The security flaw, which was issued CVE identifier CVE-2020-9054, can be exploited remotely, without authentication to execute arbitrary code on the affected devices.

Earlier this week, Zyxel published an advisory on the vulnerability, revealing that it impacted over a dozen NAS devices, including ten that were no longer supported. On Wednesday, the networking devices vendor updated the advisory to add a total of 23 UTM, ATP, and VPN firewalls to the list of vulnerable products. The flaw, it says, impacts firmware versions ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2.

So what can you do, well its just a matter of making sure you keep your firmware updated, which of course you do, don't you? Please follow the guideline below,

1. Ensure your devices are running the latest available firmware.
2. Don't enable remote access unless it's absolutely necessary.
3. Change the default password as soon as you log in to a new device for the first time.
4. Use strong, unique passwords for every device and change them regularly.

The list of impacted devices now includes the following firewalls: ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100.

You can also visit Security Advisories here: for more information.

Good Advice never gets old!

Most of us have had to deal with a computer virus or some sort of malware by now. It wasn’t fun; it was annoying, time-consuming, and very frustrating.

When our computers start slowing down or behaving in an unusual way, we are often quick to suspect that we have a virus. It might not be a virus, but it is likely that you have some sort of malware. Some are malicious, and others are just annoying. The worst culprits are the hijackers—malware programs that take over your browser, or worse yet, your computer. I have had to remove these types of evil programs from personal computers and work computers in the past, and I’m sure you have, too. Here are 10 tips on how to prevent malware from infecting your computer, keeping your hardware safe.

1. Install Anti-Virus/Malware Software.

   This tip may go without saying, and I almost just casually mentioned it in my opening paragraph. However, I have seen many computers—especially home computers—that don’t have anti-virus/malware protection. This protection is a must-have first step in keeping your computer virus free.

2. Keep Your Anti-Virus Software Up to Date.

   Having protection software is the first step; maintaining it is the second. Free anti-virus software is better than nothing, but keep in mind that it’s not the best solution. Microsoft does provide a security package for “free.” It’s free in that if you have Windows on your machine, you are granted access, but you did pay for your Windows license. Many users aren’t aware of this program, but it’s actually decent protection.

3. Run Regularly Scheduled Scans with Your Anti-Virus Software.

   This too may seem like a no-brainer, but many of us forget to do this. Set up your software of choice to run at regular intervals. Once a week is preferred, but do not wait much longer between scans. It’s difficult to work on your computer while your anti-virus software is running. One solution is to run the software at night when you aren’t using your computer. However, we often turn off our computers at night, and so the scan never runs. Set your anti-virus software to run on a specific night, and always leave your computer running on that day. Make sure it doesn’t shut off automatically or go into hibernation mode.

4. Keep Your Operating System Current.

   Whether you are running Windows, Mac OS X, Linux, or any other OS, keep it up to date. OS developers are always issuing security patches that fix and plug security leaks. These patches will help to keep your system secure. Similarly, keep your anti-virus software up to date. Viruses and malware are created all the time. Your scanning software is only as good as its database. It too must be as up to date as possible.

5. Secure Your Network.

   Many of our computers connect to our files, printers, or the Internet via a Wi-Fi connection. Make sure it requires a password to access it and that the password is strong. Never broadcast an open Wi-Fi connection. Use WPA or WPA2 encryption. WEP is no longer strong enough as it can be bypassed in minutes by experts. It’s also a great idea to not broadcast your SSID (the name of your Wi-Fi network). You can still access it with your device, you will just have to manually type in the SSID and the password. If you frequently have guests who use your Internet, provide a guest SSID that uses a different password, just in case your friends are evil hackers.

6. Think Before You Click.

   Avoid websites that provide pirated material. Do not open an email attachment from somebody or a company that you do not know. Do not click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it. Good anti-virus software will do that automatically, but make sure it is being done.

7. Keep Your Personal Information Safe.

   This is likely the most difficult thing to do on the Internet. Many hackers will access your files not by brute force, but through social engineering. They will get enough of your information to gain access to your online accounts and will glean more of your personal data. They will continue from account to account until they have enough of your info that they can access your banking data or just steal your identity altogether. Be cautious on message boards and social media. Lockdown all of your privacy settings, and avoid using your real name or identity on discussion boards.

