Firewall News

Fortinet Announces the Industry’s First Wi-Fi 7–Enabled Secure Networking Solution

/0 Comments/in , /by

New Wi-Fi 7 access point and 10 Gigabit Power over Ethernet switch unlock 2x faster speeds and increased capacity for Fortinet’s integrated portfolio of secure wired and wireless offerings

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the industry’s only comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet’s first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet (GE) access and 90W Power over Ethernet (PoE) technology to support Wi-Fi 7 bandwidth requirements. These new devices deliver the cutting-edge wireless performance today’s enterprises need and, as a part of the Fortinet Secure Networking solution, seamlessly integrate with AIOps and FortiGuard AI-Powered Security Services for unmatched security, visibility, and control.

“Fortinet is the only vendor converging networking technology and AI-powered security into a single, holistic solution to connect and protect the wired and wireless LAN,” said John Maddison, Chief Marketing Officer and EVP, Product Strategy at Fortinet. “With today’s news, we’re putting the latest wireless technology breakthrough into the hands of customers, who can now take advantage of Wi-Fi 7’s increased throughput while keeping their wireless traffic secure and their business efficient.”

Helping customers harness the power of Wi-Fi 7

Enterprises are eager to embrace the increased speed and bandwidth of Wi-Fi 7, the latest generation of wireless technology, to support data-heavy applications and wireless devices in their networks. However, new technologies like Wi-Fi 7 can expand an organization’s attack surface, and legacy security solutions may struggle to inspect and secure the increase in data-rich traffic. In today’s sophisticated, constantly evolving threat landscape, organizations cannot leave gaps in their security posture unchecked. Fortinet’s comprehensive Secure Networking solution supports Wi-Fi 7 while delivering the enterprise-grade protection, AI-powered security, and AIOps automation capabilities customers need to keep their wireless traffic secure.

New AP and switch bring Wi-Fi 7 to the enterprise

The new FortiAP 441K and FortiSwitch T1024 are the latest innovations within the Fortinet Secure Networking solution, which converges networking technologies with AI-powered security across all edges. The FortiAP 441K leverages the Wi-Fi 7 Qualcomm® Networking Pro 1220 Platform from Qualcomm Technologies, Inc., a leading wireless technology innovator at the forefront of the development of Wi-Fi 7, and delivers the following benefits:

  • Up to 2x faster connection speeds: The FortiAP 441K delivers lightning-fast wireless connections that are up to 2x faster for the same configuration.
  • Faster data transfer than ever before: Support for 4096 QAM enables faster data transfer, which is critical for bandwidth-heavy enterprise applications, such as video streaming and collaboration tools.
  • Lower latency: By using 320MHz channels, a single FortiAP 441K can leverage a wider spectrum to improve data speeds and reduce latency to ensure a positive end-user experience.
  • Better load balancing and reduced interference: Flexible channel utilization through preamble puncturing and advanced multi-link operation ensures highly resilient and reliable connections to keep businesses online and productive.

To take full advantage of all the benefits of Wi-Fi 7, organizations must ensure their underlying network infrastructure can accommodate the increased speed and capacity demands. The new FortiSwitch T1024 10 GE access switch with 90W PoE was designed specifically to support new Wi-Fi 7–enabled APs. When customers use the new AP and switch together, they can harness the faster speed, power, and performance of Wi-Fi 7 and ensure an excellent experience for all users and devices.

The industry-leading Fortinet Secure Networking solution

The Fortinet Secure Networking solution is a part of Fortinet’s cybersecurity platform—the Fortinet Security Fabric—and because of this tight integration, organizations can seamlessly converge networking devices with cutting-edge security. This enables customers to use FortiGate Next-Generation Firewalls as wireless controllers to benefit from FortiGuard AI-Powered Security Services like advanced malware protection, sandboxing, and web filtering. Customers can also leverage FortiAIOps, Fortinet’s AI for IT operations tool, to generate real-time insights into potential network issues and automate manual tasks throughout the WAN and LAN. And with the introduction of Wi-Fi 7, the solution delivers all these capabilities with industry-leading wireless speed and capacity.

