SonicWall Investigates Zero-Day Attack Own Its Products

by intellfence | Jan 26, 2021 | Security Events, Uncategorized

SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products. An initial post on the company’s knowledgebase pages on Friday claimed that the NetExtender VPN client model 10.x and the SMB-focused SMA 100 series were at risk.

However, an update over the weekend clarified that impacted models were confined to its Secure Mobile Access (SMA) version 10.x offering running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.

These provide client employees with secure remote access to internal resources — capabilities in high demand during the pandemic. As such, there is an apparent advantage to attackers in finding bugs to exploit in such tools.

“We believe it is extraordinarily important to be transparent with our customers, our partners and the broader cybersecurity community about the ongoing attacks on global business and government,” SonicWall said in the alert.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly state-of-the-art threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

There is no more information for now on what the attackers were after and how they carried out the intrusion. However, SonicWall also clarified that its firewall products, SonicWave APs and SMA 1000 Series product line are unaffected.

“Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have decided that this use case is not susceptible to exploitation,” it added. “We advise SMA 100 collection administrators to create specific access rules or disable Virtual Office and HTTPS administrative get entry to from the internet while we continue to investigate the vulnerability.”

Since the begin of the COVID-19 crisis, security and infrastructure providers have come under increasing scrutiny as attackers look for holes in products which could provide them with large-scale access to customer environments.

Back in April last year, it emerged that sophisticated ransomware groups were exploiting flaws in VPN products to assault hospitals, while in October, the US warned that APT groups were chaining VPN exploits with the Zero logon flaw to target public and private sector organizations.

Products from Fortinet (CVE-2018-13379), MobileIron (CVE-2020-15505), Juniper (CVE-2020-1631), Pulse Secure (CVE-2019-11510), Citrix NetScaler (CVE-2019-19781) and Palo Alto Networks (CVE-2020-2021) were all highlighted as at risk.

A Million Compromised Accounts Discovered at Top Gaming Firms

by intellfence | Jan 5, 2021 | Security breach, Security Events

Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials in December 2020, and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm KELA. It detects and analyzes intelligence from a curated set of Darknet sources, providing clients with fully targeted intelligence decided to investigate the top 25 publicly listed companies in the sector based on revenue.

Kela found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020. After scouring dark web marketplaces, it discovered a thriving market in-network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

SDLC Threat Modelling

by intellfence | Sep 2, 2020 | Security Events, Specialist security training

SEC 101

Threat Modeling In Software Development Life Cycle (SDLC)

About The Threat Modeling In SDLC

In this training, our expert will take you through the process of Threat modeling. You will learn about the main idea behind threat modeling and how to integrate security into the software development lifecycle.

Threat modeling helps software developers to:

- Learn to balance risks, controls, and usability.
- How to identify threats and compliance requirements, and evaluate their risks.
- How to define and build required controls.
- Identify where building control is unnecessary, based on acceptable risk.
- Document threats and mitigation.
- Identification of security test cases/security test scenarios to test the security requirements.

Training Content

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

The purpose of threat modeling is to provide a systematic analysis of what controls our defenses need to be included to defend a given system against a potential attack, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker.

In this training, we shall handle the following:

- The main idea behind threat modeling and how to build security by default and by design into system development.
- How to use threat modeling to ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
- Integrating threat modeling into software development methodologies such as waterfall, Agile, and DevOps
- Learn about threat modeling Methodologies such as STRIDE, Pasta, Trike, CAST, etc.
- Threat modeling stages and examples.
- Able to identify threats and compliance requirements during SDLC and evaluate their risks.
- Learn to balance risks, controls, and usability.
- Define and build the required controls.
- Identify where building control is unnecessary, based on acceptable risk.
- Document threats and mitigation.
- Identification of security test cases/security test scenarios to test the security requirements

WHO SHOULD ATTEND

CISO’s
Security Risk Managers
Security Engineers
Information Security Managers.
Information Security Directors.
All other security professionals who want to be kept up to date.