the increased threats posed by mainland Chinese hackers to U.S. national security, U.S. companies, and intellectual property. One top senator described the situation as a “horror show.” According to the committee, the threats include Chinese cyberattacks against U.S. companies and critical organizations that resulted in the theft of billions of dollars in U.S. intellectual property.

A US official explains why the White House decided not to ban ransomware payments— The Hill

  • The Biden administration backed away from banning ransomware payments after meetings with the private sector and cybersecurity experts. According to reports, experts and business leaders helped shift that view following high-profile hacks against Colonial Pipeline, JBS, and Kaseya, a Florida-based IT firm.

New Hacking Group Shows Similarities to Gang That Attacked Colonial Pipeline— The Wall Street Journal

  • Cyberthreat investigators say that a new hacking group recently emerged with similar techniques used by a group that successfully hacked the Colonial Pipeline Co. earlier this year. The new group, named BlackMatter, has cryptocurrency wallets and ransomware strains similar to those used by the former group.

Ransomware Gangs and the Name Game Distraction — Krebs on Security

  • Brian Krebs takes a deep dive into notable ransom gang reinventions over the past five years. “Reinvention is a basic survival skill in the cybercrime business,” says Krebs. “Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity.”

Energy group ERG reports minor disruptions after ransomware attack — Bleeping Computer

  • This week, ERG, an Italian energy company, reported that it experienced “only a few minor disruptions” to its information and communications technology infrastructure following a ransomware attack on its systems.

The State Department and 3 other U.S. agencies earn a D for cybersecurity — Ars Technica

  • Cybersecurity at eight federal agencies is so poor that four of them earned D grades, three got Cs, and only one received a B in a report issued Tuesday by a U.S. Senate Committee. This report comes two years after another damning cybersecurity report. Again, auditors find that little has improved.

Nearly 450K patients impacted by Orlando Family Physicians phishing attack— S.C. Magazine

  • Orlando Family Physicians (OFP) recently notified 447,426 patients that their data was potentially compromised during a successful phishing attack in April. The breach tally makes the OFP incident among the ten largest reported in U.S. health care this year.

Supply chain attacks are getting worse, and you are not ready for them— ZDNet

  • The European Union Agency for Cybersecurity (ENISA) analyzed 24% supply chain attacks and warned that current defenses against threats are insufficient. The ENISA report focused on advanced persistent threat (APT) supply chain attacks, noting that the coding was not very advanced, the planning and staging were complex.

White House cyber chief backs new federal bureau to track threats — The Hill

  • On Monday, National Cyber Director Chris Inglis made a case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents to ensure that the country has an early warning system to understand attack vectors and targets.

FTC’s right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers— Cyberscoop

  • The Federal Trade Commission recently voted unanimously to enforce rules against manufacturers who make it difficult for consumers to fix their own devices. Unfortunately, while a significant win for the “right-to-repair” movement for consumer advocates and owners of devices, this move is also a big win for hackers.

PwnedPiper vulns have potential to turn Swisslog’s PTS hospital products into “Swiss cheese,” says Armis — The Register

  • An investigation by security experts at Armis discovered severe vulnerabilities in Swisslog PTS hospital products used by 80% of U.S. hospitals. Security problems were so bad that analysts said that they had the potential to turn Swisslog’s products into “Swiss cheese.”  Among the vulnerabilities that were uncovered: hardcoded passwords, unencrypted connections, and unauthenticated firmware updates. Patches have been released.

In Case You Missed It

Advantech R-SeeNet ping.php Command Injection Vulnerability

/in /by

Overview:

  Advantech R-SeeNet is a monitoring application that runs on a server and its job is to collect information from the routers, store it, process it and present it to a network administrator. R-SeeNet consists of two parts: R-SeeNet server and R-SeeNet PHP web-based application. R-SeeNet server is the non-visible part responsible for querying the routers and gathering information. The application also stores the recorded information into a MySQL database. R-SeeNet PHP web-based application is responsible to show both individual statistics and also whole network status.

  A command injection vulnerability has been reported in Advantech R-SeeNet. The vulnerability is due to insufficient validation of the parameter in ping.php.

  A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation could result in arbitrary command execution in the security context of web server on the target server.

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-21805.

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C).

  Base score is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is none.
    • User interaction is none.
    • Scope is changed.
    • Impact of this vulnerability on data confidentiality is high.
    • Impact of this vulnerability on data integrity is high.
    • Impact of this vulnerability on data availability is high.
  Temporal score is 9.4 (E:P/RL:U/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is proof of concept.
    • The remediation level of this vulnerability is unavailable.
    • The report confidence level of this vulnerability is confirmed.

Technical Overview:

  R-SeeNet web application server can send ping packets to other devices and get their status when receiving a request to the “ping.php” endpoint as below:

  

  Where the hostname parameter value contains the IP address or host name of a remote device.

  A command injection vulnerability exists in the Advantech R-SeeNet. When processing the request submitted to the ping.php endpoint, ping.php will first check if it is running on Windows platform. If not, it will construct a ping command-line string as below:

  ping -c 5 -s 64 -t 64 hostname

  Where the hostname is the value of the hostname request parameter. Then, it will use the PHP popen() function to execute the constructed ping command-line string and read its output.