8. Don’t Use Open Wi-Fi.

   When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi. Think about it. If you can access it with no issues, what can a trained malicious individual do?

9. Back Up Your Files.

   The best thing you can do is back up your files—all of them. Ideally, you will have your files (your data) in at least three places: the place where you work on them, on a separate storage device, and off-site. Keep your files on your computer, back them up to an external hard drive, then back them up in a different location. You can use a backup service or simply get two external hard drives and keep one at work, at a friend’s house, at a family member’s house, or in a safe deposit box.

10. Use Multiple Strong Passwords.

    Never use the same password, especially on the sensitive accounts. Typically, we use the same email address or username for all of our accounts. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Keep it easy to remember but difficult to guess. Do not use dates or pet names.

Source

https://www.autodesk.com/redshift/10-tips-on-how-to-prevent-malware-from-infecting-your-computer/

Windows Sandbox (Windows 10 version 1903)

One of the more interesting features of Windows 10 version 1903, otherwise known as the May 2019 Update, is the Windows Sandbox. The Windows Sandbox is a Windows 10 virtual machine that can be quickly launched so you can test downloaded programs, browsers extensions, and suspect sites without risk of infecting your normal Windows operating system.

For those who are security conscious and do not want to deal with installing a dedicated virtual machine program like VirtualBox, Hyper-V, or VMWare, you can instead install Windows Sandbox for a very basic Windows 10 virtual machine.

Installing the Windows Sandbox

Before you can install the Windows Sandbox, you first need to make sure your computer meets certain requirements. These are:

• Windows 10 Pro or Enterprise build 1903 or later.
• AMD64 architecture
• Virtualization capabilities enabled in BIOS
• At least 4GB of RAM (8GB recommended)
• At least 1 GB of free disk space (SSD recommended)
• At least 2 CPU cores (4 cores with hyper-threading recommended

To install Windows Sandbox, simply follow these steps:

1. Make sure you are using Windows 10 Pro or Enterprise running version 1903 or later.
2. Make sure CPU's virtualization is enabled in the computer's BIOS.
3. Click the Start button and search for Windows Features. When it appears in the search results, click on the Turn Windows features on or off control panel result.
4. Open Windows Features Control Panel When the Windows Features control panel opens, scroll down and put a check in the box next to Windows Sandbox and then press the OK button.
5. After it has finished installing, Windows may ask you to reboot. Please allow it to do so.

The Windows Sandbox is now installed.

Using the Windows Sandbox

To use the Windows Sandbox, click on the Start button and search for Windows Sandbox. When it appears in the search results, click on it to launch the program.

When the Windows Sandbox loads for the first time, it may take a bit longer than normal as it generates the Windows 10 image it will use for the virtual machine. Once loaded, you will be presented with a Window that contains a fully functional base Windows 10 installation.

With the Windows Sandbox running, you can easily transfer files that you want to be tested or copy text to and from its clipboard. To transfer a file from your main Windows operating system (the Host), simply right-click on a file you want to transfer and select Copy and Copy file on the Host

Now, go in the Windows Sandbox (the Guest) and right-click on the desktop and click on Paste to transfer the file from your Host.

Transferring text between the Host machine and the Guest sandbox is easy as well, just copy text into the clipboard from either the main OS or the Sandbox and paste it into the other.

As an example of how the Windows Sandbox could be used, I just visited a site that stated I needed an Adobe Flash Player update. It looked a little fishy, so instead of running it on my main machine, I can fire up the Windows Sandbox and transfer the file there to test it.

The good news is that anything you try out in the Windows Sandbox has no effect on your normal computer. So you can just try any program you download, malware or otherwise, or visit a web site and close the Sandbox when done with nothing to fear.

The next time you start it again, the Sandbox will be reset back to its default state so you can test more programs.

Sources

https://www.bleepingcomputer.com/news/microsoft/using-the-windows-sandbox-to-stay-safe-online/

Megacortex (Ransomware)

Sophos has discovered a scary new strain of very sophisticated ransomware called MegaCortex. It was purpose-built to target corporate networks, and once penetrated, the attackers infect your entire network by rolling out the ransomware to all servers and workstations, using your own Windows domain controllers.

Sophos has detected infections in the United States, Italy, Canada, France, the Netherlands, and Ireland.

This is a fairly new strain, so not all that much is known yet about how the encryption works, how they are getting in, or if ransom payments are being honoured.

