SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall Investigates Zero-Day Attack Own Its Products

SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products. An initial post on the company’s knowledgebase pages on Friday claimed that the NetExtender VPN client model 10.x and the SMB-focused SMA 100 series were at risk.

However, an update over the weekend clarified that impacted models were confined to its Secure Mobile Access (SMA) version 10.x offering running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

These provide client employees with secure remote access to internal resources — capabilities in high demand during the pandemic. As such, there is an apparent advantage to attackers in finding bugs to exploit in such tools.

“We believe it is extraordinarily important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly state-of-the-art threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There is no more information for now on what the attackers were after and how they carried out the intrusion. However, SonicWall also clarified that its firewall products, SonicWave APs and SMA 1000 Series product line are unaffected.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have decided that this use case is not susceptible to exploitation,” it added. “We advise SMA 100 collection administrators to create specific access rules or disable Virtual Office and HTTPS administrative get entry to from the internet while we continue to investigate the vulnerability.”

Since the begin of the COVID-19 crisis, security and infrastructure providers have come under increasing scrutiny as attackers look for holes in products which could provide them with large-scale access to customer environments.

Back in April last year, it emerged that sophisticated ransomware groups were exploiting flaws in VPN products to assault hospitals, while in October, the US warned that APT groups were chaining VPN exploits with the Zero logon flaw to target public and private sector organizations.

Products from Fortinet (CVE-2018-13379), MobileIron (CVE-2020-15505), Juniper (CVE-2020-1631), Pulse Secure (CVE-2019-11510), Citrix NetScaler (CVE-2019-19781) and Palo Alto Networks (CVE-2020-2021) were all highlighted as at risk.

Tesla sued former employee for Alleged IP theft of thousands of Files

Tesla sued former employee for Alleged IP theft of thousands of Files

Tesla has sued a former worker for allegedly stealing about 26,000 confidential files in his first week of work at the company, in accordance to a court filing.

The organization stated on Friday that within three days of being hired, software program engineer Alex Khatilov “brazenly stole thousands of trade secret that took Tesla years to develop” and transferred them to his private Dropbox, a cloud storage service.

Tesla stated that when confronted by Tesla’s security team, Khatilov claimed he had only transferred a couple of personal administrative documents. Khatilov informed the New York Post the files ended up in his Dropbox by mistake when he was trying to make a backup replica of a folder on his computer.

Tesla stated the files, which represented “200 man-years of work”, have been extraordinarily treasured by the company and when exposed to its competitors would give them a roadmap to copy Tesla’s innovation.

It said Khatilov’s was a member of an elite group of Tesla’s 40 employees out of 50,000 that had access to the intellectual property. No other employee was involved in the IP theft.

Tesla’s security group detected the file downloads on January 6, after Khatilov was employed on December 28, and confronted him by means of videocall as he was working from home, in accordance to the court filing.

Tesla said throughout this call, Khatilov delayed sharing his screen with the team, during which time “he hurriedly starts deleting records from his computer. However, investigators were still capable to view hundreds of private documents uploaded to his Dropbox, which Khatilov claimed he somehow forgot.

Khatilov, who informed the New York Post that he was unaware he was being sued till the newspaper called him on Friday, was fired the same day.

UPS Truck Drivers Medical Records Published By Hackers

UPS Truck Drivers Medical Records Published By Hackers

Medical documents belonging to truck drivers and rail workers may have been exposed following an alleged cyber-attack on an occupational healthcare provider in Virginia.

Data apparently belonging to employees of the United Parcel Service (UPS) and Norfolk Southern Railroad was published online to a leak website by the gang behind Conti ransomware. The cyber-criminals claimed to have obtained the data throughout a December cyber-attack on Taylor Made Diagnostics (TMD).

The HIPAA Journal reported that the leaked data includes full names, Social Security numbers, details of scientific examinations, drug and alcohol testing reports, and scans of driving licences.

With locations in Chesapeake and Newport News, TMD is an operator of occupational health clinics used by transportation agencies and government agencies. The company provides services inclusive of drug testing, CPR training, fit-for-duty evaluations, vaccinations, and respirator fit testing.

According to their website, TMD clients include the US military, the US Secret Service, the navy special warfare development group, BAE systems, Old Dominion University, the Social Security Administration, and the Virginia Department of Military Affairs.

While TMD has not verified the alleged attack, FreightWaves reported that amongst the more than 3,000 TMD files leaked on January 8 were multiple health records for employees at both UPS and Norfolk Southern dated as currently as December 2020.

