ASUS Software Updates Used for Supply Chain Attacks

ASUS update system hijacked to send out malicious updates to as many as half a million computers.

What has happened?

News has emerged that tech company ASUS has been delivering malware through its automated software update system. Based on our analysis, this supply chain attack started in June 2018 and continued through to at least late October. It may have affected up to half a million systems.

The Trojanized updates contained a form of backdoor program which attempted to connect to an attacker-controlled domain. The updates were signed with legitimate ASUS digital certificates.

Am I protected?

Symantec detects the Trojanized updates as Trojan.Susafone, Trojan.Susafone!gen1, Trojan.Susafone!gen2, and Trojan.Susafone!gen3.

What happens when the Trojanized updates are installed?

The Trojanized updates search for specific machines based on their unique MAC addresses. If specific MAC addresses are found, the installed updates attempt to connect to asushotfix[.]com. This domain is currently offline.

How many victims are there?

Symantec telemetry shows that at least 13,000 computers received the Trojanized updates. 80 percent of victims were consumers and 20 percent were from organizations. Our telemetry shows an even spread of victims across the globe.

Figure. Computers that received Trojanized ASUS updates were spread across the globe
Figure. Computers that received Trojanized ASUS updates were spread across the globe

What is the motivation behind the attack?

The attacker motivation is unclear at this time.

Who are the attackers behind this attack?

This is unknown at this time.

What is a supply chain attack?

Supply chain attacks attempt to exploit third-party services and software to compromise a final target. Hijacked software updates are one of the most common forms of supply chain attack. Similar campaigns in the past include the CCleaner attacks and the Petya campaign.

Symantec noted in its latest ISTR report how supply chain attacks increased by 78 percent in 2018.

Thanks to Kaspersky for sharing details related to these attacks.

watch gard firewall security

Fireware 12.4 Beta Release

Fireware 12.4 Beta
We’ve just posted the latest update to our Fireware 12.4 Beta release. This release, which is available for all Firebox appliances, continues WatchGuard’s commitment to building out our SD-WAN roadmap. We’ve seen very positive reaction to the features that we introduced in 12.3, and there has been lots of great feedback on 12.4 in the Beta forum so far. Some of the key highlights in 12.4 include:

  • SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.
  • DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway.
  • Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.
  • TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3.

Full details on these and other features in Fireware 12.4 are available in the What’s New presentation, which is posted at the Beta site. We’ve been in Beta for a couple of months now, and we are getting close to a stable final release, but we’d like to hear from more people.

Sign up to participate in the Fireware 12.4 Beta program today if you are not already in the program.

WatchGuard Beta Testing
By being a WatchGuard Beta tester, you get to see products in early stages of development, and your feedback will influence this release and the course of future products. Broad participation in our Beta programs also helps us to deliver high quality final releases. There are open Beta programs across 4 different product areas at the moment. You can always find out more at our Beta program page. If you’ve never joined a WatchGuard Beta program, this is a great time to jump in!

Sophos reveals why cybercriminals are caught on servers and networks, but detecting their time and point of entry remains a mystery, according to global survey findings

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced Sophos@SPIN, a two-day event featuring keynote presentations, breakout sessions and after party during RSA Conference 2019 on Tuesday, March 5, and Wednesday, March 6. During the Sophos@SPIN event, Sophos security experts and top executives are discussing the evolving threat landscape and how to protect against persistent, advanced attacks. Sophos is demonstrating the latest version of Synchronized Security with its next-generation Intercept X with EDR and XG Firewall endpoint and network solutions.

