fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SonicWall Warns Customers To Patch 3 Zero-Days Exploited In The Wild

SonicWall Warns Customers To Patch 3 Zero-Days Exploited In The Wild

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.

“In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild,'” SonicWall said in a security advisory published earlier today.

The company said it’s “imperative” that organizations using its Email Security hardware appliances, virtual appliances, or software installations on Microsoft Windows Server machines immediately upgrade to a patched version.

The three zero-days were reported by Mandiant’s Josh Fleischer and Chris DiGiamo, and they are tracked as:

  • CVE-2021-20021: Email Security Pre-Authentication Administrative Account Creation vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host (security updates released on April 9th)
  • CVE-2021-20022: Email Security Post-Authentication Arbitrary File Creation vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host  (security updates released on April 9th)
  • CVE-2021-20023: Email Security Post-Authentication Arbitrary File Read vulnerability that enables a post-authenticated attacker to read an arbitrary file from the remote host  (security updates released on April 19th)

Also Read: How To Comply With PDPA: A Checklist For Businesses

“The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” FireEye said.

“Mandiant currently tracks this activity as UNC2682. Ultimately, Mandiant prevented UNC2682 from completing their mission so their objectives of the attack currently remain unknown.”

The full list of SonicWall products affected by the three zero-days is available in the table below, together with information on the patched versions and links to security advisories. 

AFFECTED VERSIONPATCHED VERSIONPSIRT ADVISORY
Email Security (ES) 10.0.4-Present
Email Security 10.0.3
Email Security 10.0.2
Email Security 10.0.1
Email Security 10.0.9.6173 (Windows)SNWLID-2021-0007
SNWLID-2021-0008
SNWLID-2021-0010
Email Security (ES) 10.0.4-Present
Email Security 10.0.3
Email Security 10.0.2
Email Security 10.0.1
Email Security 10.0.9.6177
(Hardware & ESXi Virtual Appliance)
SNWLID-2021-0007
SNWLID-2021-0008
SNWLID-2021-0010
Hosted Email Security (HES) 10.0.4-Present
Hosted Email Security 10.0.3
Hosted Email Security 10.0.2
Hosted Email Security 10.0.1
Hosted Email Security 10.0.9.6173
(Patched Automatically)
SNWLID-2021-0007
SNWLID-2021-0008
SNWLID-2021-0010

SonicWall Hosted Email Security (HES) was automatically patched on Monday, April 19th, and no action is needed from customers only using SonicWall’s hosted email security product.

Step-by-step guidance on how to apply the security updates is available in this knowledgebase article

“SonicWall Email Security versions 7.0.0-9.2.2 are also impacted by the above vulnerabilities,” the company added.

“However, these legacy versions have reached end of life (EOL) and are no longer supported. Organizations using these legacy product versions and have an active support license can download the latest Email Security versions from their MySonicWall account.”

Also Read: In Case You Didn’t Know, ISO27001 Requires Penetration Testing

SonicWall disclosed in January 2021 that unknown threat actors exploited a zero-day vulnerability in their Secure Mobile Access (SMA) and NetExtender VPN client products in attacks targeting the company’s internal systems.

One month later, SonicWall fixed an actively exploited zero-day vulnerability impacting the SMA 100 series of SonicWall networking devices.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us