Bring the Power of RTDMI Analysis On-Premises with CSa 1000

/0 Comments/in /by

Our cloud-based Capture Advanced Threat Protection (ATP) service has been a great success across the SonicWall ecosystem since its introduction in 2016. With hundreds of thousands of networks around the world protected by Capture ATP, the security provided to our customers only continues to get stronger through a powerful network effect.

The advanced multi-engine sandboxing technology and our patented Real-Time Deep Memory InspectionTM (RTDMI) technology that comprise the Capture ATP service are built to detect the latest evasive malware and prevent it from landing on end-user machines with technologies like Block Until Verdict.

All products in the SonicWall portfolio plug into this powerful Capture ATP engine to provide advanced protection no matter where the user is: endpoint, network, wireless, email, SaaS cloud, private cloud, public cloud and even in remote access products.

Mitigate data residency, performance challenges

However, not all organizations can take advantage of this powerful protection against unknown, previously unseen threats. There may be a variety of reasons for this, including regulatory requirements, country-wide data residency requirements, performance reasons and more.

For example, a government organization in Canada may not be able to send files to a data center in the United States for analysis. A financial services company in the U.K., likewise, might not want to send its files to Germany or the U.S. A school with thousands of students might get overwhelmed if it had to send the thousands of files constantly in flight across its network to the cloud for analysis.

For that reason, we’re happy to introduce the Capture Security Appliance (CSa) 1000, which brings the power of RTDMI into a fast and efficient 1U form factor. We’ve already bragged about RTDMI’s ability to spot evasive malware days and weeks before other malware engines are able to identify it. Now that power can be deployed for a broader set of customers.

The CSa 1000 has another use, in addition to providing ATP services to SonicWall customers.

Non-SonicWall customers can use the CSa 1000 API capabilities to tap into the power of RTDMI for their internal workflows. A website portal for file submissions in an insurance company can ensure that malicious PDF and Office documents do not land on its network. Threat analysts inside of large organizations can script against the CSa 1000 API to rapidly assess whether a suspicious file that they gathered as part of evidence collection is malicious or benign.

The CSa 1000 aggregates files coming from all sources — firewalls, email security appliances and API sources — into a single console that allows one to view the activity across the network, schedule reports, analyze individual files, etc. It can scan approximately 2,500 files per hour when there’s a typical mix of file types, or approximately 300 files per hour when they’re executables that require deep dynamic analysis.

Analysis on the CSa 1000 is performed in three stages:

  • Reputation Check
    The appliance checks the reputation of the file and whether it’s been seen across our worldwide threat research network. The lookup occurs with a file hash, without the file ever leaving the appliance, in order to respect the data ownership requirements. Even this hash-based lookup can be disabled for customers who wish for absolutely zero evidence of the files that traverse their networks.
  • Static Analysis
    If the reputation lookup cannot determine whether the file is clearly benign or malicious, the file moves to the Static Analysis stage. This is a method of analysis that observes and deconstructs the file into its basic characteristics and extracts artifacts that can be used in a variety of models, including machine learning models, to quickly correlate the observed characteristics with files previously classified as malicious.
  • Dynamic Analysis
    This is where RTDMI dynamic analysis fully kicks in for the deepest level of analysis. The suspicious file is allowed to execute in a custom virtualized environment that is monitored by RTDMI, without the suspicious file being aware of the observation. Then, when the suspicious file unveils code that exhibits characteristics of being malicious, the RTDMI engine detects it and acts accordingly. How can it do that? Well, that’s the “secret sauce,” but it is devastatingly effective against obfuscation and evasion techniques deployed by malware writers. RTDMI doesn’t care what encryption, packing techniques or obfuscation techniques the malware uses. The malware is observed in memory at a near-real-time speed, so when the malware finally unpacks its actual payload, RTDMI can pounce and report on the activity.

At launch, the CSa 1000 will also support closed-network operation for the most sensitive networks, in which case the appliance does not initiate any internet connections and needs to be updated manually.

To learn more about CSa 1000, please visit the new product page. Customers who would like to use the API can also find code samples to get started at www.github.com/sonicwall.

SonicWall NSM: Centralized Firewall Management that Scales for Any Environment

/0 Comments/in /by

As your organization expands, the need for rapid deployment of firewalls and other security services underscores the importance of unified security management — particularly if you’re a large, distributed enterprise or MSSP. Meanwhile, managing firewall operations, responding to risks and ensuring strong security measures and access controls are in place continue to be complex daily challenges. This has everyone, from C-level executives to security operators, asking some very nerve-racking questions:

  • Is our SecOps team overburdened with managing complex and perhaps even fragmented firewall silos?
  • How often do we experience inconsistent firewall policy implementations or policy misconfigurations, omissions or conflicts that cause security vulnerabilities that ripple across the organization?
  • Does our team have the required visibility and insight into these potential risks to respond quickly?
  • How we are measuring against our own internal security audits?

To help you address these tough questions, SonicWall is introducing Network Security Manager (NSM), a multi-tenant centralized firewall manager built for the cloud. NSM puts you in command of your firewall operations and lets you see and manage risks across your firewall ecosystem — all from one easy-to-use cloud app.