Sophos@SPIN is showcasing:

  • Key findings from Sophos’ global survey, 7 Uncomfortable Truths of Endpoint Security, which reveals why cybercriminals are most likely to be caught on servers and networks, but detecting their time and point of entry remains a mystery. Twenty percent of IT managers who were victim to one or more cyberattacks last year can’t pinpoint how the attackers gained entry, and 17 percent don’t know how long the threat was in the environment before it was detected. More survey highlights and commentary are available on Sophos’ Press Page and Sophos News
  • The latest techniques used in today’s threat landscape, including findings from the detailed SophosLabs Uncut report, “Gandcrab: Ransomware Deconstructed,” which explains inner workings of this widely distributed ransomware kit and why it is so popular among cybercriminals. Gandcrab is easily accessible on the surface web, but sold from a tiered licensing and commission model on the dark web. For additional information, go to SophosLabs Uncut on Sophos News
  • The SophosLabs Uncut five-part series, “Emotet 101: From Simple Spam Lure to Complex and Destructive Payloads,” which explains the how this multi-faceted malware has become more prevalent and dangerous over time. For additional information, go to SophosLabs Uncut on Sophos News
  • Two days of back-to-back presentations, including:
    • Threat Landscape Trends by Chester Wisniewski, principal research scientist, Sophos
    • In the IT Trenches: Real Stories From the Front Lines of Cyberattacks by Dan Schiappa, chief products officer, Sophos
    • Deep Understanding of Deep Learning: How to Think Like a Data Scientist to Defend Against Cyberattacks by Joshua Saxe, chief data scientist, Sophos
    • Tackling The Biggest Issue in Cloud Computing: Public Cloud Security and Complianceby Nikhil Gupta, vice president strategy, Cloud Security, Sophos
  • How Sophos Intercept X with EDR leverages on-demand curated threat intelligence from SophosLabs and machine learning to rapidly detect, prioritize, investigate and respond to incidents
  • Hands-on demos of Sophos’ latest release of XG Firewall with lateral movement protection. As part of Sophos Synchronized Security, companies can better manage and defend their network thanks to integration between endpoint and network solutions. Both XG Firewall and Intercept X are now available on Sophos Central’s cloud management platform
  • Its annual Sophos@SPIN after party on Wednesday, March 6 at 6:30 p.m. PT. Attendees can mix and mingle with Sophos experts while enjoying cocktails and friendly ping pong competitions
  • Prizes throughout the two-day event and at the after party, including the chance to win a MacBook Pro, Apple AirPods and much more

Symantec to Host Tech Talk: “Integrated Cyber Defense

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)– Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, will host a Tech Talk webcast in conjunction with RSA® Conference 2019. Greg Clark, President and CEO, and Hugh Thompson, CTO, will discuss Symantec’s technology innovation and leadership in securing the cloud generation. Interested parties can find more information on Symantec’s Investor Relations website at

No financial information will be presented on this webcast.

Date: Monday, March 4, 2019

Time: 11:00 am PT / 2:00 pm ET

Speakers: Greg Clark, President and CEO; Hugh Thompson, CTO

Dial-in Information:

Conference ID: 7450589
Participant Toll Free Dial-In Number: (866) 417-5469
Participant International Dial-In Number: (409) 937-8906

Links to the live and archived webcast will be available from the investor relations section of the company’s website at

About Symantec:

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on Facebook, Twitter, and LinkedIn.


  • Easy-to-use Wi-Fi cloud management, a mobile app and site-survey tools, help administrators plan, deploy and manage new high-speed wireless access points through a single pane of glass
  • New firewall series protects distributed, remote locations while simultaneously increasing performance, lowering total cost of ownership
  • New application security protects organizations’ business-critical cloud applications, migration to the cloud without affecting cost, employee productivity
  • Advanced Endpoint Detection and Response (EDR) capabilities provide active control of endpoint health

MILPITAS, Calif. —  SonicWall today announced new platform offerings and enhancements for small, mid-sized and distributed businesses and enterprises to protect against targeted attacks on wireless networks, cloud apps and endpoints. In addition to a new line of firewalls designed to consolidate security, networking and performance, SonicWall introduced new cloud-managed Wi-Fi access points and wireless planning tools designed to ease the deployment of global wireless networks.

The company also provides real-time protection for cloud applications, including Office 365, G Suite, Box and Dropbox, in addition to equipping organizations with advanced Endpoint Detection and Response (EDR) capabilities.

“Cybercriminals take advantage of unintentional gaps left in their security architecture fabric,” said SonicWall President and CEO Bill Conner. “SonicWall’s core mission is to empower organizations to improve their security posture and better protect against growing vulnerabilities. As our platform evolves, expands and integrates, we continue to deliver proven security solutions to organizations looking to enhance visibility, streamline processes and implement cost efficiencies.”