  However, the ping.php does not sanitize the hostname parameter before using it to construct the ping commandline string. An attacker can submit a malicious command embedded in the value of the hostname parameter to the target server. The malicious command will then be appended to the constructed ping command line string. This could allow for the execution of arbitrary commands on the underlying system when ping.php calls PHP popen() to run the ping command-line string.

  A remote, unauthenticated attacker can exploit the vulnerability by sending crafted requests to the server. Successful exploitation could result in arbitrary command execution with web server privileges on the target server.

Triggering the Problem:

  • The target system must have the vulnerable product installed and running.
  • The attacker must have network connectivity to the affected ports.

Triggering Conditions:

  The attacker sends an HTTP request containing maliciously crafted parameters to the target server. The vulnerability is triggered when the server processes the request.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • HTTP, over port 80/TCP

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 15657 Advantech R-SeeNet ping.php Command Injection 1

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Blocking the affected ports from external network access if they are not required.
    • Filtering traffic based on the signature above.
  The vendor has not released any advisory regarding this vulnerability.

SonicWall Earns Another Perfect Score from ICSA Labs for Q2

/0 Comments/in /by

Cybercrime has been on the rise for more than a year now — and lately, it seems to be picking up steam. As we detailed in the mid-year update to the 2021 SonicWall Cyber Threat Report, ransomware hit record highs in the first half of 2021, rising an unprecedented 151% year-to-date. Other forms of threat, such as cryptojacking and IoT malware attacks, have also continued to climb.

With cybercriminals growing in strength, number and sophistication, the real-world validation that comes with third-party certification is more important than ever. That’s why we’re pleased to announce that SonicWall Capture Advanced Threat Protection (ATP) received a 100% score from ICSA Labs for Q2 2021 — the second perfect score earned by SonicWall’s multi-engine cloud sandbox service in a row, and the sixth consecutive certification for Capture ATP overall.

Capture ATP uses patented Real-Time Deep Memory InspectionTM (RTDMI) technology to catch the most advanced and unknown malware faster than traditional behavior-based sandboxing methods — all with fewer false positives. The results of the most recent testing cycle are a testament to this effectiveness: Capture ATP detected 100% of new and little-known threats without issuing a single false positive.

During 33 days of comprehensive and continuous evaluation, SonicWall Capture ATP was subjected to 1,144 total test runs, which included 544 malicious samples — 216 of them four hours old or less.

Not only did Capture ATP identify all these malicious samples, it did not incorrectly flag any of the 600 innocuous apps that were also included in the test runs. According to the report, “On 33 of 33 days during the Q2 2021 test cycle, SonicWall Capture ATP was 100% effective.”

These results are just one indication of the potential found within Capture ATP’s machine-learning capabilities. Capture ATP’s RTDMI technology continually grows faster, more vigilant and more intelligent. According to SonicWall Capture Labs, each year since its introduction, RTDMI has identified significantly more threats than the previous year: in the first six months of 2021, it identified 54% more never-before-seen threats than it did the first half of 2020.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.

What is ICSA Advanced Threat Defense Testing?

Standard ICSA Labs Advanced Threat Defense (ATD) testing evaluates vendor solutions designed to detect new threats that traditional security products miss. In testing, ICSA delivers malicious threats with the primary threat vectors that lead to enterprise breaches according to Verizon’s Data Breach Investigations Report. The test cycles evaluate how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives.

SonicWall President and CEO Bill Conner Recognized on CRN’s 2021 Top 100 Executives List

/0 Comments/in /by

Olympic athletes are not the only ones being recognized for their hard work and commitment this summer. CRN has once again named SonicWall President and CEO Bill Conner to its 2021 Top 100 Executives list and honored him in the Top 25 IT Innovators of 2021 sub-category.

The annual list honors the passionate and hard-working technology executives who are supporting, growing and redefining the IT channel. These executives have demonstrated their commitment to the channel and proved themselves as exemplary leaders through their innovative channel-focused strategies and initiatives.

“The SonicWall channel is the heartbeat of our company that has propelled us forward for the last 30 years,” said Conner. “We have been 100% driven by the channel since our founding, and it is our mission to thank those partners by providing them with the technology, tools and support they need in order for them to achieve success and bypass their goals.”

CRN’s Top 100 Executives list acknowledges the tech visionaries who are blazing new trails within the larger IT space. It honors executives across four sub-categories: the 25 Most Influential Executives, Top 25 Channel Sales Leaders, Top 25 Innovators and Top 25 Disruptors, each with its own set of strengths that impact the IT channel.

“New technology trends, such as the shift to remote work, cloud computing, SaaS, and IoT, have forced companies to rapidly adapt to an IT landscape that gets more complex by the day,” said Blaine Raddon, CEO of The Channel Company. “However, with IT executives like those featured on our CRN 2021 Top 100 Executives list leading the charge, those same companies are better equipped to tackle modern IT challenges. These leaders have demonstrated an unceasing commitment to business growth and IT innovation, and I have no doubt they’ll continue to do so as new challenges arise.”

Founded in 1991, SonicWall first sought to onboard top resellers, VARs and system integrators that focused on providing high quality, affordable inter-networking solutions to small- to medium-sized businesses (SMB) and educational institutions. Today, SonicWall has grown to more than 17,000 channel partners worldwide.

SonicWall is credited for building the award-winning SecureFirst partner program in 2016 that grew 500% in one year as partners around the world were re-introduced to products and comprehensive offerings.

For more information on how to become a SonicWall partner visit, www.sonicwall.com/partners/become-a-partner.