Supporting Quotes

“Qualcomm Technologies is pleased to continue collaborating closely with Fortinet to pair next-gen Secure Networking solutions with our Qualcomm Networking Pro 1220 platform. The Qualcomm Networking Pro 1220 platform in the FortiAP 441K is designed to set new benchmarks for enterprise networking performance with massive capacity, wire-like stability and blazing fast speeds, pushing the boundaries of what Wi-Fi can do in the modern enterprise.”
Ganesh Swaminathan, Vice President and General Manager, Wireless Infrastructure and Networking, Qualcomm Technologies, Inc.

“We forecast that in five years, over three-fourths of Enterprise WLAN revenue will come from Wi-Fi 7 access points, driven by demand to make use of the new 6 GHz spectrum. Coincident with the introduction of Wi-Fi 7 availability, we see a trend where organizations will demand that their Wi-Fi infrastructure is very tightly integrated with its security infrastructure. Fortinet is well positioned as one of the first major enterprise vendors to introduce Wi-Fi 7 and has aggressively incorporated security functions to its networking products.”
Chris Depuy, Co-Founder and Technology Analyst, 650 Group

“We were thrilled to learn that Fortinet was ahead of the curve with a Wi-Fi 7–capable access point. I have designed and installed wireless technology from myriad vendors for more than 20 years, but it wasn’t until the FortiAP 441K that I truly understood all of the networking, security, and spectrum analysis features missing from other vendors. Fortinet takes the technology to an entirely new level and have yet again exponentially exceeded all expectations by delivering world class connectivity, security, diagnostics and analytics in their latest wireless solution.”
– Mike Chase, SVP Solutions Engineering, AireSpring

Additional Resources

  • Read more about the FortiAP 441K, FortiSwitch T1024, and the impact of Wi-Fi 7.
  • Learn more about the Fortinet Secure Networking solution.
  • Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
  • Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

Qualcomm Networking Pro Series platforms are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark or registered trademark of Qualcomm Incorporated.

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

/0 Comments/in , /by

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The development came after the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – came under widespread exploitation of vulnerabilities by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.

The U.S. company acknowledged in an advisory that it has witnessed a “sharp increase in threat actor activity” starting on January 11, 2024, after the shortcomings were publicly disclosed.

“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems,” the agency said.

Ivanti, which is expected to release an update to address the flaws next week, has made available a temporary workaround through an XML file that can be imported into affected products to make necessary configuration changes.

CISA is urging organizations running ICS to apply the mitigation and run an External Integrity Checker Tool to identify signs of compromise, and if found, disconnect them from the networks and reset the device, followed by importing the XML file.

In addition, FCEB entities are urged to revoke and reissue any stored certificates, reset the admin enable password, store API keys, and reset the passwords of any local user defined on the gateway.

Cybersecurity firms Volexity and Mandiant have observed attacks weaponizing the twin flaws to deploy web shells and passive backdoors for persistent access to compromised appliances. As many as 2,100 devices worldwide are estimated to have been compromised to date.

The initial attack wave identified in December 2023 has been attributed to a Chinese nation-state group that is being tracked as UTA0178. Mandiant is keeping tabs on the activity under the moniker UNC5221, although it has not been linked to any specific group or country.

Threat intelligence firm GreyNoise said it has also observed the vulnerabilities being abused to drop persistent backdoors and XMRig cryptocurrency miners, indicating opportunistic exploitation by bad actors for financial gain.

2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

/0 Comments/in , /by
  •  Overall malware up 2%, with surges in IoT malware (+87%) and cryptojacking (+43%)
  • Ransomware attacks dipped 21% globally, but 2022 still second-highest year on record for global ransomware attempts (493.3 million)
  • Education (+157%), finance (+86%) and retail (+50%) verticals hit hardest by malware
  • Ukraine saw record levels of malware (25.6 million) and ransomware (7.1 million)
  • SonicWall discovered 465,501 ‘never-before-seen’ malware variants in 2022
  • Intrusion attempts against Log4j vulnerabilities eclipsed 1 trillion

