- SonicWall releases additional update for SMA 100 vulnerability
February 20, 2021
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately.
Last month, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in their SMA-100 remote access devices.
A week later, cybersecurity firm NCC Group discovered the zero-day vulnerability used ...
- Gauging LoRaWAN Communication Security with LoraPWN
February 19, 2021
LoRaWAN technology allows organizations to deploy the internet of things solutions at a much lower cost than existing cellular infrastructure solutions. Because of this, enterprises and smart cities around the world have started using LoRaWAN in their operations. As mentioned in the first article of this series, LoRaWAN technology has been used in infrastructure management, ...
- Industrial Remote Access: Why It’s Not Something to Fear
February 18, 2021
Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check.
These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access.
Using Oldsmar ...
- Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device
February 17, 2021
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both ...
- Cybersecurity Risks of Connected Cars
February 16, 2021
As the use of connected cars becomes more common, the technologies that power or support these vehicles continue to evolve. This provides a host of benefits, but just like any other technology, this new territory comes with some risks. In our paper, we add some substantial information to our research from last year, in order ...
- Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
February 7, 2021
Fortinet has fixed multiple severe vulnerabilities impacting its products.
The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.
Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has ...
- Signal ignores proxy censorship vulnerability, bans researchers
February 7, 2021
Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government.
To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround.
However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially ...
- Cisco warns of critical remote code execution flaws in its small business VPN routers
February 5, 2021
Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices.
The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...
- Hackers steal StormShield firewall source code in data breach
February 4, 2021
Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company’s support ticket system and steal source code for Stormshield Network Security firewall software.
StormShield is a French cybersecurity firm that develops UTM (Unified Threat Management) firewall devices, endpoint protection solutions, and secure file management solutions.
StormShield’s SNi40 is ...
- Trickbot malware now maps victims’ networks using Masscan
February 2, 2021
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim’s computer.
This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes.
Trickbot uses the ...
- SonicWall zero-day exploited in the wild
February 1, 2021
Cyber-security firm the NCC Group said on Sunday that it detected active exploitation attempts against a zero-day vulnerability in SonicWall networking devices.
Details about the nature of the vulnerability have not been made public to prevent other threat actors from studying it and launching their own attacks.
“We’ve seen it used by a single threat actor earlier ...
- SonicWall firewall maker hacked using zero-day in its VPN device
January 23, 2021
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.
SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.
On Friday night, ...
- Network Attack Trends: Internet of Threats
January 22, 2021
Unit 42 researchers observed interesting attack trends from August-October 2020. Despite a surge in scanner activities and HTTP directory traversal exploitation attempts, CVE-2012-2311 and CVE-2012-1823, which were the most commonly exploited vulnerabilities in the wild in early summer 2020, are no longer at the top of that list. Several new critical exploits, including but not ...
- NSA urges system administrators to replace obsolete TLS protocols
January 20, 2021
The US National Security Agency has issued a security advisory this month urging system administrators in federal agencies and beyond to stop using old and obsolete TLS protocols.
“NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used,” the agency ...
- VPNFilter Two Years Later: Routers Still Compromised
January 19, 2021
With the internet of things (IoT) gaining more popularity, common IoT devices such as routers, printers, cameras, and network-attached storage (NAS) devices, are becoming more frequent targets for cybercriminals. Unlike typical operating systems such as Windows and macOS, users are less likely to patch IoT devices.
This is because users find the task more difficult and ...
- DNSpooq bugs let attackers hijack DNS on millions of devices
January 19, 2021
Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices.
Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration ...
- Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs
January 14, 2021
Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple’s own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection.
Known as the ContentFilterExclusionList, the list was included in macOS 11, also known as Big Sur.
The exclusion list included some of Apple’s biggest ...
- NSA Recommends How Enterprises Can Securely Adopt Encrypted DNS
January 14, 2021
The National Security Agency released a cybersecurity product, “Adopting Encrypted DNS in Enterprise Environments,” Thursday explaining the benefits and risks of adopting the encrypted domain name system (DNS) protocol, DNS over HTTPs (DoH), in enterprise environments. The release provides solutions for secure implementation based on enterprise network needs.
DNS translates domain names in URLs into IP ...
- CISCO says it won’t patch 74 security bugs in older RV routers that reached EOL
January 14, 2021
Networking equipment vendor Cisco said yesterday it was not going to release firmware updates to fix 74 vulnerabilities that had been reported in its line of RV routers, which had reached end-of-life (EOL).
Affected devices include Cisco Small Business RV110W, RV130, RV130W, and RV215W systems, which can be used as both routers, firewalls, and VPNs.
All four ...
- Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
January 2, 2021
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets ...