governa, 4 months ago to random

Alert: Over 178,000 #SonicWall Firewalls Potentially Vulnerable to Exploits ⚠️ 🔥

https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html

BishopFox, 4 months ago to infosec

SonicWall next-gen firewall (NGFW) series 6 and 7 devices are affected by 2 DoS #vulnerabilities that can lead to remote code execution (RCE): #CVE-2022-22274 and CVE-2023-0656. Bishop Fox research revealed that these issues are fundamentally the same, but exploitable at different HTTP URI paths. Read more & download our test script at our blog.

https://bfx.social/47Hcdzj

#SonicWall #infosec #exploitdevelopment

video/mp4

bouncyhat, 6 months ago to ReverseEngineering

When we're doing vuln hunting on internet appliances, we often want a shell in order to figure out what's going on. For the F5 research we were lucky, you could just SSH into the box and immediately get access to relevant config files and binaries. Lots of other appliances don't like to give out that access, they might give some kind of restricted/custom shell, or maybe they just don't expose anything at all.

In order to get around this, we'll often grab VM images and then boot from a live cd / alternate linux install and mount the disks. More recent Sonicwall appliances prevent this behavior, however. Their disk partitions are all LUKS encrypted, which prevents nosey researchers like myself from being able to mount them via another OS that doesn't have the encryption keys.

What's interesting though, is that if you boot from the base image (as intended), it just works. GRUB does have a mechanism for embedding decryption keys into the boot process, but this often means just leaving the decryption key in the boot partition, which is pretty easy to grab. This is not what Sonicwall NSV appliances do.

I got to spend a fun week diving into how GRUB works in order to figure out just what on earth was happening here - feel free to read about it at https://www.praetorian.com/blog/sonicwall-custom-grub-luks-encryption/.

The TL;DR is that Sonicwall modified their GRUB bootloader to perform decryption key derivation based off of the partition metadata. This is very much NOT default GRUB behavior (as far as I'm aware), so someone at Sonicwall went out of their way to bake this into the bootloader. It was a fun RE experience though, definitely got to learn a lot!

#sonicwall #nsv #grub #reverseengineering

jgreig, 7 months ago to random

US Radiology is paying a $450,000 fine in an agreement with New York State's Attorney General after a 2021 ransomware attack caused in part by the company's failure to address a SonicWall vulnerability

#USradiology #NewYork #SonicWall

https://therecord.media/new-york-attorney-general-fines-radiology-firm-after-ransomware-attack

FoW, 7 months ago to infosec Korean

인프라 벤더에서 다시 독립성을 되찾아가는 정보보안 벤더들
그간 하드웨어 기반 벤더들이 정보보안 벤더를 서로 인수했고 시너지를 내보려 했지만 정보보안 벤더만 부숴지는 결과가 많았어요. 결국 다시 분리하는 수순 같아요.
소닉월이 델에서 분사한 이후로 다시 솔루션 체계를 갖추며 성장에 활기가 도나 봐요. 업계 탑 벤더 엔진을 적극 계약해서라도 충실하게 구색을 맞추는 모습이 인상깊네요.
카본블랙 또한 브로드컴에 인수되면서, 인수 전처럼 정보보안 본연에 집중할 수 있도록 승인 및 투자 받아 조직 확장 중이라고 합니다. 시만텍 케이스를 신경쓰나 싶습니다. 브로드컴 인수에 오히려 화색이 도네요.

#infosec #SonicWall #DellTechnologies #VMware #CarbonBlack #SentinelOne #Symantec

zorangrbic, 1 year ago (edited 1 year ago) to random

Fun.

#SonicWall #TZ270 with 2yr license just arrived. For the rest of the story, it's important to note that it's a new device with a price of 1.346eur. A bit less in US dollar.

And, what do you know: Even that doesn't save you from being exposed to a crappy onboarding procedure, a WRONG quick start guide and no hints in the support pages of what could be wrong.

Spent 3,5h trying to understand why the devices wizard (fire him!) didn't want to accept my license.

1/* ->