Tag Archive for: Firewalls

Cisco warns of attacks on network routers, firewalls


Cisco’s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls.

The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017.  That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017

But as Cisco and the government agencies noted, similar exploits are being aimed at a broad set of multivendor networking gear, potentially including Juniper, Extreme, Allied-Telesis, HP and others.

“The warning involves not just Cisco equipment, but any networking equipment that sits at the perimeter or that might have access to traffic that a significantly capable and well-tooled adversary might have an interest in intercepting and modifying,” said JJ Cummings, Cisco Talos Threat Intelligence & Interdiction team lead. Cummings leads the Talos team tasked with nation-state, critical infrastructure, law enforcement, and intelligence-based concerns.

In a blog noting the increase in threats, Cisco Talos wrote: “We have observed traffic manipulation, traffic copying, hidden configurations, router malware, infrastructure reconnaissance, and active weakening of defenses by adversaries operating on networking equipment. Given the variety of activities we have seen adversaries engage in, they have shown a very high level of comfort and expertise working within the confines of compromised networking equipment.”

National intelligence agencies and state-sponsored actors across the globe have attacked network infrastructure as a primary target, Cisco stated. “Route/switch devices are stable, infrequently examined from a security perspective, are often poorly patched and provide deep network visibility.”

Source…

Zyxel warns of flaws impacting firewalls, APs, and controllers


Zyxel networking devices

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.

While the vulnerabilities aren’t rated as critical, they are still significant on their own and can be abused by threat actors as part of exploit chains.

Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors.

The four flaws disclosed in Zyxel’s advisory are the following:

  • CVE-2022-0734: Medium severity (CVSS v3.1 – 5.8) cross-site scripting vulnerability in the CGI component, allowing attackers to use a data-stealing script to snatch cookies and session tokens stored in the user’s browser.
  • CVE-2022-26531: Medium severity (CVSS v3.1 – 6.1) improper validation flaw in some CLI commands, allowing a local authenticated attacker to cause a buffer overflow or system crash.
  • CVE-2022-26532: High severity (CVSS v3.1 – 7.8) command injection flaw in some CLI commands, allowing a local authenticated attacker to execute arbitrary OS commands.
  • CVE-2022-0910: Medium severity (CVSS v3.1 – 6.5) authentication bypass vulnerability in the CGI component, allowing an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

The above vulnerabilities impact USG/ZyWALL, USG FLEX, ATP, VPN, NSG firewalls, NXC2500 and NXC5500 AP controllers, and a range of Access Point products, including models of the NAP, NWA, WAC, and WAX series.

Impacted firewall products
Impacted firewall products (Zyxel)

Zyxel has released the security updates that address the problems for most of the impacted models.

However, admins must request a hotfix from their local service representative for the AP controllers as a fix is not publicly available.

For the firewalls, USG/ZyWALL addresses the issues with firmware version 4.72, USG FLEX, ATP, and VPN must upgrade to ZLD version 5.30, and NSG products receive the fix via v1.33 patch 5.

While these vulnerabilities are not critical, it is still strongly advised that network admins upgrade their devices as soon as possible.

This advice is especially important for US companies as we head into a holiday weekend when it is…

Source…

Introduction to Cyber Security Part 2 – Easy to understand basics: Firewall types



WatchGuard’s mid-range firewalls protect small and midsize businesses against encrypted malware


WatchGuard Technologies released new Firebox M290, M390, M590, and M690 unified threat management appliances for small and midsize businesses. These new firewalls deliver increased security and the fastest performance of any mid-range Firebox appliance, with the processing power to handle encrypted and HTTPS traffic.

In addition, new expandable ports and integration with WatchGuard Cloud enable these firewalls to offer the flexibility needed to accommodate changing networking and security needs for customers and service provider partners.

As the threat landscape evolves, performance and flexibility are both critical for organizations looking to secure their network. Our recent Q2 2021 Internet Security Report found that more than 91% of malware attacking networks is encrypted,” said Corey Nachreiner, CSO at WatchGuard.

“It’s therefore essential for small and midsized organisations, or the partners servicing them, to have security solutions capable of processing encrypted traffic without negatively impacting overall performance. Our new mid-range M Series appliances deliver this capability and provide tools to simplify the deployment and ongoing management of these solutions as part of our WatchGuard Unified Security Platform.”

In another example of WatchGuard’s commitment to cross-platform integration, it’s easy to deploy, manage and create policies for these new Fireboxes from WatchGuard Cloud. Service providers can share configurations across multiple appliances and clients via templates and deploy appliances remotely from the Cloud.

A cohesive 30-day view of log data, fast log search and automated reporting greatly increases visibility. In addition, the new Firebox appliances integrate seamlessly with other solutions across the WatchGuard portfolio – including AuthPoint multi-factor authentication, WatchGuard Wi-Fi Access Points, and ThreatSync endpoint-network telemetry – to greatly simplify traditionally complex security management.

The new Firebox M290, M390, M590 and M690 appliances offer several enhancements and benefits including:

  • Faster and more powerful. Each appliance has been designed to optimise HTTPS content inspection throughput, which…

Source…