Mr.Trunk · @mrtrunk
3 followers · 3751 posts · Server dromedary.seedoubleyou.me

SecurityWeek: SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products securityweek.com/sonicwall-pat

#vulnerabilities #sonicwall

Last updated 1 year ago

benzogaga33 · @benzogaga33
778 followers · 24406 posts · Server mamot.fr

SonicWall a corrigé 15 vulnérabilités dont 4 failles critiques dans plusieurs de ses produits it-connect.fr/sonicwall-a-corr

#sonicwall #securite

Last updated 1 year ago

Mr.Trunk · @mrtrunk
3 followers · 3736 posts · Server dromedary.seedoubleyou.me
Redhotcyber · @redhotcyber
535 followers · 1504 posts · Server mastodon.bida.im

SonicWall Security und Bugfix-Updates für Firewalls
SonicOS 6.5.4.12 für

SuperMassive 9600
SuperMassive 9400
SuperMassive 9200
NSa 9650
NSa 9450
NSa 9250
NSa 6650
NSA 6600
TZ600 / TZ600P
TZ500 / TZ500 Wireless
TZ400 / TZ400 Wireless
TZ350 / TZ350 Wireless

Security-Fixes (u. a.):
psirt.global.sonicwall.com/vul
psirt.global.sonicwall.com/vul
psirt.global.sonicwall.com/vul

#security #sonicwall

Last updated 2 years ago

Redhotcyber · @redhotcyber
437 followers · 725 posts · Server mastodon.bida.im

I dispositivi di SonicWall vengono attaccati da malware che sopravvive anche dopo il riavvio

Secondo gli hacker cinesi stanno attaccando i dispositivi Secure Mobile Access () vulnerabili e li stanno infettando con che ruba le credenziali che può sopravvivere anche dopo un aggiornamento del .

I di Mandiant e il team SonicWall ritengono che dietro questi attacchi ci sia il gruppo di hacking cinese .

redhotcyber.com/post/i-disposi

#mandiant #sonicwall #sma #malware #firmware #ricercatori #psirt #UNC4540 #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity

Last updated 2 years ago

Opalsec :verified: · @Opalsec
175 followers · 85 posts · Server infosec.exchange

Happy Monday folks, I hope you had a restful weekend and managed to take a breather from all things cyber! Time to get back into it though, so let me give you hand - catch up on the week’s infosec news with the latest issue of our newsletter:

opalsec.substack.com/p/soc-gou

are back and are using…OneNote lures? ISO disk images? Malvertising? Nah – they’re sticking with tier tried and true TTPs – their Red Dawn maldoc template from last year; macro-enabled documents as lures, and null-byte padding to evade automated scanners.

We’ve highlighted a report on the Xenomorph Banking Trojan, which added support for targeting accounts of over 400 banks; automated bypassing of MFA-protected app logins, and a Session Token stealer module. With capabilities like these becoming the norm, is it time to take a closer look at the threat Mobile Malware could pose to enterprise networks?

North Korean hackers have demonstrated yet again that they’re tracking and integrating the latest techniques, and investing in malware development. A recent campaign saw eight new pieces of malware distributed throughout the kill chain, leveraging to deliver payloads and an in-memory dropper to abuse the technique and evade EDR solutions.

A joint investigation by and has unearthed a two-year campaign by Chinese actors, enabled through exploitation of unpatched SMA100 appliances and delivery of tailored payloads. A critical vulnerability reported by this week helps reinforce the point that perimeter devices need to be patched with urgency, as it’s a well-documented target for Chinese-affiliated actors.

is a novel malware targeting routers, sniffing network traffic and proxying C2 traffic to forward-deployed implants. TTPs employed in recent and campaigns are also worth taking note of, as is , a new malware family targeting specific web server applications to brute force logins and deploy an IRC bot for C2.

Those in Vulnerability Management should take particular note of the vulnerability, which appears trivial to exploit and actually delivers plaintext credentials to the attacker. CISA have also taken note of nearly 40k exploit attempts of a 2 year old code-exec-as-root vulnerability in the Cloud Foundation product in the last two months, so make sure you’re patched against it.

members have some excellent reading to look forward to, looking at HTTP request smuggling to harvest AD credentials and persisting with a MitM Exchange server, as well as a detailed post that examines ’s reflective loading capability;

The has some great tradecraft tips from @inversecos on DFIR, as well as tools to help scan websites for malicious objects, and to combat the new and well-established Raccoon Stealer.

Catch all this and much more in this week's newsletter:

opalsec.substack.com/p/soc-gou

#emotet #android #microsoft #intune #byovd #mandiant #sonicwall #fortinet #hiatusrat #draytek #batloader #qakbot #gobruteforcer #veeam #vmware #redteam #cobaltstrike #blueteam #azure #stealc #infostealer #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #newsletter #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #mdm #dprk #fortios #FortiProxy

Last updated 2 years ago

This week's newsletter issue is out! Have a look at it. It includes, but not only:

  • CISA warns of actively exploited bug after breach
  • Brazil seizing shipments to prevent use in crime
  • X-Force on defining the Reflective Loader
  • Security researchers targeted with new via job offers on
  • Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website
  • Xenomorph malware now steals data from 400 banks
  • makes 2FA mandatory next week for active developers
  • The E11 door phone/intercom is riddled with security holes
  • Custom Chinese Malware Found on Appliance
  • Building Great OT Incident Response Tabletop Exercises, by @hacks4pancakes
  • Warning: Don't Let Manage Your
  • warns of new critical unauthenticated RCE
  • fixes bug that lets hackers breach infrastructure
  • AI-Powered '' Keylogging Attack Evades Modern Security
  • Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
  • malware attacks return after three-month break

.. And many more. Subscribe to receive it directly in your inbox every Sunday!

