Polls

Is there an unsecured wireless network near you?
 
SonicWall suggests people unplug their end-of-life gateways under 'active attack' by ransomware crims
Thursday, 15 July 2021 13:31

HTTP/2 200 date: Fri, 16 Jul 2021 14:00:22 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/5e3b42887de55c95121fd13d3d97af106450bb4e/javascript/_.js>; rel=preload; as=script;,/default/0cc922c7cb49cae9d575c0715e1a343954e8a091/scaffolding.css>; rel=preload; as=style;,/default/0cc922c7cb49cae9d575c0715e1a343954e8a091/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Fri, 16 Jul 2021 14:00:22 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 66fbc1a2aa2dfd52-SYD SonicWall suggests people unplug their end-of-life gateways under 'active attack' by ransomware crims • The Register

Redeploy in circular filing cabinet if you cannot patch


SonicWall has warned that its older Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) gateways are being attacked in the wild by crooks to spread ransomware – and as some of those devices are end-of-life, don't expect any patches to protect them.

In an emergency alert on Wednesday, the networking biz said miscreants are "actively targeting" the equipment to, as we understand it, steal credentials from them to compromise networks for "an imminent ransomware campaign."

The SRA 4600/1600 (which went end-of-life in 2019), the SRA 4200/1200 (2016), and SSL-VPN 200/2000/400 (2013-2014) running firmware version 8.x are too out of date for SonicWall to patch, so users are told to unplug the gear and reset any account passwords that share the same credentials as the details may have been stolen.

The SMA 400/200, which is just about still supported, can be updated to firmware versions 10.2.0.7-34 or 9.0.0.10, which are said to be safe from the attacks, though you should still reset any associated passwords that may have been stolen, and enable multi-factor authentication where you can.

The SMA 210/410/500v, which is still supported, should be upgraded to version 10.2.0.7-34sv or 9.0.0.10-28sv to mitigate the vulnerabilities, though we're told they are not under active attack.

"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall advised.

"If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation."

Funnily enough, for customers with gear that can't be fixed, SonicWall is offering "a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained." See the above advisory for details.

"SonicWall would like to thank Mandiant and their team of threat researchers for collaboration on this subject," it added. ®

Similar topics


Other stories you might like

A survey of nearly 32,000 developers has confirmed the dominance of JavaScript, showing a remarkable 91 per cent using GitHub, and growth in use of AWS despite the efforts of Microsoft and Google.

The survey was huge, with sections on 13 different programming languages, big data, databases, DevOps, developer demographics, microservices, collaborating tools, testing, and more.

JavaScript topped the language popularity charts, with 69 per cent usage, or 39 per cent when developers were asked to specify their "primary programming language."

Continue readingBritney fan businessman accidentally buys 10,000 Celtic nationalist T-shirts Surplus stock specialist finds out the hard way how that kind of thing can happen

A UK businessman hoping to create merchandise to sell to fans of singer Britney Spears has found himself instead lumbered with 10,000 misspelled T-shirts advertising a nationalist breakaway for a region of northern France.

Karl Baxter, managing director of Wholesale Clearance UK Ltd – a company based in Poole, Dorset, specialising in "bankrupt and surplus stock, as well as end of line clearances to individuals and companies of all sizes" – had hoped to capitalise on the #FreeBritney movement and sell shirts to fans campaigning to end the 'Oops!... I Did It Again' star's controversial conservatorship.

Continue readingGoogle demonstrates impractical improvement in quantum error correction – but it does work Scale would need to be cranked way up to have an impact, however

Google has demonstrated a significant step forward in the error correction in quantum computing – although the method described in a paper this week remains some way off a practical application.

In December 2019, Google claimed quantum supremacy when its 54-qubits processor Sycamore completed a task in 200 seconds that the search giant said would take a classical computer 10,000 years to finish. The claim was then hotly contested by IBM, but that is another story.

Continue readingTeen turned away from roller rink after AI wrongly identifies her as banned troublemaker Software claimed it was 97% sure

A Black teenager in the US was barred from entering a roller rink after a facial-recognition system wrongly identified her as a person who had been previously banned for starting a fight there.

Lamya Robinson, 14, had been dropped off by her parents at Riverside Arena, an indoor rollerskating space in Livonia, Michigan, at the weekend to spend time with her pals. Facial-recognition cameras installed inside the premises matched her face to a photo of somebody else apparently barred following a skirmish with other skaters.

Robinson was thus told to leave the premises by staff. She said the person in the image couldn’t possibly be her because she had never been to the skating rink before. Her parents, Juliea and Derrick, are now mulling whether it’s worth suing Riverside Arena or not.