In addition, the trucking news source spotted records belonging to personnel of US government agencies, defence contractors, and multiple smaller trucking companies.

Norfolk Southern Railroad, which employs nearly 25,000 humans in 22 states, said that it was investigating the veracity of the cyber criminal’s claims.

“The security of our employees’ data is a priority for Norfolk Southern and a requirement for our vendors,” Norfolk Southern spokesperson Jeff DeGraff wrote in an email to FreightWaves.

“Norfolk Southern is looking into the issue but has not issue any comment at this time.”

UPS, which employs 362,000 people in the US and an additional 82,000 internationally, said it is also looking into the possible data breach.

According to the US Department of Health and Human Services, in December alone, 37 US healthcare vendors reported hacking or unspecified information technology incidents that compromised nearly 1.5 million patients.

X-Rated College Pictures Leaked Due to Amazon Leaking Buckets

X-Rated College Pictures Leaked Due to Amazon Leaking Buckets

A cloud misconfiguration at a now-defunct social media app Fleek, has uncovered hundreds of thousands of explicit images of customers that they thought had been deleted. Fleek was once seen as an unfiltered and uncensored choice to Snapchat “Campus Stories.” A hit with US college students, it promised to automatically delete pictures after a short period, encouraging customers to publish salacious photographs of themselves engaged in sexually explicit and unlawful activities.

A group led by Noam Rotem found AWS S3 misconfigured buckets October last year belonging to the now defunct Fleek and owner Squid Inc. The researchers found that not was this not true but many images were still available on the amazon bucket for download months after the service ceased to exist.

Fleek customers were mostly university students naive of the implications of importing snap shots that exhibit them attractive in embarrassing and crook activities, such as drug use. If cyber-criminals acquired these pictures and knew how to locate the people exposed, they ought to effortlessly target them and blackmail them for giant sums of money.”

In total, the research crew located around 377,000 archives in the 32GB bucket. This additionally included pictures and bot scripts.

Having contacted both Squid Inc’s founder and AWS to notify about the privacy ISSUE vpnMentor discovered the bucket had been secured about a week after it was discovered. However, it is uncertain whether the information has been deleted or not.

It is important to understand from service provider what happens to your data if the service ceased to exist in the case of Fleek. Often, with smaller companies, the companies keeps possession of the data, and there’s very little accountability stopping them from misusing it or sharing with others in the future.”

US Govt Withdraws From The Extradition Of Irish Hacker Who Duped People of Millions of Dollars In Bitcoin.

US Govt Withdraws From The Extradition Of Irish Hacker Who Duped People of Millions of Dollars In Bitcoin.

The United States has withdrawn an extradition request for an Irish hacker convicted of breaking into digital wallets to steal millions of dollars in cryptocurrency.

Conor Freeman was once recognized through US Homeland Security as one of at least 5 co-conspirators involved in a string of digital thefts that robbed multiple victims of their life savings in 2018.

Freeman was arrested at his Dublin home in May 2019 on a warrant issued through US authorities. Following his arrest, the hacker handed over stolen Bitcoin worth $2,187,977 to Gardaí the Irish police.

Freeman, of Dun Laoghaire, pleaded responsible to stealing cryptocurrency, dishonestly running a PC to make a gain, and knowingly engaging in the possession of the proceeds of crime. In November 2020, the 21-year-old was sentenced to three months in jail minus one month served in custody by Judge Martin Nolan in Dublin Circuit Criminal Court.

The US had requested Freeman to be surrendered and extradited to the United States to face charges of one count of conspiracy to commit wire fraud, 4 counts of aiding and abetting wire fraud, and 4 counts of aiding and abetting aggravated identification theft.

US authorities alleged that Freeman used to be a member of an equipped online crook gang known as The Community that conspired to steal from targets they picked out on social media. The gang used SIM-swapping to gain control of a victim’s smartphone number, leveraging it to gain access into their digital wallets.

A member of The Community, arrested in Michigan in May 2018, gave US authorities access to his computers. The member’s online chat data revealed an individual calling himself Conor was involved in the thefts.

IP addresses used by this Conor have been linked to an Irish cellular smartphone and residential net provider carriers used by Conor Freeman.

The High Court heard this morning that following his conviction in Ireland, the United States was no longer seeking to prosecute Freeman, who had no prior convictions.

Had Freeman been convicted in the US on all counts, the Dubliner should have been sentenced to a most of 108 years at the back of bars.