fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SonicWall Firewall Maker Hacked Using Zero-day In Its VPN Device

SonicWall Firewall Maker Hacked Using Zero-day In Its VPN Device

Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations.

On Friday night, SonicWall released an ‘urgent advisory’ stating that hackers used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a “sophisticated” attack on their internal systems.

“Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” states SonicWall’s security notice published late Friday night.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

SonicWall is currently investigating what devices are affected by this vulnerability. Below is the current status of this investigation:

Vulnerable devices:

  • NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance

Not affected:

  • SonicWall Firewalls: All generations of SonicWall firewalls are not affected by the vulnerability impacting the SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). No action is required from customers or partners.
  • NetExtender VPN Client: While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners.
  • SMA 1000 Series: This product line is not affected by this incident.  Customers are safe to use SMA 1000 series and their associated clients. No action is required from customers or partners.
  • SonicWall SonicWave APs: No action is required from customers or partners.

Still being investigated:

  • SMA 100 Series: This product remains under investigation for a vulnerability, however we can issue the following guidance on deployment use cases: 
  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.
  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks, while the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections.

SonicWall states that customers can protect themselves by enabling multi-factor authentication (MFA) on affected devices and restricting access to devices based on whitelisted IP addresses.

FOR SMA 100 SERIES

  • Use a firewall to only allow SSL-VPN connections to the SMA appliance from known/whitelisted IPs
  • Or configure whitelist access on the SMA directly itself

FOR FIREWALLS WITH SSL-VPN ACCESS VIA NETEXTENDER VPN CLIENT VERSION 10.X

  • Disable NetExtender access to the firewall(s) or restrict access to users and admins via an allow-list/whitelist for their public IPs

MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS

SonicWall has not released detailed information about the zero-day vulnerabilities. Based on the mitigation steps, they appear to be pre-auth vulnerabilities that can be remotely exploited on publicly accessible devices.

BleepingComputer has contacted SonicWall with questions about this attack but has not heard back.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

On Wednesday, BleepingComputer was contacted by a threat actor who stated that they had information about a zero-day in a well-known firewall vendor. It is unknown if this is related to the SonicWall disclosure.

“I have information about hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their clients who are under attack due to several 0 days in particular very large companies are vulnerable technology companies,” BleepingComputer was told via email.

This person never responded to further emails.

VPN vulnerabilities have been a popular method for threat actors to gain access to and compromise a company’s internal network. Once threat actors gain access, they spread laterally through the network while stealing files or deploying ransomware.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Some of the VPN devices that have been historically used in attacks include CVE-2019-11510 Pulse VPN flaw, the CVE-2019-19781 Citrix NetScaler bug, and the CVE-2020-5902 critical F5 BIG-IP flaw.

Update 1/24/21: Updated article to include new list of impacted and unaffected devices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us