How To Block Megacortex Infections

Have weapons-grade backups, off-site, not made accessible to ransomware which often targets all the backups it can see.

Make sure that your network does not make any RDP Services publicly accessible via the Internet. Put any machine that runs RDP behind a firewall and make sure it's only accessible via a VPN.

While this ransomware is not being spread via spam, it is possible that it is being installed by Trojans that are coming in through email.

That's why it is important that you train your users to identify phishing attacks and not fall for social engineering attacks, tricking them into opening malicious attachments they did not ask for.

New-school security awareness training for your whole organization is as important as ever.

MegaCortex Uses Your Own Windows Domain Controllers

It is not 100% clear yet how the bad guys are gaining access to your network, but victims have reported to Sophos that the attacks originate from a compromised domain controller. On the DC, Cobolt Strike is being dropped and executed to create a reverse shell back to an attacker's host.

Using that shell, the attackers take over your DC and configure it to distribute a copy of PsExec, the main malware executable, and a batch file to all of the computers on the network. It then executes the batch file remotely via PsExec. The batch files seen by Sophos will terminate 44 different processes, stop 199 Windows services, and disable 194 services.

Secondary Payloads Present

In addition to the MegaCortex Ransomware payload, Sophos has found what they call "secondary main components" on the computer. Hashes of some of these payloads are listed at the end of Sophos' report.

Security researcher Vitali Kremez examined some of these secondary payloads and in a conversation with BleepingComputer explained that these files are Rietspoof.

Rietspoof is a multi-stage delivery system that is used to drop multiple malware payloads on a computer. Because of that, it's not known yet if this is the malware dropping MegaCortex or if it is being installed as a secondary payload along with it.

Systems Affected / Targeted

1. Windows RDP Service
2. Windows Server / DC Controllers

Sources

https://blog.knowbe4.com/heads-up-scary-new-megacortex-ransomware-strain-discovered-that-targets-your-business-network

05.14.19 | The messaging platform WhatsApp is well known for its end-to-end encryption, but recent news calls its security into question. The NSO Group, an Israeli spy firm, injected malware onto targeted phones in order to steal data by simply placing a phone call. The targets didn't even need to pick up, and there was often no trace in the call log. It seems the group targeted only a few high-profile activists, so you're probably safe, but you should download the latest update, just in case.

Know if your WhatsApp account is hacked and used by others and how to secure WhatsApp from attack.

A rogue user can access the chat even with locked WhatsApp account. They will target the WhatsApp Chat log, images, videos and other media in the File Manager they can send the files to there device or they can use auto-backup apps like Backup Text for WhatsApp and directly email all your WhatsApp conversations in plain text.

This is a very serious type of threat and many people don’t know it.

The moment you suspect unusual activity in your WhatsApp account, then it is no doubt someone is poking their nose in your WhatsApp chats and conversations.

If they are using WhatsApp web, then you can confirm this by:

1. Open Whatsapp on your phone,
2. Tap on the 3 vertical dots on the top right
3. Then tap on WhatsApp web, a new window will open,
4. Here see the list of last used clients, if you don’t recognize it, then chances are someone is hacking into your conversations and WhatsApp activities on your phone.

To Stop this

To stop this even if you're not sure just tap on each computer/devices in the list and Log out the device, do this for all listed. This will stop the hacker from accessing your activities, this should be a caution for you to always check this in case you see any devices your not familiar with so you can remove them.

Know if WhatsApp is Open on Another Device | 2nd Way

Another way in which persons can spy WhatsApp is activating the account in another device. Basically, they register your WhatsApp number in another mobile and during their configuration, they recover all your chats or conversations saved in the application. Anyone can do this by taking your cell phone, to receive the verification code that WhatsApp sends.

If such a thing is done then on your phone then you will be greeted with the message “This phone could not be verified” because the number is registered on another device.

*WhatsApp should not work on two phones at the same time but hackers can get hold of all chats like personal data if register it on another device.

You can re-verify your number to regain the account access.

Enable WhatsApp Two Factor Authentication and Protect Your Account from getting Activated on other Device

To Protect Your WhatsApp Account from getting Activated on other Device WhatsApp introduced two-factor authentication. When you have two-step verification enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit PIN that you created using this feature. To enable two-step verification, open:

WhatsApp > Settings > Account > Two-step verification > Enable.

