sonicwall (5)

13536919285?profile=RESIZE_400xOn 16 April, US DHS CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

Found in CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices.  Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks.  "Improper neutralization of speci

12739617887?profile=RESIZE_400xRecorded Future’s Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations.  TAG-100 exploited internet-facing devices and used open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic and trade entities.

  • TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmenta

9969000653?profile=RESIZE_400xActivity Summary - Week Ending on 30 December 2021:

  • Red Sky Alliance identified 18,056 connections from new IP’s checking in with our Sinkholes
  • 77-88-9-11.spider.yandex.com
  • Analysts identified 4,095 new IP addresses participating in various Botnets
  • Chaos in Japan
  • SonicWall
  • An Albania Hit, Aagain
  • Five Eyes on Log4j
  • Chinese Propaganda in Full Force
  • Ireland is getting Serious
  • Healthcare at Risk, Still
  • Free Peltier

Link to full report: IR-21-364-001_weekly364.pdf

8659482252?profile=RESIZE_400xActivity Summary - Week Ending 12 March 2021:

  • Super Keylogger being used as a Lure – ‘Super.Keylogee’
  • Red Sky Alliance identified 29,347 connections from new unique IP Addresses
  • Analysts identified 1,199 new IP addresses participating in various Botnets
  • Sality still reigns as our #1 Malware Variant
  • IcedID
  • Baby Elephants are Cute, but…….
  • Qualys and Accellion FTA
  • SonicWall hacking
  • FireEye Attack
  • Myanmar, China and Russia curtailing social media, No Surprise

Link to full report: IR-21-071-001_wee

8493658653?profile=RESIZE_400xActivity Summary - Week Ending 29 January 2021:

  • Red Sky Alliance observed 62 unique email accounts compromised with Keyloggers
  • Analysts identified 39,701 connections from new unique IP addresses
  • British Telecommunications has Compromised C2 Servers
  • Researchers identified 1,619 new IP addresses participating in various Botnets
  • Hancitor Malware
  • OSAMiner & Crypto-miner Campaigns
  • Zyxel Firewalls the Backdoor is Open
  • Mimecast Compromised
  • Malwarebytes Caught in the Wind, SolarWinds
  • Dell/SonicWall hit