To borrow a “Star Trek” reference, when using NSM, you’ll have the “conn.” Device templates and configuration deployment wizards allow for central orchestration of firewall management while reducing policy misconfigurations and human error. The modern UI has been redesigned with a user-first emphasis and is intuitive and visually stunning. The menus, navigation and workflows have been simplified, and are logically organized and streamlined. By simplifying what was once complex, labor-intensive and error-prone, NSM gives you the power to be more effective, aware and in control.

Be in control

Built using cloud-native architecture like microservices and containers, NSM can infinitely scale on demand. Combined with NSM’s tenant-level manageability and visibility and its group-based device control, this unlimited scalability allows you to centrally deploy and manage an unlimited number of firewall devices, device groups and tenants while eliminating firewall silos.

NSM also gives you the ability to synchronize and enforce consistent security and policies across on-prem and cloud environments. And with NSM’s user-friendly cloud console, you can do it all from any location, using any browser-enabled device.

Be more effective

NSM gives you the tools to work smarter and take security actions faster with less effort. Workflows are guided by business processes and designed to simplify — and in some cases, automate — tasks to reduce the time and overhead of performing everyday security operations. For example, you can:

  • Track all managed firewalls from a single view and take administrative actions — including editing settings; synchronizing firewalls; upgrading software, audit or backup configurations; managing commits; scheduling reports; and more — directly from a unified device table
  • Onboard and operationalize hundreds of firewalls, switches and access points remotely through NSM’s significantly enhanced zero-touch deployment
  • Deploy configuration changes easily with an intuitive, four-step Commit and Deploy wizard
  • Use the REST API service to automate firewall operations — including device group and tenant management, audit configurations, performing system health checks and more — programmatically for any managed SonicWall firewalls.

Be more aware

NSM’s interactive dashboard features real-time monitoring and provides comprehensive reporting and analytics data. This allows security analysts and operators to troubleshoot problems, investigate risks and take smart security policy actions. NSM’s executive dashboard can help guide decision makers with security planning and policy actions, giving C-level executives the tools to better understand current threat activities and monitor company security posture. This data can also be used to determine whether internal security requirements are being met, whether to build risk management into the business strategy, or both.

… all with a lower TCO.

NSM can help lower overall TCO with its cloud-native SaaS offering. There’s no HW/SW to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation and retirement costs. Instead, organizations simply pay a low, predictable yearly subscription cost.

The UX/UI usability enhancements further reduce IT overhead, as management workflows are simplified for maximum efficiency. SecOps can easily find what they need and get things done with far fewer screens and clicks.

Deployment use cases

Since NSM is built for the cloud, it can fundamentally scale to support any environment — from a single small network with a few firewalls to a multi-tenant enterprise or MSSP environment with hundreds of security nodes under each tenant.

In small businesses with several managed firewalls, users can deploy a simple template for the firewalls in the DMZ zone and a different template for firewalls on the LAN to provide simple access control.

NSM also features a strong set of enterprise-level capabilities. Using a combination of features such as zero-touch, device group, template, and commit and deploy, admins can create and deploy a configuration template for each defined group of devices and apply it independently. This gives SecOps teams total operational control over how, what, where and when to manage their firewall operations.

Let’s take it a step further with a typical use case for a distributed enterprise — in this case, a major brand retailer with multiple outlets. This network infrastructure divides multiple locations around the country based on geography. In each location, NSM has multiple device groups created and categorized as Stores, Warehouses and Datacenter. It then commits and deploys a template to multiple device groups on the same network or over multiple networks.

Unlike a distributed enterprise, an MSSP manages multiple tenants in different locations. Each tenant has completely different ways of organizing devices and varying security requirements for each network. In this use case, a specific template or multiple templates can be created and applied to every tenant. Those assigned templates are considered local to a tenant. MSSP also has the flexibility to apply a global template to multiple device groups across all managed tenants to enforce consistent security measures on everything they manage.

In summary, although NSM is typically used by SecOps to run the day-to-day firewall operation, the use cases and benefits extend to other key stakeholders, from C-level executives to security analysts and IT leaders.

To learn more about NSM, visit www.sonicwall.com/nsm

New SonicWall NSsp 15700 Firewall: Security for Modern Enterprises

/0 Comments/in /by

When it comes to solving business challenges, enterprises are generally eager to adopt new technologies, such as cloud computing, workforce mobility and automation. But now, many enterprises are finding their digital transformation journey laden with new challenges, including a surge in the number of connected devices, millions of encrypted connections, increased bandwidth needs, continually evolving evasive attacks and increased operational costs. On top of that, the uncertainty accompanying the COVID-19 pandemic has just redefined something as basic as the way work gets done.

To solve these challenges, enterprises want to deploy best-of-breed technologies while minimizing costs. However, many point products in the market pose challenges of their own, including management complexity, lack of interoperability, complicating or preventing unified security, and compliance requirements necessitating multiple appliances. All of these can lead to an explosion in overall operating costs.

Introducing SonicWall NSsp 15700: a NGFW for Enterprises, Government, Higher Ed & MSSPs

The SonicWall Network Security Services Platform (NSsp) 15700 is a next-generation firewall (NGFW) with multiple 100/40/10Gb interfaces that can process millions of connections. Its high-speed connectivity and large port density — coupled with superior IPS and TLS1.3 inspection support — make the new NSsp 15700 is an ideal threat protection platform for enterprise internet edge and data center deployments. And the newly introduced multi-instance capability (modern multi-tenancy) allows MSSPs and enterprises to provide guaranteed performance, reliability and availability while adhering to service level agreements.