MILPITAS, Calif. — February 28, 2023 — SonicWall, publisher of the world’s most quoted ransomware data and trusted cyberattack intelligence, today released the 2023 SonicWall Cyber Threat Report. The bi-annual report details an increasingly diversified cyberattack landscape amid shifting threat actor strategies. SonicWall recorded the second-highest year on record for global ransomware attempts, as well as an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) in 2022.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

Threat Actors Shift Strategies, Opt for Covert Cyberattack Methods

Global malware volume increased 2% year-over-year, but it was jumps in IoT malware (+87%) and cryptojacking (+43%) that offset the decline of overall global ransomware volume (-21%), signifying a strategic shift. Threat actors have embraced slower and more stealthy approaches to achieve financially-motivated cyberattacks.

“Cyberattacks are an ever-present danger for companies of all sizes, putting their operations and reputation on the line,” said SonicWall Threat Detection and Response Strategist Immanuel Chavoya. “It is crucial for organizations to understand attackers’ tactics, techniques and procedures (TTPs), and commit to threat-informed cybersecurity strategies to defend and recover successfully from business-disrupting events. This includes stopping sophisticated ransomware attacks as well defending emerging threat vectors, including IoT and cryptojacking.”

In addition to cyberattacks becoming more sophisticated and covert, threat actors are showing clear preferences for certain techniques, with notable shifts toward weak IoT devices, cryptojacking and potentially soft targets like schools and hospitals.

Prominent ransomware attacks impacted enterprises, governments, airlines, hospitals, hotels and even individuals causing widespread system downtime, economic loss and reputational damage. Following global trends, several industries faced large year-over-year increases of ransomware volume, including education (+275%), finance (+41%) and healthcare (+8%).

Diverse Attacks Offset Global Ransomware Decline

Cybercriminals are using increasingly advanced tools and tactics to exploit and extort victims, with state-sponsored activity growing as a concern. While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs and enterprises.

The 2023 SonicWall Cyber Threat Report provides insight on a range of cyber threats, including:

  • Malware – Total volume was up 2% in 2022 after three straight years of decline — just as SonicWall predicted in the 2022 SonicWall Cyber Threat Report. Following that trend, Europe as a whole saw increased levels of malware (+10%) as did Ukraine, which had a record 25.6 million attempts, suggesting malware was used heavily in regions impacted by geopolitical strife. Interestingly, malware was down year-over-year in key countries like the U.S. (-9%), U.K. (-13%) and Germany (-28%).
  • Ransomware – Although overall ransomware numbers saw a 21% decline globally, the total volume in 2022 was higher than 2017, 2018, 2019 and 2020. In particular, total ransomware in Q4 (154.9 million) was the highest since Q3 2021.
  • IoT Malware – Global volume rose 87% in 2022, totaling 112 million hits by year’s end. With no corresponding slowdown in the proliferation of connected devices, bad actors are likely probing soft targets to leverage as potential attack vectors into larger organizations.
  • Apache Log4j – Intrusion attempts against the industry’s Apache Log4j ‘Log4Shell’ vulnerability eclipsed 1 trillion in 2022. The vulnerability was first discovered in December 2021 and has been actively exploited since.
  • Cryptojacking – Use of cryptojacking as a ‘low and slow’ approach continued to surge, rising 43% globally, which is the most SonicWall Capture Labs threat researchers have recorded in a single year. The retail and financial industry felt the sting of cryptojacking attacks, seeing 2810% and 352% increases, respectively, year-over-year.

“Cyberattacks of all varieties continue to hinder organizations worldwide,” said Logically Chief Operating Officer Keith Johnson. “SonicWall’s annual intelligence report gives us a deeper understanding of the current threat landscape and helps breakdown why cyberattacks continue to be successful, as well as the drivers and trends behind them. By making this report available to partners, SonicWall helps elevate us as trusted advisors and strengthens our ability to provide sound security measures to our customers.”

