Skip to main content


Showing posts from July, 2015

Microsoft Security Bulletin Coverage (July 14, 2015)

As usual, Microsoft has released security advisories for Month of July, 2015. So, you have to check that your Security Devices are able to protect below CVE ID or not. If you are using Dell SonicWall Security Products and they are set to download patches automatically, then no need to worry because of SonicWall Security Team already released the patches to cover these vulnerabilities. If your devices are not auto-update, then patch them manually. Check below CVE ID for your reference and awareness, MS15-058  Vulnerabilities in SQL Server Could Allow Remote Code Execution CVE-2015-1761  SQL Server Elevation of Privilege Vulnerability There are no known exploits in the wild. CVE-2015-1762  SQL Server Remote Code Execution Vulnerability There are no known exploits in the wild. CVE-2015-1763  SQL Server Remote Code Execution Vulnerability There are no known exploits in the wild. MS15-065  Security Update for Internet Explorer  CVE-2015-1729  Internet Explorer Information Disc

Upatre.SMJ a Malware Hides in encrypted PNG Image

The Dell Sonicwall Threats Research team observed reports of a New Malware family named   GAV: Upatre.SMJ   actively spreading in the wild. This time attackers used a dropper to download the original Malware that hides in Image   (encrypted PNG) f iles to avoid detection by Firewalls. Infection Cycle: The Malware uses the following icon: Md5: 051e79a2d44a8dba92e98ae9c4be2399 - Major Executable Dropper: 88ff4cfd4154c9b112a963700dfcd560 - Image PNG file The Malware adds the following files to the system: Malware.exe %Temp%\tzojedox.exe %Temp%\TZ9D-23.txt Tzojedox.exe %Temp%\kiuwken.exe %Temp%\TZ9D-23.txt Kiuwken.exe C:\WINDOWS\enCSuFWrQQsXBxp.exe The Malware adds the following key to the Windows registry to ensure persistence upon reboot: Once the computer is compromised, the malware copies its own executable file to   Temp   folder. The file   tzojedox.exe   is dropped after malware launches on th

Adobe Flash Player Heap Zero-Day Vulnerability CVE-2015-3113

Adobe released a Security update for Adobe Flash Player on June 23, 2015 to cover a critical 0day Heap-based buffer overflow vulnerability. Dell SonicWALL has released the following signature to protect their customers at the same day: "1040 Malformed-File swf.MP.228" There was no further activities addressing this vulnerability has been observed as of today since the signature was deployed on Dell SonicWALL GRID system. However, exploiting this vulnerability could potentially allow an attacker to take control of the affected system, which include systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP. An update of the Adobe Flash Player application is suggested. The following are the list of affected software versions: Adobe Flash Player and earlier versions for Windows and Macintosh Adobe Flash Player Extended Support Release version and earlier 13.x versions for Windows and Macintosh Adobe Flash Player

Steps to configure Site to Site VPN between SonicWalls

Today, I'd like to share the steps to configure IPSec Site to Site VPN Tunnel with IKEv2 Mode between SonicWalls Please proceed below steps in Local and Remote site SonicWall Firewall to get your VPN Tunnel - Create Firewall Address Object and Assign them to the correct Zone Assignment - By default, VPN setting in SonicWall is disable. So, do not forget to Enable it. - Add VPN Policy with below details in correct. ( ၁။ Policy Type က Site to Site 1> Policy Type must be Site to Site 2> Authentication Method have to be IKE using Preshared Secret 3> Assign VPN name for ease of understanding. 4> IPSec Primary Gateway Name or Address must be the WAN IP Address of Remote Site Firewall 5> Key in complex and secure Shared Secret 6> Put correct Local and Peer (Remote) WAN IP Addresses as IKE ID for IKEv2 Mode in your two Firewalls 7> Local and Destination (Remote) Network Subnet should be correct in your Network Section of VPN Policy 8> Ensure Phase