SonicWall NSsp 15700 combines validated security effectiveness and best-in-class price performance in a high-end, multi-instance-capable next-generation firewall.

What’s New

High-speed connectivity with built-in redundancy

NSsp 15700 is an energy-efficient, reliable appliance in a compact 2U chassis. Powered by the next-generation SonicOSX 7.0 operating system, it is capable of processing millions of encrypted and unencrypted connections to deliver the uncompromised security required for large organizations.

The high-port-density NSsp 15700 includes 6x100GbE, 4x40GbE and 16x10GbE interfaces. It features a dedicated management port, 960GB of built-in storage, and redundant PSU and fans.

Specifications at a glance:

  • Up to 82Gbps of threat prevention performance
  • Up to 85Gbps of application inspection performance
  • Up to 21Gbps of TLS inspection performance
  • Up to 80 million stateful and 50 million DPI connections
  • 100/40/10GbE interfaces
  • Redundant power supply and fans

Powered by the new SonicOSX 7.0

The SonicWall NSsp 15700 is powered by SonicOSX 7.0, a new operating system built from the ground up to feature a modern user interface, intuitive workflows and user-first design principles. SonicOSX 7.0 provides multiple features designed for enterprise-level workflows, including support for TLS 1.3 encryption standard and Unified Policy, which brings Layer 3 and Layer 7 access and security under a single policy. SonicOSX 7.0 also introduces multi-instance architecture — including complete tenant isolation, resource reservation, and firmware and configuration management options — allowing MSSPs and organizations to offer multiple firewall instances on a single hardware appliance.

Major features:

  • Unified policy
  • Multi-instance architecture
  • Security services profiles
  • Configuration audit and change management
  • New application framework
  • Enhanced APIs
  • New dashboards for device, network, application, threats and Capture Advanced Threat Protection (ATP)
  • Notification center providing actionable alerts
  • Consistent look and feel between firewall and Network Security Manager (NSM)
  • Usage statistics for rules, objects and services

More details about the new SonicOSX 7.0 can be found here.

Unified Policy for modern enterprises

With Unified Policy Layer 3 to Layer 7, access and security controls are combined in a single policy to reduce rule management overhead and provide a centralized location for policy configuration. Security services like Gateway Anti-Virus, Anti-Spyware, Capture Advanced Threat Protection (ATP), Intrusion Prevention and Geo-IP Filtering can be enforced per policy to provide greater flexibility for enterprises.

The SonicWall NSsp 15700 features an intuitive interface of contextual security policies and actionable alerts, all manageable with point-and-click simplicity. This helps administrators reduce configuration errors and deployment time, improving overall security posture. Views such as “shadow rules,” “active and inactive,” and “used and unused” help with maintaining overall rule hygiene.

Multi-instance architecture — the modern multi-tenancy

SonicWall has taken a modern approach to legacy multi-tenancy with its multi-instance, containerized architecture. This feature enables the platform to run multiple independent firewall instances on the same hardware without having to manage multiple appliances. The ability to establish degrees of separation across business units or customers helps enterprises and MSSPs meet their compliance requirements.

While traditional multi-tenancy architectures suffer from resource starvation and tenant failures that can affect other tenants, SonicWall’s multi-instance architecture shines by allowing dedicated hardware resources, independent firmware and separate configurations for its instances.

The following comparison of multi-instance-based architecture comparison with legacy multi-tenant solutions clearly illustrates the superior value of NSsp 15700 solution.

SonicWall Multi-InstanceLegacy Multi-Tenancy
Containerized ArchitectureX
Complete Tenant IsolationX
Independent Firmware VersionsX
Independent Configurations and ManagementX
Multi-Service PotentialX
Single Tenant Failure ResistantX
Resource Starvation ResistantX
HA InstancesX
Multiple Firewalls on a Single Hardware

What’s more, NSsp 15700 offers huge cost savings by eliminating additional license costs for its instances and security services.

Overall Solution Value

With the introduction of the new NSsp 15700 NGFW, SonicWall continues its commitment to providing enterprise-class security at a very reasonable budget, all without compromising performance.

To learn more about the new NSsp 15700, watch the video or visit our website.

New SonicWall TZ570 and TZ670: Security for Modern SMBs and Branches

/0 Comments/in /by

Last weekend I was at a well-known retail chain location to pick up an online order. To comply with social distancing recommendations, businesses have been fulfilling online orders at the curb. What struck me was that small businesses and branches are continuing to find new normal ways to continue doing business — and that the pandemic has just redefined the way we interact, but not operate. Businesses, more than ever, are being overwhelmed by the sheer volume of network traffic and need security solutions that scale, accommodate ever-increasing broadband speeds and fit within their limited budgets.

While there are many products that claim to deliver these capabilities in an entry-level firewall, few offer a complete feature set with high performance at a low total cost of ownership. Some solutions don’t provide adequate protection from threats such as malware and ransomware, while others lack integrated features such as SD-WAN for branch locations. Modern branches continue to look for integrated, single-pane-of-glass management solutions for their network setup — including firewalls, switches and access points — at small-business price points.