Patented RTDMI Discovered more than 465,000 ‘Never-Before-Seen’ Malware Variants in 2022

SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMITM) technology identified a total of 465,501 never-before-seen malware variants in 2022, a 5% year-over-year increase and an average of 1,279 per day. Dating to 2019, this is the fourth straight year RTDMI increased its total of malware discoveries.

To learn more about SonicWall and get the complete 2023 SonicWall Cyber Threat Report, please visit SonicWall.com/ThreatReport.

About SonicWall Capture Labs

SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

 

Top 10 tips to protect your privacy and safety during the online shopping season and beyond

/0 Comments/in /by

Digital pick pockets are ready to pounce so use these Sophos security practices on Cyber Monday – and every other day too.
Written by Chester Wisniewski
November 21, 2023
Products & Services Privacy Security web security

As the online shopping season ramps up in many parts of the world, these ten top tips will help you maintain your privacy and safety so you can shop with confidence.

  1. Use an ad blocker – Advertisements are not only tracking your every movement and collecting enough information on your habits to make the FBI blush, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are uBlock Origin and Ghostery.
  2. Use private browsing or incognito mode – To prevent your shopping habits and interests from following you around from site to site (and potentially revealing what gifts you might be purchasing to others using your device, bonus!), you should enable private browsing (Firefox) or incognito mode (Chrome). This will block tracking cookies and help the internet forget your travels as the waves wash away your footprints in the sand.
  3. Make your browser “privacy smart” – The Electronic Frontier Foundation (EFF) provides a browser extension called Privacy Badger designed to automatically make all the right choices around browsing whilst maintaining our privacy and blocking invisible trackers.
  4. Avoid using one account on multiple services – When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants.
  5. Use guest login when available – In addition to letting you use an account from other websites, many have an option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business on a recurring basis. Fewer passwords, fewer personal details, fewer problems if they get hacked.
  6. Don’t save card details – Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary.
  7. Use temporary card numbers – Many financial institutions now offer temporary or one-time use credit card numbers. You can open the app on your phone or in your browser and get a single-use disposable credit card number preventing card fraud and tracking when merchants share card processors. Sometimes you’re even able to specify a card limit per temporary number to further protect your account.
  8. Use credit, not debit – All of us need to be wary of overspending during the holidays, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash.
  9. Beware of direct messages via social media/chat apps – With modern generative AI technology it is almost trivial to create an entire fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft.
  10. Don’t click deals in email that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious web sites.
About the Author

Chester Wisniewski

Chester Wisniewski is Director, Global Field CTO at next-generation security leader Sophos. With more than 25 years of security experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.

Chester works with Sophos X-Ops researchers around the world to understand the latest trends, research and criminal behaviors. This perspective helps advance the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. Having worked in product management and sales engineering roles earlier in his career, this knowledge enables him to help organizations design enterprise-scale defense strategies and consult on security planning with some of the largest global brands.

Based in Vancouver, Chester regularly speaks at industry events, including RSA Conference, Virus Bulletin, Security BSides (Vancouver, London, Wales, Perth, Austin, Detroit, Los Angeles, Boston, and Calgary) and others. He’s widely recognized as one of the industry’s top security researchers and is regularly consulted by press, appearing on BBC News, ABC, NBC, Bloomberg, Washington Post, CBC, NPR, and more.

When not busy fighting cybercrime, Chester spends his free time cooking, cycling, and mentoring new entrants to the security field through his volunteer work with InfoSec BC. Chester is available on Mastodon (securitycafe.ca/@chetwisniewski).

For press inquiries, email chesterw [AT] sophos [.] com.

 

SonicWall Acquires Managed Detection and Response Services Tailor-Made for MSPs/MSSPs

/0 Comments/in , /by

Acquiring Solutions Granted, Inc. expands SonicWall’s cybersecurity solutions creating a cost-effective, flexible, and technology-driven managed security offering

MILPITAS, Calif. — November 16, 2023 — SonicWall, a global cybersecurity leader, today announced the acquisition of Solutions Granted, Inc. (SGI), a top Managed Security Service Provider (MSSP), delivering world-class cybersecurity solutions to hundreds of Managed Service Providers (MSPs). The acquisition reinforces SonicWall’s commitment to its valued partners and extends its portfolio to include U.S.-based Security Operations Center services (SOCaaS), Managed Detection and Response (MDR), and other managed services that are tailor-made for MSPs and MSSPs.

