fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.

The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v.

There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

No in the wild exploitation

Successful exploitation can let attackers delete arbitrary files from unpatched SMA 100 secure access gateways to reboot to factory default settings and potentially gain administrator access to the device.

“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as nobody,” the company said.

SonicWall asked organizations using SMA 100 series appliances to immediately log in to MySonicWall.com to upgrade the appliances to the patched firmware versions outlined in the table embedded below.

The company found no evidence that this critical pre-auth vulnerability is currently being exploited in the wild.

ProductPlatformImpacted VersionFixed Version
SMA 100 Series• SMA 200
• SMA 210
• SMA 400
• SMA 410
• SMA 500v (ESX, KVM, AWS, Azure)
10.2.1.0-17sv and earlier10.2.1.1-19sv and higher
10.2.0.7-34sv and earlier10.2.0.8-37sv and higher
9.0.0.10-28sv and earlier9.0.0.11-31sv and higher

Ransomware targeting

SonicWall SMA 100 series appliances have been targeted by ransomware gangs multiple times since the start of 2021, with the end goal of moving laterally into the target organization’s network

For instance, a threat group Mandiant tracks as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 appliances to deploy a new ransomware strain known as FiveHands (a DeathRansom variant just as HelloKitty).

Also Read: How a Smart Contract Audit Works and Why it is Important

Their attacks targeted multiple North American and European organizations before security updates were released in late February 2021. The same flaw was also exploited in January in attacks targeting SonicWall’s internal systems and later indiscriminately abused in the wild.

Two months ago, in July, SonicWall warned of an increased risk of ransomware attacks targeting unpatched end-of-life (EoL) SMA 100 series and Secure Remote Access (SRA) products.

CrowdStrike and Coveware security researchers added to SonicWall’s warning saying that the ransomware campaign was ongoing. CISA confirmed the researchers’ findings three days later, warning that threat actors were targeting a previously patched SonicWall vulnerability

BleepingComputer also reported at the time that HelloKitty ransomware had been exploiting the vulnerability (tracked as CVE-2019-7481) for a few weeks before SonicWall’s ‘urgent security notice’ was issued.

SonicWall recently revealed that its products are used by more than 500,000 business customers in over 215 countries and territories worldwide. Many of them are deployed on the networks of the world’s largest organizations, enterprises, and government agencies.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us