Introducing TZ570 and TZ670 – Integrated SD-Branch Platforms

The new SonicWall TZ Series is the first small (desktop) form factor, business-class, deep packet inspection firewall on the market to feature multi-gigabit interfaces (10G/5G/2.5G). The new TZ line of products features state-of-the-art hardware designed to handle the requirements of small businesses and modern software-defined branches.

Let’s look at some of the major highlights of the new TZ series platforms:

Next-generation hardware platforms with industry-leading performance

The new TZ series platforms provide groundbreaking performance to deliver automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, all over multi-gigabit wired and 802.11ac Wave 2 wireless networks.

TZ670 is a high-port density firewall featuring 2x10GbE SFP+, 8x1GbE interfaces with a dedicated management port and 16GB of built-in storage. In addition to the multi-gigabit ports, high-speed processors and robust onboard memory, the new TZ series includes additional hardware enhancements that make it the ideal firewall for small businesses and distributed enterprises. For added redundancy, an optional second power supply is available in case of failure. An expandable secondary storage module of up to 256GB is provided to support various features, including logging, reporting, configuration backup and restore, and more. The TZ670 comes pre-populated with 32GB of secondary storage.

Specifications at a glance:

  • Up to 2.5Gbps of threat prevention performance
  • 10GbE Interfaces
  • 11ac Wave 2 wireless
  • Built-in storage expandable up to 256GB
  • Optional redundant power supply
  • USB 3.0 super speed ports for 5G/LTE USB modems

Secure SD-WAN platform for modern branches

The SonicWall TZ series represents the continuing evolution of SonicWall’s vision for a deeper level of network security without a performance penalty. More than simply a replacement for its predecessor, the new TZ series lineup addresses the growing trends in web encryption and mobility by delivering a solution that meets the need for high-speed threat prevention. To protect against more advanced threats such as unknown and zero-day attacks that are concealed in encrypted web traffic, the new TZ570 and TZ670 products utilize Capture, SonicWall’s cloud-based, multi-engine sandboxing service with patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technology.

With built-in SD-WAN (provided at no additional cost), routing and advanced security services — coupled with zero-touch provisioning of SonicWall switches, Dell X-Series & N-Series switches, and SonicWave access points through NSM —the new TZ platform provides the rapid deployments required for modern branch setups.

SonicOS 7.0 features modern-look UX/UI and TLS1.3 support

The new TZ products are powered by SonicOS 7.0, a new, modern user interface built from the ground up and designed with intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple new features, including support for the new TLS1.3 encryption standard. More details about the new SonicOS 7.0 can be found here.

Today, with the introduction of the new TZ570 and TZ670 integrated threat prevention SD-WAN platforms, SonicWall continues its commitment to providing enterprise-class security at small business budgets, without compromising on performance.

To learn more about the new TZ series, watch the video or visit our website.

Microsoft Security Bulletin Coverage for August 2020

/in /by

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability
IPS 15107:Scripting Engine Memory Corruption Vulnerability (CVE-2020-1380)
IPS 15109:Scripting Engine Memory Corruption Vulnerability (CVE-2020-1380)2

CVE-2020-1464 Windows Spoofing Vulnerability
ASPY 5983:Malformed-File msi.MP.1

CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability
IPS 15143:Windows Netlogon Elevation of Privilege Vulnerability(CVE-2020-1472)

CVE-2020-1480 Windows GDI Elevation of Privilege Vulnerability
IPS 2282:BAD-FILES: Suspicious Executable File Download 9

CVE-2020-1529 Windows GDI Elevation of Privilege Vulnerability
ASPY 5982:Malformed-File exe.MP.150

CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5452:Malformed-File exe.MP.64

CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability
IPS 15105:MSHTML Engine Remote Code Execution (CVE-2020-1567)

CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability
IPS 15106:Scripting Engine Memory Corruption Vulnerability (CVE-2020-1570)

CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability
ASPY 5981:Malformed-File exe.MP.152

CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability
ASPY 5980:Malformed-File exe.MP.151

CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 5979:Malformed-File exe.MP.153

Adobe Coverage:

CVE-2020-9697 Acrobat Reader Disclosure of Sensitive Data
ASPY 5984:Malformed-File pdf.MP.334

CVE-2020-9693 Acrobat Reader Arbitrary Code Execution
ASPY 5985:Malformed-File pdf.MP.335

Following vulnerabilities do not have exploits in the wild :