“IT teams have turned to MDR and other managed services to identify and triage digital threats – it’s a critical need we are now excited to offer,” said SonicWall President and CEO Bob VanKirk. “Together, SonicWall and Solutions Granted will empower cybersecurity and technology service providers with economical threat defense solutions and extend a world-class, comprehensive portfolio that streamlines managing security across customer environments with automated threat detection and response services.”

The acquisition aligns with SonicWall’s outside-in approach, providing partners with a best-of-suite, comprehensive and flexible portfolio that accelerates their growth.

“Solutions Granted’s understanding of the critical nature of MSPs/MSSPs operations has helped us create an integrated approach for end-to-end managed threat protection that enables customers to navigate the turbulent cybersecurity landscape with confidence and resilience,” said CEO of Solutions Granted Michael Crean. “Today’s MSPs and MSSPs increasingly need a platform of managed security solutions rather than point solutions. The combination of SonicWall and Solutions Granted delivers services specifically designed for today’s partners – giving them a distinct competitive edge.”

Today’s cybersecurity partners need highly automated solutions to quickly identify and respond to new threats across the entire customer environment – including network, endpoints, servers, and cloud. This combined offering will also leverage the latest in AI to provide a differentiated, effective, and highly proficient service.

“Having been a SonicWall partner for over 20 years and also having experience with Solutions Granted’s MDR and other managed services, this is a win for SonicWall’s portfolio,” said Dan Browne, President of DTM Consulting, an MSP and longtime SonicWall and SGI partner. “In this economic climate, vendors need to be as flexible as ever to help us provide solutions to combat this ever-escalating threat landscape faced by managed service providers. The combination of SonicWall and Solutions Granted will help partners address the demands of providing cybersecurity solutions to clients around the world.”

For more information about SonicWall and its newest acquisition please attend: https://www.brighttalk.com/webcast/5052/600250.

About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as the leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

About Solutions Granted, Inc.
Solutions Granted, Inc. is a Master Managed Security Services Provider (Master MSSP) that offers cybersecurity solutions to North American MSPs and MSSPs and are committed to delivering solutions without requiring long term contracts. Solutions Granted is proud to offer many security layers as well as a 24×7 U.S.-based Security Operations Center (SOC). Over the past several years, Solutions Granted has emerged as a clear leader in the channel, by winning countless awards including the CRN Security 100 list (2019, 2020, 2021, 2022, and 2023), Top 100 MSSP List (2018), Top Global MSSP List (2019, 2020, 2021, and 2022), and Blackberry Cylance MSSP Partner of the Year (2018, 2019, 2020, 2021, and 2022). Learn more at www.SolutionsGranted.com.

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability Jan 17, 2024

/0 Comments/in , /by

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.

The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.

Cybersecurity

“By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service,” according to MITRE’s Common Weakness Enumeration (CWE).

Additional details about the nature of the attacks and the threat actors that may be exploiting it have been withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024.

“Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” reads a description of the flaw on the NIST’s National Vulnerability Database (NVD).

Cybersecurity

The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of 8 such actively exploited zero-days in the browser.

Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

 

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

/0 Comments/in , , , /by

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

On April 24, 2020, Sophos published knowledge base article KBA135412 which included necessary remediation steps to address vulnerability CVE-2020-12271.

Sophos is enforcing a password reset for the XG administrator and all other local administrator accounts that have not reset passwords since the security hotfix was applied at 2200 UTC on April 25, 2020. Where required, administrative accounts will be prompted to change passwords upon logging into an XG Firewall. The instructions for resetting a forgotten administrator password can be found in KBA123732.

For some configurations, additional remediation actions are required as contained in KBA135412.