Seamlessly Plan, Secure Expanding Wireless Networks
To enhance wireless security and performance for SMBs and distributed enterprises, SonicWall delivers a range of new cloud-based deployment and management solutions.

SonicWall WiFi Cloud Manager and SonicWiFi mobile app simplify wireless access, control and troubleshooting capabilities across networks of any size or region, with single sign-on (SSO) access provided by the cloud-based Capture Security Center to ensure proper security measures are taken.

Provisioning new wireless hardware can often be time-consuming when taking adequate measures to ensure employees receive secure, high-performance wireless connectivity. Pairing SonicWall WiFi Cloud Manager with SonicWall Zero-Touch Deployment and wireless mesh networking allows wireless expansion to be accomplished within minutes. With Capture Security Center, administrators can also leverage the intuitive, easy-to-use SonicWall WiFi Planner surveying capabilities to design and deploy secure wireless networks that enhance the user experience and ensure workforce productivity.

Organizations can pair new SonicWave access points with SonicWall firewalls for high-speed 802.11ac Wave 2 wireless access and deep packet inspection (DPI) of encrypted and unencrypted traffic. These new access points can also be deployed securely without a SonicWall firewall and offer integrated security services, including the Capture Advanced Threat Protection (ATP) sandbox service and SonicWall Content Filtering Service.

New Cost-Effective Firewalls Consolidate Security, Networking, Performance 
IT managers need a solution that solves their security, connectivity and performance concerns in a small form factor appliance at a price point within their budget.

SonicWall’s new SOHO 250 and TZ350 series firewalls provide a unified security solution at a low total cost of ownership. Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industry-validated high security effectiveness to protect data and connected devices, including IoT.

The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities.

SonicWall Secure SD-WAN technology reduces costs by replacing expensive MPLS technology with lower-cost internet access. Deploying SOHO 250 and TZ350 firewalls is greatly simplified with SonicWall Zero-Touch Deployment, a key component of SonicWall’s cloud-based Capture Security Center.

Secure Business-critical Cloud Applications, Migration 
Cloud applications are vital to organizations’ production, sales and communications, and are increasingly the target of attacks. To thwart never-before-seen malware variants, targeted phishing attacks, account takeover due to compromised credentials and cloud data loss, SonicWall Cloud App Security 2.0 provides real-time protection for business-critical SaaS apps, including Microsoft Office 365, G Suite, Box and Dropbox.

“When organizations move to the cloud or SaaS applications, their sensitive data moves into shared infrastructure and the traditional perimeter evaporates,” said Jeff Wilson, Senior Research Director, Cybersecurity Technology at IHS Markit. “Administrators need to have the same complete visibility and access control inside their networks and in the cloud, and they need to be able to control security and enforce strong threat and data loss protection with policies that keep risk and compliance in mind. Organizations should look for a Cloud Access Security Broker (CASB) solution that provides easy deployment, granular control and has zero impact on the user experience.”

To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology. The new features extend SonicWall real-time automated breach detection and prevention capabilities into sanctioned SaaS environments and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications.

Email is the most common threat vector and security controls must be adapted as organizations move to cloud email, such as Exchange Online with Office 365 or Gmail with G Suite. To combat advanced targeted phishing attacks, Cloud App Security 2.0 includes machine-learning anti-phishing capabilities that are trained to catch malicious emails missed by cloud email platforms.

Empowering Administrators with Advanced Endpoint Detection and Response 
Designed to increase administrators’ response time, visibility and insight into advanced threats, SonicWall Capture Client 2.0 gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities.

Administrators have the ability to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection.

External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s new Capture Client feature, Device Control, helps organizations reduce their attack surface by locking out unknown or suspicious devices.

Security policies can easily be created to whitelist clean devices, such as printers and removable storage, and narrow the threat plane. Unlike legacy antivirus (AV) solutions, systems no longer have to be taken offline to conduct forensic analysis and/or reimaging when mitigating malware or cleaning endpoints.