CVE-2020-0604 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1046 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1339 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1377 Windows Registry Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1378 Windows Registry Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1379 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1383 Windows RRAS Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1417 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1455 Microsoft SQL Server Management Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1459 Windows ARM Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1466 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1467 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1470 Windows Work Folders Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2020-1473 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1474 Windows Image Acquisition Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1475 Windows Server Resource Management Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1476 ASP.NET and .NET Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1477 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1478 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1479 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1483 Microsoft Outlook Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1484 Windows Work Folders Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1485 Windows Image Acquisition Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1486 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1487 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1488 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1489 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1490 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1492 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1493 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1494 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1495 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1496 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1497 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1498 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1499 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1500 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1501 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1502 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1503 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1504 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1505 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1509 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1510 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1511 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1512 Windows State Repository Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1513 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1515 Windows Telephony Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1516 Windows Work Folders Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1517 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1518 Windows File Server Resource Management Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1519 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1520 Windows Font Driver Host Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1521 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1522 Windows Speech Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1524 Windows Speech Shell Components Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1525 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1526 Windows Network Connection Broker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1527 Windows Custom Protocol Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1528 Windows Radio Manager API Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1530 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1531 Windows Accounts Control Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1533 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1534 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1535 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1536 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1537 Windows Remote Access Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1538 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1539 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1540 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1541 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1542 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1543 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1544 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1545 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1546 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1547 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1548 Windows WaasMedic Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1549 Windows CDP User Components Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1550 Windows CDP User Components Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1551 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1552 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1553 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1554 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1555 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1556 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1557 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1558 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1560 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1561 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1563 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1565 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1571 Windows Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1573 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1574 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1577 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1580 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1581 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1582 Microsoft Access Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1583 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1585 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1591 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1597 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.

New SonicWall SonicOSX 7.0 and SonicOS 7.0 Operating Systems Offer Visibility and Simplicity

/0 Comments/in /by

Businesses are embracing digital transformation, bringing about a new era of the anytime, anywhere business. Staffed by flexible employees and built on the principle of a distributed enterprise, the resulting proliferation of applications and data presents organizations with a major security challenge.

As enterprises grow, they must proactively manage security across several different locations: at headquarters, at software-defined branches (SD-Branches), at co-located data centers or in a variety of cloud locations. These locations are not siloed — applications and data move dynamically between them, forcing security to follow.

SonicWall physical and virtual firewalls provide high-performance security across a wide range of enterprises, but protecting all these security vectors requires the ability to consistently apply the right security policy to the right network control point — while keeping in mind that some security failures can be attributed to ineffective policies or misconfigurations.

To ensure effective policy provisioning, enterprises need dynamic visibility across the network. They need a boundless approach to network security policy management.

The SonicOS or SonicOSX architecture is at the core of every SonicWall physical and virtual firewall, including the TZ, NSa, NSv and NSsp Series. Our operating systems leverage our patented, single-pass, low-latency, Reassembly-Free Deep Packet Inspection® (RFDPI) and patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technologies to deliver industry-validated high security effectiveness, Secure SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

The latest TZ570/670 Series firewalls run on the brand-new SonicOS 7.0, which features advanced security, simplified policy management, and critical networking and management capabilities — all designed to meet the needs of distributed enterprises with next-gen SD-Branches and small- to medium-sized businesses.

With the introduction of the brand-new SonicOSX 7.0 and SonicOS 7.0, the SonicOS operating system is setting a new standard for usability. Built from the ground up, SonicOSX 7.0 architecture features Unified Policy management, which offers integrated management of various security policies for enterprise-grade firewalls such as SonicWall NSsp and NSv firewall series.

This OS upgrade brings about multi-instance support on NSsp series firewalls. Multi-instance is the next generation of multi-tenancy, where each tenant is isolated with dedicated compute resources to avoid resource starvation.

SonicOSX 7 also provides unified policy to provision L3 to L7 controls in a single rule base on every firewall, providing admins a centralized location for configuring policies. It comes with a new web interface born from a radically different approach: a user-first design emphasis. SonicOSX’s web-based interface presents meaningful visualizations of threat information, and displays actionable alerts prompting you to configure contextual security policies with point-and-click simplicity.

In addition to being more user friendly, the new interface is also more attractive than the classic version. In a single-pane view of a firewall, the interface presents the user with information on the effectiveness of various security rules. The user is then able to modify the predefined rules for gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, and deep-packet inspection of encrypted traffic in a seamless fashion. With Unified Policy, SonicWall delivers a more streamlined experience that reduces configuration errors and deployment time for a better overall security posture.

The Unified Policy gives your organization the ability to control dynamic traffic passing through a firewall and provides visibility and insight into the disparate policies that affect gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, deep-packet inspection of encrypted traffic and more. It helps simplify management tasks, reduce configuration errors and speed up deployment time, which all contribute to a better overall security posture.

To learn more, visit www.sonicwall.com/sonicos

Sicurezza, semplicità e valore con le nuove soluzioni SonicWall

/0 Comments/in /by

Se ne parlava da anni: il futuro è il telelavoro. Il nuovo ufficio è dove ci si trova. L’era del lavoro in mobilità porterà nuovi livelli di produttività, flessibilità e soddisfazione del personale.

Ma nessuno aveva previsto che la rivoluzione del telelavoro sarebbe arrivata tutta in una volta, né che sarebbe stata inevitabile. Nel bel mezzo della pandemia l’adozione di politiche di telelavoro ha contribuito a garantire non solo la sicurezza dei dipendenti, ma anche la continuità operativa. Ma la nuova imponente schiera di lavoratori da remoto e in mobilità del tutto impreparati ha portato con sé rischi mai visti prima per quanto riguarda la cybersecurity.

Se qualcosa di fondamentale come il modo di lavorare a livello mondiale può essere cambiato per sempre, i concetti alla base della cybersecurity illimitata sono più attuali che mai. Le organizzazioni devono proteggersi dalla crescita esponenziale dei punti di esposizione e dai rischi legati al personale che lavora da casa e in mobilità.

