Malwarebytes was targeted through a different attack vector involving applications with privileged access to Microsoft Office 365 and Azure environments.
GENERATE SONICWALL REGISTRATION CODE SOFTWARE
Both FireEye and Malwarebytes were targeted by the same threat actor that is associated with the Russian intelligence services and which was also responsible for the larger software supply chain attack involving poisoned SolarWinds software updates. SonicWall is the third cybersecurity vendor to recently announce a security breach after FireEye and Malwarebytes. A SonicWall representative tells CSO via email that the company is not divulging additional information at this time beyond what was released in its alert. The company did not release any information about attack payloads, tools or other indicators of compromise (IOCs). It's not clear what the hackers who targeted SonicWall were after and whether their goal was cyberespionage or had a financial motive, like with ransomware and other types of extortion. Instructions on configuring these features are included in the SMA 10.2 administration guide. Administrators can also use the Login Schedule feature to create a policy and timetable of when users are allowed to be authenticated and when they should be automatically logged off. It's also advisable to enable and configure the End Point Control feature which forces a security check of the user's environment and device before allowing a VPN connection to be established. TOTP can also be enabled to work in addition to LDAP authentication for SSL-VPN connections on SonicWall appliances.Īn additional recommendation is to enable the Geo-IP/botnet filtering to create a policy to block web traffic from countries that don't need to access applications through the SMA appliance. SMA supports time-based one time passwords (TOTP) generated with mobile apps such as Google Authenticator.
GENERATE SONICWALL REGISTRATION CODE SERIES
"We have determined that this use case is not susceptible to exploitation." SMA 100 Series customers urged to take actionĪccording to the company, it is critical for SMA 100 series customers to enable multi-factor authentication. "Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series," the company said. It can be combined with a VPN-client such as the NetExtender VPN client. The SMA 100 series appliances are access management gateways for small- and medium-sized businesses that allow them to provide browser-based and VPN-based access to remote employees to the company's internal resources, or even hybrid resources hosted in the cloud. The only vulnerable products remain the SMA 100 series appliances which include SMA 200, SMA 210, SMA 400, SMA 410 and SMA 500v (virtual). The company determined that no generation of SonicWall firewalls is impacted and neither are the NetExtender VPN client, SonicWall SonicWave APs or SMA 1000 Series. However, after further investigation, the list of vulnerable products was revised Saturday. Initially the company suspected that several of its Secure Mobile Access (SMA) series physical and virtual appliances, as well as the NetExtender VPN client and SonicWall firewalls were vulnerable. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company said in an alert on its website late Friday. Firewall and network security appliance manufacturer SonicWall is urging customers to take preventive actions after its own systems were attacked through previously unknown vulnerabilities in some of its products.
0 kommentar(er)