0x58.substack.com/p/my-shared-

#infosec #plex #lastpass #FlipperZero #ibm #cobaltstrike #malware #linkedin #android #github #akuvox #sonicwall #google #passwords #fortinet #vulnerability #veeam #backup #blackmamba #edr #emotet #cybersecurity #security #newsletter

Last updated 2 years ago

Mufasa · @ne1for23
481 followers · 3331 posts · Server betweenthelions.link

Threat actors with a connection to the Chinese government are infecting a widely used security appliance from with that remains active even after the device receives firmware updates.


arstechnica.com/information-te

#sonicwall #malware #china #infosec #securemobileaccess100

Last updated 2 years ago

PrivacyDigest · @PrivacyDigest
253 followers · 844 posts · Server mas.to

infecting widely used appliance survives updates

Threat actors with a connection to the government are infecting a widely used security appliance from with malware that remains active even after the device receives firmware updates, researchers said.

arstechnica.com/?p=1923115

#China #sonicwall #chinese #firmware #security #malware

Last updated 2 years ago

tkteo · @tkteo
44 followers · 1334 posts · Server infosec.exchange

Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices

Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. Mandiant currently tracks this actor as UNC4540.

Malware
Analysis of a compromised device revealed a collection of files that give the attacker a highly privileged and available access to the appliance. The malware consists of a series of bash scripts and a single ELF binary identified as a TinyShell variant. The overall behavior of the suite of malicious bash scripts shows a detailed understanding of the appliance and is well tailored to the system to provide stability and persistence.

mandiant.com/resources/blog/su

#malware #security #cybersecurity #sonicwall #firmware #networksecurity #infosec #informationsecurity

Last updated 2 years ago

IT News · @itnewsbot
2991 followers · 252202 posts · Server schleuss.online

Malware infecting widely used security appliance survives firmware updates - Enlarge (credit: Getty Images)

Threat actors with a connection... - arstechnica.com/?p=1923115

#sma100 #biz #malware #sonicwall

Last updated 2 years ago

Tech news from Canada · @TechNews
338 followers · 9196 posts · Server mastodon.roitsystems.ca

Ars Technica: Malware infecting widely used security appliance survives firmware updates arstechnica.com/?p=1923115 &IT

#Tech #arstechnica #it #technology #sonicwall #malware #biz #sma100

Last updated 2 years ago

securityaffairs · @securityaffairs
480 followers · 436 posts · Server infosec.exchange
tkteo · @tkteo
42 followers · 1293 posts · Server infosec.exchange

Mandiant, working in partnership with SonicWall Product Security and Incident Response Team (PSIRT), has identified a suspected Chinese campaign that involves maintaining long term persistence by running malware on an unpatched SonicWall Secure Mobile Access (SMA) appliance. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. Mandiant currently tracks this actor as UNC4540.

A Pattern of Chinese Network Device Compromises

Developing malware for a managed appliance is often no trivial task. Vendors typically do not enable direct access to the Operating System or filesystem for users, instead offering administrators a graphical UI or limited Command Line Interface (CLI) with guardrails preventing anyone from accidentally breaking the system. Because of this lack of access, attackers require a fair amount of resource and effort to develop exploits and malware for managed devices.

In recent years Chinese attackers have deployed multiple zero-day exploits and malware for a variety of internet facing network appliances as a route to full enterprise intrusion, and the instance reported here is part of a recent pattern that Mandiant expects to continue in the near term. For further information, see Mandiant blog post: Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475). In particular the section "China Continues to Focus on Network Devices" summarizes some of Mandiant’s recent findings.

mandiant.com/resources/blog/su

#malware #security #mandiant #sonicwall #cybersecurity #networksecurity #apt

Last updated 2 years ago

Günter Born · @gborn
801 followers · 2852 posts · Server social.tchncs.de

Sonicwall Firewalls - kritische Sicherheislücke - CVSS: 7.5 (High)

Affected Product(s)
Product(s): Gen 7 TZ, NSa and NSsp firewalls; Gen 6.5 NSv virtual firewalls

Impacted Version(s): 7.0.1-5095 and earlier; 7.0.1-5083 and earlier; 6.5.4.4-44v-21-1551 and earlier

Fixed Version(s): 7.0.1-5111

psirt.global.sonicwall.com/vul

#

#sonicwall

Last updated 2 years ago

Ry · @ryancee
29 followers · 65 posts · Server infosec.exchange

Has anyone else had a Sonicwall randomly corrupt it's own firmware and reset to setup / recovery mode?

Nothing in logs and after a restore from the last but one config it's up and running again.

The DC it's in was working on one side of the UPS but don't think that should do anything. Nothing else on the same power was affected.

#sonicwall #systemsengineering #networks

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1050 followers · 121 posts · Server infosec.exchange
Vegalyp · @Vegalyp
8 followers · 25 posts · Server infosec.exchange

Round 2 of Discoveries:

Relevant hashtags:

Discovery 7: When I first started, the Asset Management Inventory was a locally hosted Excel sheet on a shared/network drive.

To note, there were over 4000 manageable assets on that inventory. It was shared between all IT Staff.

I set up a Snipe-IT Instance locally hosted and never looked back. I still have nightmares about the time spent using that accursed Excel sheet.

#sonicwall #networking #sysadmin #office365 #ExchangeOnline #infosecurity #linux #networkengineer #vmware

Last updated 2 years ago