Devono poter essere in grado di bloccare i ciberattacchi noti e quelli sconosciuti che cercano di sfruttare qualsiasi vulnerabilità indotta dalla nuova normalità operativa. Inoltre devono mettere in sicurezza e riprogettare le reti ampiamente distribuite, per non farsi trovare impreparate per un futuro completamente diverso.

Mentre il mondo dell’informatica si trova a dover affrontare di petto queste sfide, SonicWall sta rafforzando il suo impegno per una cybersecurity illimitata.

Il futuro della cybersecurity illimitata di SonicWall è incentrato sulla semplificazione dell’esperienza della sicurezza. Stiamo intervenendo in quattro modi principali:

  • Fornire un’esperienza utente innovativa, razionalizzare i controlli di sicurezza della rete e consentire la visibilità su tutta la rete con un’interfaccia moderna, intuitiva e di facile comprensione
  • Semplificare l’esperienza di sicurezza per le imprese distribuite e gli enti pubblici con una piattaforma più accessibile, flessibile e facile da installare
  • Offrire alle organizzazioni diversi modi per aumentare la visibilità e mantenere il controllo dei dati, identificando e bloccando i ciberattacchi noti e quelli sconosciuti che si verificano nella nuova normalità operativa odierna
  • Ridefinire l’amministrazione della sicurezza per semplificarla e renderla più accessibile grazie ai nuovi firewall TZ multi-gigabit compatibili con la modalità a sfioramento, dotati di funzionalità SD-Branch sicure e di una consolle di gestione nativa per il cloud riprogettata

Oggi annunciamo uno dei più importanti lanci di prodotti nella storia della nostra azienda. Complessivamente, si tratta di un sistema operativo completamente nuovo con cinque tra nuovi prodotti e migliorie apportate alle soluzioni esistenti per la piattaforma Capture Cloud, vale a dire:

  • SonicOS 7.0: razionalizza l’esperienza della sicurezza con un’interfaccia altamente intuitiva, garantendo la familiarità e riducendo le esigenze di formazione e i tempi d’installazione. L’interfaccia utente e l’esperienza dell’utente riprogettate rappresentano un valido compromesso tra praticità e controllo, con pannelli di controllo dei dispositivi, topologie riprogettate, supporto dell’app mobile SonicExpress e semplificazione della definizione e della gestione delle politiche.
  • SonicOSX 7.0: contribuisce a rendere più efficienti i governi e le imprese distribuite grazie ai maggiori livelli di modularità, protezione e controllo. Il sistema operativo migliorato semplifica le politiche, le verifiche e la gestione, offrendo maggiori livelli di visibilità grazie a un’interfaccia utente e a un’esperienza dell’utente appositamente concepite per i governi e le imprese distribuite.
  • SonicWall Network Security Manager (NSM) 2.0 SaaS: si caratterizza per una velocità, una modularità e un’affidabilità senza precedenti per la gestione completa dei firewall nelle grandi aziende distribuite. Il NSM nativo per il cloud consente alle organizzazioni di ottimizzare, controllare, monitorare e gestire da qualsiasi luogo decine di migliaia di dispositivi di sicurezza di rete, compresi i firewall, gli switch gestiti e gli access point wireless sicuri attraverso una semplice interfaccia cloud.
  • SonicWall NSsp 15700: dispone di diverse interfacce GbE 100/40/10, di funzionalità rivoluzionarie multi-istanza e di analisi delle minacce ad alta velocità, che consentono alle organizzazioni di proteggere milioni di connessioni senza compromettere la sicurezza. Progettati per imprese, governi, data center e società di servizi, questi firewall di fascia alta costituiscono una garanzia per il futuro degli investimenti, consentendo di modulare i sistemi di sicurezza in modo da soddisfare i requisiti di connessione dinamica in funzione dell’aumento costante del numero di dispositivi e di utenti.
  • SonicWall CSa 1000: rende disponibile il premiato servizio Capture ATP di SonicWall, offrendo ai governi, alle strutture di sanità pubblica e alle altre organizzazioni soggette ad obblighi di conformità o a limitazioni alla conservazione dei dati la stessa protezione di cui godono attualmente nel cloud. Potenziato con la tecnologia Real-Time Deep Memory InspectionTM (RTDMI), CSa 1000 è in grado di analizzare tutta una serie di tipi di file, individuando e bloccando le minacce di tipo exploit zero-day, i file sospetti e persino gli attacchi su canale laterale come Meltdown, Spectre, Foreshadow, PortSmash, Spoiler, MDS e TPM-Fail.
  • SonicWall TZ570 e TZ670: sono i primi firewall di tipo desktop dotati di interfacce multi-gigabit (5/10 G) per la connettività con gli switch SonicWall e altri dispositivi di rete per installazioni di tipo SD-Branch, il tutto con velocità di rilevamento delle minacce fino a 2,5 Gbps. Questi firewall di prossima generazione sono caratterizzati da sicurezza SD-WAN integrata, installazione di tipo Zero-Touch, compatibilità TLS 1.3 e 5G ed altre funzioni innovative, che consentono di ridurre i costi e risparmiare tempo.