Employee behavior can prove challenging when building a sound cybersecurity defense. By using SonicWall Content Filtering Service capabilities, Capture Client blocks access to millions of known malicious domains, IP addresses and botnets to prevent infections caused by employee error or curiosity.

About SonicWall


XG Firewall v17.5 is now available, bringing new Synchronized Security features, options for education institutions and more of your top requested features.

As outlined in our 2019 Threat Report, the rise in targeted ransomware and other active adversary attacks makes rapid identification and response critical to contain these threats and prevent them from moving laterally across your network.

Lateral Movement Protection, a new Synchronized Security feature, builds on the success of Security Heartbeat™ in providing an automated response to the presence of a threat. It not only isolates the compromised system from accessing network resources at the firewall, but also now enlists the aid of all healthy endpoints on the network to synchronize a defense.

All healthy Sophos endpoints will isolate any compromised system, providing isolation at the endpoint level, and preventing any threat from moving laterally – even on the same broadcast domain or network segment.

We will be diving into this and other Synchronized Security features in more detail in the days ahead.

In addition to Lateral Movement Protection, there’s a variety of new features focused on protection, flexibility, networking and management. Watch this short overview of the release highights, review a summary below, or get the full list of What’s New in XG Firewall v17.5.

What’s new in XG Firewall v17.5

Here’s a quick overview of the key new features in v17.5:

  • Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
  • Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
  • Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
  • Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
  • IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
  • Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
  • VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
  • Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
  • Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.

In addition, coming in a following maintenance release we have:

  • Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
  • Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation), XG Firewall can now be updated via USB.

Sophos Central management of XG Firewall

With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start in early December.

You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall that will be introduced over time:

  • Secure access and management with single-sign-on through Sophos Central from anywhere.
  • Backup management and storage for your regularly scheduled firewall backups.
  • Firmware update management to make multiple firewall updates easy.
  • Light-touch deployment to enable easy remote setup of a new firewall.

We will announce the early access program for Central Management of XG Firewall on this blog, so stay tuned for more information on this in the days ahead.

Get it now!

The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through MySophos.

Watch this video for instructions on how to update your XG Firewall firmware.

Head on over to the XG Firewall Community Blog to get the full release notes.

Making the most of your new XG Firewall features

To help you make the most of all the new features in XG Firewall v17.5, please visit this Knowledgebase Article and the XG Firewall Customer Support Center.

Add Synchronized Security to your network

If you’re new to XG Firewall and want to see how it provides the world’s best visibility, protection and response, you can find out more on the XG Firewall pages on our website.

It’s super easy to deploy. In fact, you don’t even need to replace your existing firewall to get all the great benefits of Sophos Synchronized Security.

You can deploy XG Firewall inline with your existing firewall – it’s easy, risk-free, and brings tremendous visibility, protection and response benefits to your network. See how easy it is to add Synchronized Security to your network.

Is Cisco Systems a Buy?

Many investors like to buy and hold shares of companies that are leaders in their respective fields, generate a substantial amount of cash (preferably with a generous capital return program in place), and have reasonable long-term growth prospects.

I think Cisco Systems (NASDAQ:CSCO) easily fits that profile, and could be an attractive stock pick for investors who want such a company in their portfolios.

Clear dominance in networking

During Cisco’s fiscal year 2018 — which ended on July 28, 2018 — the company generated $28.27 billion in revenue from sales of network infrastructure products, rising about 2% from the $27.78 that it generated in the prior year.

Cisco’s large revenue from network infrastructure products is underpinned by significant market share in many types of infrastructure products. According to market researchers with IDC, Cisco led the Ethernet switch market, capturing 54.4% market share in the third quarter of 2018. In the router market, though its share wasn’t as high, Cisco also led at 39.4%.

Cisco’s market position in important network infrastructure products like Ethernet switches and routers is large, and helps the company generate massive amounts of revenue.

A cash-generation machine

Cisco also generates a significant amount of cash — and, perhaps unsurprisingly, gives a lot of it back to shareholders:

CSCO Free Cash Flow (TTM) Chart


Over the last 12 months, Cisco has generated $13.47 billion in free cash flow, which works out to a little over $2.80 per share. The company doesn’t just let that cash pile up, though — it gives plenty of it back to stockholders.

