Posts

SonicWall Partners On High Alert After Hack Exposes Tool Flaw


SonicWall’s 21,000 channel partners had a very long weekend after the company admitted a sophisticated cyberattack against its internal systems had revealed zero-day product vulnerabilities.

Silicon East President Marc Harrison and two of his employees put in 36 hours of work Saturday and Sunday with almost no sleep after the Milpitas, Calif.-based platform security vendor disclosed it was hacked in at 11:15 p.m. ET Friday. The Marlboro, N.J.-based partner has 17 customers with 800 users on versions of the NetExtender VPN client or SMA 100 product that were initially reported compromised.

Harrison said Silicon East spent between four and six hours Saturday turning off SSL-VPN connections for all impacted users, and ended up working until 2 a.m. ET Sunday. Then at 10:45 p.m. ET Saturday, SonicWall updated its guidance to tell customers that NetExtender didn’t have a zero-day vulnerability after all, and that only its Secure Mobile Access (SMA) 100 series product remains under investigation.

[Related: SonicWall Breached Via Zero-Day Flaw In Remote Access Tools]

As a result, Harrison and his associates returned to work Sunday morning to re-enable SSL-VPN access for the 14 customers and more than 400 employees at organizations using only NetExtender but not SMA 100. But given how extensively SSL-VPN connections have been used for remote work during COVID-19, Harrison needed to help the three clients and 400 users who were being blocked from work.

“This has been extreme pain,” Harrison said. “People are annoyed and upset, but understand it could have been a lot worse if they had been breached.”

For Silicon East’s three SMA 100 customers, Harrison attempted to follow SonicWall’s guidance to use NetExtender for remote access with the SMA 100 series while disabling Virtual Office, but couldn’t figure out how to do it. Harrison tried unsuccessfully to reach SonicWall tech support for 12 hours Sunday, and finally connected with someone Monday who told him they also weren’t aware of any way to do this.

“The workaround SonicWall published Saturday night is not implementable,” Harrison said. He expected SonicWall would provide partners with more…

Source…

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face


Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March—if not before, as a report by the threat-intelligence firm ReversingLabs suggests—a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients. An estimated eighteen thousand of them downloaded the malware-ridden updates, which were embedded in a SolarWinds product called Orion. Once they did, the hackers were able to roam about customers’ networks, undetected, for at least nine months. “This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the Cybersecurity and Infrastructure Security Agency (CISA) wrote, in its assessment of the breach. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.” CISA, which is part of the Department of Homeland Security, is a SolarWinds client. So is the Pentagon, the Federal Bureau of Investigation, and U.S. Cyber Command.

By now, hacking has become so routine that it’s hardly remarkable. Each morning, I wake up to an e-mail from the cybersecurity firm Recorded Future, listing the hacking groups and targets that its algorithms have uncovered in the previous twenty-four hours. The hackers have cute names, such as Lizard Squad and Emissary Panda. Their targets are a mix of commercial businesses—such as Sony and Lord & Taylor—and government sites, including those of the State Department, the White House, the Air Force, and the Securities and Exchange Commission. Most days, I also get an alert from M.S.-ISAC, the Multi-State Information Sharing and Analysis Center, the real-time threat-reporting division of the nonprofit Center for Internet Security, disclosing newly discovered vulnerabilities. There is never a day when there aren’t numerous attacks and multiple software systems…

Source…

Russian hack of US agencies exposed supply chain weaknesses – CBS17.com


WASHINGTON (AP) — The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.

It wasn’t surprising that hackers were able to exploit vulnerabilities in what’s known as the supply chain to launch a massive intelligence gathering operation. U.S. officials and cybersecurity experts have sounded the alarm for years about a problem that has caused havoc, including billions of dollars in financial losses, but has defied easy solutions from the government and private sector.

“We’re going to have to wrap our arms around the supply-chain threat and find the solution, not only for us here in America as the leading economy in the world, but for the planet,” William Evanina, who resigned last week as the U.S. government’s chief counterintelligence official, said in an interview. “We’re going to have to find a way to make sure that we in the future can have a zero-risk posture, and trust our suppliers.”

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The sheer number of steps in that process, from design to manufacture to distribution, and the different entities involved give a hacker looking to infiltrate businesses, agencies and infrastructure numerous points of entry.

This can mean no single company or executive bears sole responsibility for protecting an entire industry supply chain. And even if most vendors in the chain are secure, a single point of vulnerability can be all that foreign government hackers need. In practical terms, homeowners who construct a fortress-like mansion can nonetheless find themselves victimized by an alarm system that was compromised before it was installed.

The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code…

Source…

How Did The Parler Hack Happen? WordPress Security Issues Lead the Way


Parler, the Twitter rip-off that served as one of the main organizing tools for the Donald Trump fanatics who stormed the U.S. Capitol on Jan. 6, has been largely offline for more than a week. But even in suspended animation, the preferred online home for QAnon, the Proud Boys, and other elements of the American far-right is still creating trouble.

Decisions by Amazon, Apple, and Google to quit hosting the site and forbid mobile users to download the app have triggered cries of Big Tech censorship. First Amendment and internet regulation politics aside, the way Parler gushed data on its way out the door raises serious cybersecurity questions as well as worries about whether other players on the internet have data breaches in their future.

Though it’s impossible to verify without peeking under Parler’s hood—a task now impossible since the website is offline—the prevailing narrative is that a Parler security flaw (or flaws) allowed a white-hat hacker to download and archive all of Parler’s user data shortly before Amazon Web Services pulled the plug on hosting the site. Among the data presented for the public (and law enforcement) to access included, in some cases, potentially incriminating location data.

Parler relied on Worpress, the world’s most-used content management system. That has led to speculation that WordPress was part of the flaw and that anyone else using WordPress was in danger. However, according to a general consensus of cybersecurity experts, including several contacted for this article, Parler’s data breach didn’t happen simply because Parler used WordPress. Instead, Parler’s user data leaked because CEO John Matze and the site’s architects left major flaws in Parler’s API, the link between Parler’s front-end and its user data.

See Also: Elon Musk Blames Facebook and Mark Zuckerberg For Capitol Riot

The “predominant belief” is “that Parler was a rushed, poor design buoyed by right-leaning investors to become pretty large before they really had built a solid foundation, technologically speaking,” Andrew Zolides, a professor of communications at Xavier University who teaches courses in digital design told Observer. (Among…

Source…