SonicWall è da sempre impegnata a proteggere le PMI, le imprese e gli enti pubblici di tutto il mondo. Oggi è più che mai facile realizzare la vera cybersecurity liberandosi dalle pastoie del passato. Per ulteriori informazioni sui nuovi prodotti e sulle migliorie di SonicWall consultare il comunicato stampa, rivolgersi ad un consulente di sicurezza di SonicWall o controllare i prossimi aggiornamenti a cura dei nostri esperti in materia di sicurezza, che illustreranno più nel dettaglio le caratteristiche dei nuovi prodotti più importanti.

SonicWall significa cybersecurity illimitata per l’era iperdistribuita.

New SonicWall Solutions Deliver Security, Simplicity and Value

/0 Comments/in , /by

It’s been talked about for years: Remote work is the future. The new office is wherever you are. The era of mobile employees will bring new levels of productivity, agility and worker satisfaction.

But no one predicted that the remote-work revolution would arrive all at once — or that it would be mandatory. In the midst of the pandemic, adopting work-from-home policies helped ensure both employee safety and business continuity. But the massive new cohort of unprepared remote and mobile workers brought with it unprecedented cybersecurity risks.

While something as fundamental as the way the world does work may have changed forever, the ideals of Boundless Cybersecurity are more relevant than ever. Organizations need to protect against the explosion of exposure points and risks from remote and mobile workforces.

They need the ability stop known and unknown cyberattacks targeting any vulnerability in this new business normal. And they need to secure and rearchitect massively distributed networks in preparation for a future significantly changed.

As the IT world turns to face these challenges head on, SonicWall is stepping up its commitment to Boundless Cybersecurity.

The future of SonicWall Boundless Cybersecurity is focused on simplifying the security experience. We are delivering that in four key ways:

  • Provide an innovative user experience, streamline network security controls and deliver whole-network visibility with modern, intuitive and easy-to-understand interface
  • Simplify the security experience for distributed enterprises and government agencies with a more approachable, flexible and easy-to-implement platform
  • Deliver more ways for organizations to increase visibility and maintain data control while identifying and stopping the known and unknown cyberattacks persistent in today’s new business normal
  • Re-define security administration so it’s easier and more accessible with new zero touch-enabled, multi-gigabit TZ firewalls, secure SD-Branch capabilities and a redesigned, cloud-native management console

Today, we announce one of the most monumental product launches in the history of our company. In all, this effort includes a reimagined operating system and five new products or solution enhancements to the Capture Cloud Platform:

  • SonicOS 7.0 — Streamlines the security experience with a highly intuitive interface, ensuring familiarity, reducing training and slashing deployment times. The redesigned UI/UX balances convenience and control, offering device dashboards, redesigned topologies, SonicExpress mobile app support, and simplified policy creation and management.
  • SonicOSX 7.0 — Empowers governments and distributed enterprises with greater levels of scalability, protection and control. The enhanced OS simplifies policy, auditing and management — offering greater levels of visibility with a UI/UX designed for distributed enterprises and governments.
  • SonicWall Network Security Manager (NSM) 2.0 SaaS — Offers unprecedented speed, scalability and reliability for comprehensive firewall management across the largest distributed enterprises. The cloud-native NSM enables organizations to optimize, control, monitor and manage tens of thousands of network security devices — including firewalls, managed switches and secure wireless access points — from anywhere via a simple cloud interface.
  • SonicWall NSsp 15700 — Offers multiple 100/40/10 GbE interfaces, revolutionary multi-instance capabilities and high-speed threat analysis, enabling organizations to safeguard millions of connections without compromising security. Designed for enterprises, governments, data centers and service providers, these high-end firewalls future-proof your investment by allowing you to scale security to meet dynamic connection requirements as the number of devices and users continues to grow.
  • SonicWall CSa 1000 — Brings SonicWall’s award-winning Capture ATP service on-prem, giving government, healthcare and other organizations subject to compliance or data residency restrictions the same protection currently offered in the cloud. Enhanced with Real-Time Deep Memory InspectionTM (RTDMI), CSa 1000 analyzes a broad range of file types, detecting and blocking threats that target zero-day exploits, suspicious files and even side-channel attacks, such as Meltdown, Spectre, Foreshadow, PortSmash, Spoiler, MDS and TPM-Fail.
  • SonicWall TZ570 & TZ670 — Represents the first desktop firewall form factor to offer multi-gigabit (5/10G) interfaces for connectivity with SonicWall Switches or other networking devices in SD-Branch deployments — all with threat prevention speeds up to 2.5 Gbps. These next-generation firewalls feature integrated secure SD-WAN, Zero-Touch Deployment, TLS 1.3 and 5G support, and more innovative features that reduce costs and save time.

SonicWall’s commitment has always been to help protect SMBs, enterprises and government agencies worldwide. And now, it’s never been easier to realize true cybersecurity by breaking free from the constraints of the past. To learn more about SonicWall’s new products and enhancements, review our press release, contact a SonicWall security expert, or check back over the coming days as our security experts offer a closer look into each major new product.

SonicWall is Boundless Cybersecurity for the hyper-distributed era.