Cisco currently offers a dividend of $1.32 per share (for a dividend yield of 2.79%), and has a solid track record of giving shareholders annual dividend raises. The company also has a robust share-repurchase program in place and, according to its most recent quarterly filings with the Securities and Exchange Commission, has about $14 billion remaining on that repurchase plan — good for nearly 6.6% of current shares outstanding as of this writing.

Cisco isn’t the hottest growth stock on the planet; it’s a large, mature, and highly profitable leader in its field. That doesn’t, however, mean that growth isn’t in the cards.

Analyst estimates call for Cisco to turn in 4.6% revenue growth in 2019, followed by 3.2% growth in 2020. That’s not an insane amount, but investors don’t seem to be expecting huge growth, as the stock trades at about 15.6 times analysts’ estimates for 2019 earnings per share and 14.3 times analysts’ 2020 EPS projections.

Cisco offers decent growth prospects at a relatively cheap valuation — a characteristic that may be appealing to more risk-averse investors.

A solid long-term choice

If you’re looking for a stock that’ll double your money in a year, I’d suggest steering clear of Cisco shares — the growth potential (like the corresponding risk profile) just isn’t suitable for you. However, if you’re looking for a best-in-breed technology company that has strong market share positions in its core markets, generates a significant amount of cash, and should deliver modest growth in the years ahead, Cisco might be worth your time.

10 stocks we like better than Cisco Systems
When investing geniuses David and Tom Gardner have a stock tip, it can pay to listen. After all, the newsletter they have run for over a decade, Motley Fool Stock Advisor, has quadrupled the market.*

David and Tom just revealed what they believe are the ten best stocks for investors to buy right now… and Cisco Systems wasn’t one of them! That’s right — they think these 10 stocks are even better buys.

Dell SonicWALL Next Generation Firewall

Bolster protection against the constantly changing threat environment

Dell SonicWALL high-performance firewall appliances seamlessly integrate intrusion prevention, malware protection, application intelligence, control and visualization, IPSec VPN, SSL VPN, wireless controllers and many other features to deliver comprehensive protection and maximum performance to address any size deployment from enterprise to SMB.

Dell® SonicWALL® provides intelligent network security and data protection solutions that enable customers and partners to dynamically secure, control, and scale their global networks.

Dell SonicWALL network security and data protection solutions, available for the SMB through the Enterprise, are deployed in large campus environments, distributed enterprise settings, government, retail point-of-sale and healthcare segments, as well as through service providers.


GajShield Next Generation Firewall ‘nu’ Series – GS15nu

GajShield Next Generation Firewall Appliance

Provides complete visibility into various threats and performance inhibitors allowing organization to make informed and proactive security measure. Threat Management incorporates an ICSA certified firewall, Application Filtering, BYOD Policy management, VPN, URL Filtering, Gateway Antivirus, Intrusion Prevention System and Performance Management has Traffic Analysis, Network behavior analysis, Policy based ISP Failover and Load Balancing as well as Bandwidth Management.

GajShield GS15nu is ideal for small organisations or branch offices and is based on the same technology and architecture as all of our next generation firewalls. The form factor is sized for desktop deployments. GS15nu firewall supports High Availability with Active-Active and Active-Passive HA. It can also be easily managed using GajShield’s Centralised Firewall Management System.

GajShield GS15nu enables you to provide context based firewall security with application visibility and control. GS15nu is ICSA Labs certified and provides state of the art security for small enterprises too.



GajShield GS15nu Features

Technical Specification         

10/100/1000 Interfaces 4
Concurrent Sessions 2100000
New Sessions/Second 19000
Firewall Throughput 2.1 Gbps
VPN Throughput 275 Mbps
UTM Throughput 250 Mbps
Antivirus Throughput 380 Mbps
IPS Throughput 520 Mbps
VPN Tunnels 550
Configurable WAN / DMZ / LAN ports Yes
ICSALabs certified Yes
High Availability (HA) Active-Active, Active-Passive