 

SONICWALL TZ300P REVIEW: A MULTI-SITE MARVEL

/0 Comments/in /by

A competitively priced desktop UTM appliance, with plenty of security and management features

Appliance with 1yr TotalSecure Advanced

Pros: Great monitoring capabilities; Simple multi-site deployment; Granular configuration options

Cons: No transparent email scanning

Verdict: The SonicWall TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Targeting SMBs and remote offices, the TZ300P is one of SonicWall’s most versatile desktop appliances yet. Alongside a stiff set of unified threat management (UTM) security measures, it delivers software defined WAN (SD-WAN) services and wireless AP management – and, for good measure, it even supports PoE.See related WatchGuard Firebox M670 review: Dazzling valueZyxel Nebula Control Center 2019 review: Takes all the pain out of networkingSophos XG 125w review

Recommended for up to 25 users, the TZ300P boasts a raw firewall throughput of 750Mbits/sec, dropping to 235Mbits/sec with UTM services enabled. The compact box offers five Gigabit Ethernet ports, one of which is set aside for WAN duties, while the rest are available for LAN usage. Two of these are PoE-enabled, which is handy – just note that the small 35W power threshold means that it will only drive a single PoE+ device. The other notable connector is a USB port, which can provide WAN redundancy via a 3G or 4G mobile adapter.

The appliance itself costs £720 to buy, rising to £1,085 with a one-year TotalSecure Advanced subscription. This really unlocks the potential of the device, not only entitling you to 24/7 support, but enabling IPS, antivirus and anti-spyware functions. It also activates content filtering, application intelligence and Capture ATP, which watches for files such as Office documents, PDFs and executables, scans them in its cloud sandbox and only releases them if they pass a barrage of malware tests.

The latest SonicOS firmware sports a fresh web console exposing a wealth of information. Graphs and charts show appliance utilisation, security service status, the latest threats, risky apps, bandwidth consumption and the busiest users.

There’s also a quick-start wizard, which helped us set up the LAN and WAN ports for internet access and apply a security policy to the default zone. Optionally you can create multiple security zones, each with its own settings, and place selected ports in different zones. Zero-touch provisioning even allows you to send appliances to remote sites, where they will pick up their configuration as soon as they connect to the internet.

The various security features are very flexible. Virus scanning can be enabled for selected zones, using one global configuration for HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams. HTTPS inspection can be easily enabled too, while web filtering uses either the basic SonicWall CFS or the premium WebSense Enterprise hosted service, which costs an extra £179 per year.

The content filtering module is just as configurable: we were easily able to create filtering profile objects using the 64 available URL categories, assign action objects to block access and apply an acceptable use policy to redirect users to a consent web page.

Then there’s app control, which you’ll find on the console’s new Investigate page. From here, you can freely browse the AppFlow logs, and if you spot any suspect apps you can create an instant rule to block or monitor them. Advanced control rules are more complex to create, as they use signature IDs to identify specific activities, but if you’ve had enough of Facebook in the workplace, you can manage or block any of its services.

On top of all this, you may choose to pay £182 per year for the optional anti-spam module. This handles spam, phishing and suspicious attachments, while the Exchange Junk Store feature allows users to view their personal quarantine areas and delete or release messages. It doesn’t offer transparent scanning, though, so you need to set it up with details of your email server.

As a final bonus, if you’re using more than one SonicWall appliance, the Capture Security Center service lets you manage them all from one central cloud console, with an impressive collection of analytics and reporting services.

No doubt, the TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Specifications:

Desktop appliance
800MHz dual-core CPU
1GB RAM
5 x Gigabit (WAN, 4 x LAN with 2 x PoE or 1 x PoE+)
USB 3
RJ-45 serial port
Web browser and CSC cloud management
External PSU
1yr hardware warranty and support
Options: Anti-spam service, £182 per year (exc VAT)

Sophos Firewall Manager and iView – Centralized management and reporting for all your XG Firewalls

/0 Comments/in /by

Along with the new XG Firewall, we’ve also launched brand-new centralized management and reporting solutions that make managing multiple devices easy. I thought I would take this opportunity to tell you a bit more about Sophos Firewall Manager and iView, and encourage you to learn more and download the free trials.