When this is enabled, you can enter the email address that will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit PIN.

Block Installation From Unknown Sources

Allowing installation of apps on your phone from unknown sources leaves your phone vulnerable for hacking in case someone gets access to your phone. It is very helpful to block access to the 'file manager' on your phone.

Also, you should lock the play store and settings to stop installation from unknown sources. Always install apps from Google play store. Please check developer details, ratings, reviews of any app before install on your phone.

Sources

Various: seems that while this is well publicised most articles on this subject seem to be badly copy pasted with little or no due diligence, I tidy up and verified what I can, if I find I good article on the subject I post the source here.

https://www.wired.com/story/whatsapp-hack-intel-vulnerability-todays-news/

Virus and Malware removal and prevention that we use and why
This is what we use in on a day to day bases, I make no claim as to if this is the best or not, we find this works 99% of the time for us.

Some background on the various tools.

1. Microsoft Security Essentials, this we have found to be almost unparalleled in finding those hard to find rootkits and malware that embed themselves deeply in the OS, make sense really after all Microsoft made the OS.
2. G-Date, ok let’s be honest not the first choice for ease of use at the business end, and takes a fair amount of resources, however, if you’re willing to put some effort in configuring and have a reasonable machine this is the best first-line defence we have come across, it’s a bit flaky with it AV updates and always has been so you need to make sure that both databases are updated without any issues.
3. Hitman Pro, we can’t take credit for this a client came in with some issues and did a song and dance about Hitman Pro as a second defence, so we gave it a try and was, to say the least impressed it is now part of our AV arsenal.
4. ClamWin has been around for some time it's very good as an offline/call on-demand scanner nice to have a second opinion.
5. Microsoft Safety Scanner, this is quite new to us and still very much in a test but so far all results indicate that this will join our AV arsenal.
6. Panda seems to be very good at spotting and removing malware generally and good as the second option to MSS above.

For SMB prevention we use:

• Microsoft Security Essentials
• G-Data for single-user ‘total care’ for network ‘G-Data Business suit’
• Hitman Pro

For Enterprise prevention we use:

• Microsoft Security Essentials
• Symantec or Sophos Enterprise  
• Webroot

For removal and checking we use:

• Microsoft Safety Scanner
• Hitman Pro
• Microsoft Security Essentials
• Clamwin
• Panda
• Webroot

There is plenty of information about all these products on their related sites I see no reason to duplicate the information here, so please do your due diligence and if you come across any good tools please let us know, we will test and if they make the grade we will add them here and to our AV arsenal.

If you want to know who is considered the best in the enterprise field look at the latest Gartner report: Magic Quadrant for Endpoint Protection Platforms.

It's easy to scaremonger however given today's hostile internet and lack of understanding of modern digital threats coupled with poor user practices, these treats are very real so the solutions should be too.

Passwords provide the first line of defence against unauthorised access to your organization.

It is now more common each and every day to hear reports of website breaches and leaks of customer data, often attacked are indirect crack a weaker system to get into another normally more secure subsystem, the role that passwords play in securing an organization's network both internal and external is often underestimated and overlooked.

Convenience as the Enemy of Security
Even with a complex, easy to remember the passphrase, we sometimes get tired of typing it in. Especially for accounts, we need to access regularly. In these cases, many people will opt to allow their browser to save their passwords for specific websites.

The problem with this is two-fold.
Firstly, if someone is able to open your browser, revealing all of your saved passwords takes only three mouse clicks. If you are using some browsers, which sync your account information across all devices you use, (including auto-filling your passwords…) then gaining access to your browser on one system could potentially give someone access to ALL devices you have synced to that account.

Secondly, we are also faced with the dilemma that we need to use passwords in so many different places, that most people end up using the same password for multiple accounts. So even if you only allow the browser to store one of your passwords, chances are pretty good that you’ve used the same password for at least three other accounts.

Try to
Use a different password for each of your important accounts, like your email, SQL database, Root, administrator passwords and so on, even the ones for your online banking accounts. Re-using passwords is risky. If someone figures out your password for one account, that person could potentially gain access to your email systems, admin accounts and much more.

Weak passwords provide attackers with easy access to your computers and network, while strong passwords are considerably harder to crack, even with the password-cracking software that is available today. Password-cracking tools continue to improve, and the computers that are used to crack passwords are more powerful than ever. 

Common methods of password cracking