Cybersecurity News & Trends – 08-07-20

/0 Comments/in /by

This week, hackers dominated the headlines. But from financial firms, to voting machines, to entire countries, many are beginning to mount a stronger defense.

SonicWall Spotlight

AT&T Cybersecurity: Do Secure VPNs, Don’t Pay Ransoms — SDxCentral

  • The author notes that, per SonicWall’s mid-year update to the 2020 Cyber Threat Report, there was a 20% jump in ransomware globally in the first half of 2020 compared to mid-year 2019, including a staggering 109% spike in the U.S.

3 Tips For Improving Your Cybersecurity Program This School Year — EdTech Magazine

  • As schools prepare to reopen, EdTech Magazine offers three ways districts can improve their cybersecurity programs.

Covid-19 pandemic: Russian hackers target UK, US and Canadian research — Pharmaceutical Technology

  • Security services in the UK, US and Canada have determined that Russian cyber hacking group APT29 has attempted to illicitly access Covid-19 research. SonicWall CEO Bill Conner discusses how state-sponsored espionage groups are targeting medical data.

Cybersecurity News

Insecure satellite Internet is threatening ship and plane safety — Ars Technica

  • At the Black Hat security conference, researcher James Pavur presented findings that show that satellite-based Internet is putting millions at risk despite safeguards implemented by providers.

How the US Can Prevent the Next ‘Cyber 9/11’ — Wired

  • In an interview with WIRED, former national intelligence official Sue Gordon discusses Russian election interference and other digital threats to democracy.

U.S. Government Launches Cyber Career Path Tool — Security Week

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the launch of a free tool designed to help users identify and navigate a potential career path.

U.S. coronavirus fraud losses near $100 million as COVID scams double — Reuters

  • U.S. losses from coronavirus-related fraud and identity theft have reached nearly $100 million, while complaints of COVID-19 scams have at least doubled in most states.

Financial Firms’ Cybersecurity Spending Jumps 15%, Survey Finds — Bloomberg

  • Big banks and other financial firms are spending 15% more this year to defend computer networks from cyber criminals, and the pandemic and work-from-home arrangements are probably spurring further increases.

Hackers Get Green Light to Test U.S. Voting Systems — The Wall Street Journal

  • Election Systems & Software, the top U.S. seller of voting-machine technology, is calling a truce in its feud with computer security researchers over the ways they probe for vulnerabilities of the company’s systems.

Hackers can abuse Microsoft Teams updater to install malware — Bleeping Computer

  • Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location.

Robots Running the Industrial World Are Open to Cyber Attacks — Bloomberg

  • According to a new report titled “Rogue Automation,” some robots have flaws that could make them vulnerable to advanced hackers, who could steal data or alter a robot’s movements remotely.

Interpol Warns of ‘Alarming’ Cybercrime Rate During Pandemic — Security Week

  • Global police body Interpol has warned of an “alarming” rate of cybercrime during the coronavirus pandemic.

CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor — ZDNet

  • U.S. government agencies say the Taidoor remote access trojan (RAT) has been used as far back as 2008.

Exclusive: China-backed hackers ‘targeted COVID-19 vaccine firm Moderna’ — Reuters

  • Chinese government-linked hackers targeted biotech company Moderna Inc., a U.S.-based coronavirus vaccine research developer, this year in a bid to steal data, according to a U.S. security official.

Hackers Are Targeting the Remote Workers Who Keep Your Lights On — Bloomberg

  • With many of the people who help keep the grid running now working from home, cyberattacks targeting the power sector have surged.

Hackers Broke Into Real News Sites to Plant Fake Stories — Wired

  • A disinformation operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

In Case You Missed It

Chinese Remote Access Trojan Taidoor

/in /by

Overview:

SonicWall Capture Labs Threat Research Team recently observed activity for the Chinese Remote Access Trojan Taidoor. Taidoor is composed of two stages, the loader and RAT module. The loader starts the service and decrypts the second file. The loader uses its export function “MyStart” for the initial infection. The function will allocate memory space for a new file called “svchost.dll”.

Before the new file is called it will have to go through a series of routines to decrypt the contents of the file. The DLL uses RC4 encryption, the key is actually rebuilt using the following sting: “ar1zyAXt7d6556sAsvchUQc2”. Once filtered, the RC4 key will be: “ar1z7d6556sAyAXtUQc2”.

The RC4 algorithm is also used to decrypt the import names and other related strings.

DLL Loader Layer, Static Information:

Checking binary static information… (Not Corrupted)…

PDB:

Exports:

DllMain:

RC4 Prefiltered Key:

Dynamic Information:

Looking inside “MyStart” Export Routine:

Creating the RAT module:

Once the svchost dll is allocated in memory it will cycle the exports and located the “Start” export routine in the new dll.

Calling the call routine to start the Remote Access Trojan module:

Network Artifacts:

Command and Control Information:

  • cnaweb.mrslove.com
  • 210.68.69.82

Supported Systems:

  • Windows 10
  • Windows 8.1
  • Windows 8.0
  • Windows 7
  • Windows Vista

SonicWall, (GAV) Gateway Anti-Virus, provides protection against this threat:

  • GAV: Taidoor.LD

Appendix:

Sample SHA256 Hash: 4a0688baf9661d3737ee82f8992a0a665732c91704f28688f643115648c107d4