Sophos Firewall Manager

Whether you have a few firewalls, or a few hundred, Sophos Firewall Manager (SFM) makes managing all your XG Firewalls easy with a comprehensive suit of helpful tools.

It starts at the Sophos Firewall Manager home screen that utilizes traffic-light style indicators to provide at-a-glance status for your various firewalls. You can instantly identify any devices that have security, resource, licensing or availability issues, from the new device-health monitor.

You can also take advantage of a variety of other views of your devices under management including a helpful flat NOC-type overview …

or a card view …

If you need to drill down to a specific Firewall, that’s easy and rewarding with a rich amount of detail visible at a glance …

But we know you can’t keep your eyes fixed on the screen all day long so that’s why Sophos Firewall Manager offers a comprehensive set of configurable alerts to get notifications on a broad range of events including subscription expiry, gateway status change, excessive disk usage, ATP events, IPS and virus threat counts, unhealthy surfing, and much more.

All the thresholds for status and alerts are completely customizable, ensuring you only get alerted when it’s important.

Sophos Firewall Manager also makes it easy to manage large groups of firewall devices with flexible and convenient grouping and sorting options. Conveniently group devices by model, firmware, country, device name and more for quick and easy action, management, and monitoring.

But that’s just the start – there’s a full set of powerful tools to make your job easier:

  • Streamline enrollment of new devices with a convenient wizard
  • Push, pull or replicate polices across your firewalls easily to ensure consistency
  • Utilize configuration templates to save time and effort setting up a new firewall
  • Centrally manage and monitor updates

And if you need flexible controls, Sophos Firewall Manager has you covered there too with role-based admin to delegate access to various staff based on their functions along with rigorous change control and audit logging.

Sophos iView

Sophos iView complements Sophos Firewall Manager perfectly, providing comprehensive, consolidated reporting across not only multiple XG Firewall devices, but UTM 9 and CyberoamOS devices as well.

Sophos iView includes:

  • Intelligent centralized reporting and analytics
  • Consolidated reporting across multiple firewalls or customers
  • Support for XG Firewall, UTM 9, and Cyberoam firewall devices
  • Easily monitor and analyze security risks across the entire network
  • Provide insight into specific device or customer usage, traffic, and risks
  • Compliance reporting for HIPAA, PCI-DSS, GLBA, and SOX
  • Convenient backup and long-term storage for all your firewall data

How to get started

You can download the SFM and iView datasheets or get started with a limited trial of each today. The Sophos Firewall Manager trial is limited to managing five XG Firewall devices, while the iView trial is limited to 100GB of data storage. Both should be plenty to get you started seeing the power and convenience these tools provide.

RUSSIA’S NEW ‘SOVEREIGN BILL’ COULD GIVE THE COUNTRY ITS OWN GREAT FIREWALL

/0 Comments/in /by

The world is well aware of China’s Great Firewall, which gives its government total power over the dissemination of content. Anything which falls outside the state parties’ propaganda is blocked or purged from the internet. Now we hear that a similar kind of situation could potentially be brewing in Russia as well.

President Vladimir Putin is proposing a “Sovereign Bill” which will let hub officials control the flow of information in the country. While the official version of the bill is to counter a cyber strategy the US adopted last year against the Kremlin, it is believed that the bill could be used to stifle political and civil unrest in the country.

The report by Bloomberg states that the bill has been made to create a single command post where the relevant authorities will be able to manage the content on the internet. The bill would also give these authorities, the metaphorical ‘killswitch’ to shut down any information deemed harmful for the government.

Russia has been internal criticism for blocking Telegram and streaming website Twitch, and since the re-election victory, Putin’s public support has reportedly been in a downslide. Russia ranks quite poorly in terms of internet freedom as well according to research done by Freedom House.

Andrei Lugovoiwho has co-authored this bill said as per the report, that officials have “absolutely no clue about the communications networks laid in Russia and cross-border connections—who owns them, how they’re used, what kind of information is sent.” He continued by saying that once the monitoring hub is set up, “we’ll be able to see all this online.”

It remains to be seen what exactly will this “Sovereign Bill” will be used for in Russia. At the moment we can only guess.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.