Continue readingCyberlaw experts: Take back control. No, we're not talking about Brexit. It's Automated Lane Keeping Systems They're not self-driving cars, did you know that?

Comment The UK government said in April that "the first types of self-driving cars could be on UK roads this year" but this is not entirely accurate.

Firstly, the announcement refers not to self-driving vehicles, but vehicles fitted with automated lane-keeping systems (ALKS), and secondly, we already have technology similar to this driving on our roads. For example, Tesla’s Autopilot and Nissan’s ProPilot can drive in a single lane, however under the current law, drivers must keep their hands on the wheel and their eyes on the road.

The government’s announcement seemingly indicates the intention to allow drivers to take their eyes off the road, and for the driving assistance system to be responsible while the system is engaged. The change is proposed to be restricted to motorways and to speeds of 37mph (+- 60km/h). No doubt, manufacturers will be releasing new versions of vehicles fitted with ALKS in UK showrooms before the end of the year.

Continue readingBOFH: But soft! What light through yonder filing cabinet breaks? It is green, and BOFH is not the one. It's only a, er, miner problem...

Episode 12 "Everything's just so expensive!" the Boss says.

"Yeah, well, that's the way it goes - nothing's getting cheaper."

"But we're always being told computers are getting cheaper."

Continue readingThe lights go off, broadband drops out, the TV freezes … and nobody knows why (spooky music) It might be because technicians maintain an open-door policy

Something for the Weekend, Sir?Bzzz. The number of the incoming call is "Unknown". I reject it, obviously. While I am intrigued by the idea of receiving mystery calls from The Unknown, they are disappointing to answer.

Bzzz. This guy's insistent: it's the fourth time he's tried to call in the last minute. He must really want me to install that new kitchen / swimming pool / solar panels / conservatory / sheep farm / fibre broadband / large hadron collider.

Hang on. Fibre broadband… that rings a bell.

Continue readingXiaomi parties like a winner after coming second on world smartphone sales charts CEO predicts ‘many vicious and fierce battles coming, bulks R&D budget by 30 percent and hires 5,000 engineers to chase top slot

Analyst firm Canalys has, for the first time, found Chinese firm Xiaomi the world’s second-ranked smartphone vendor, as measured by unit shipments.

The firm stated that Xiaomi achieved the feat in Q2 2021, when it enjoyed 17 percent market share, behind Samsung’s 19 percent but ahead of Apple’s 14 points.

Canalys’ market share numbers are preliminary data: it is yet to offer its assessment of how many handsets shipped in the quarter, making it hard to assess if Xiaomi stood out in a competitive quarter or during a slower sales period.

Continue readingTry placing a pot plant directly above your CRT monitor – it really ties the desk together Actually, no. Don't do this

On Call The week is over once again. Celebrate with a watery On Call tale involving a cathode ray tube, a pot plant, and an absent-minded user.

Our hero, Regomised as "Sean", had taken his first steps into the glorious world of IT as a trainee support technician for a housing association at the impossibly young age of 18.

"One afternoon," he told us, "I got a call from an agitated lady in the same building complaining her monitor screen was all bendy."

Continue readingBuyer of $28m Blue Origin space ticket has a scheduling conflict – so this teen will go instead Bezos and his bro on rocket jaunt

A Dutch 18-year-old is set to be the youngest person to go into space after securing at the last minute a seat on Blue Origin’s first commercial spaceflight.

Oliver Daemen will ride atop the aerospace upstart's New Shepard rocket, which is expected to launch on July 20. And he’ll have Blue Origin supremo Jeff Bezos, Bezos’ younger brother Mark, and Wally Funk, a member of the Mercury 13 group, for company on the journey. If all goes well, the lad will be the youngest person to fly to space, and 82-years-old Funk will be the oldest.

"I am super excited to go into space," Daemen said in a video shared on Twitter. "I've been dreaming about this all my life. Now I'll become the youngest astronaut ever because I'm 18 years old."

Continue readingFancy a handheld Linux PC that runs Windows apps, sports a custom AMD Zen APU and a touch screen? Steam just announced one for gamers on the go, but it can also behave like any other PC

Gaming house Steam has just revealed a rather intriguing portable PC.

The "Steam Deck" boasts an AMD "accelerated processing unit" (APU) that incorporates four Zen cores that run at between 2.4GHz and 3.5GHz, plus an AMD RDNA 2 GPU and a substantial 16GB of RAM.

A dock - which will be sold separately - connecting via the device's sole USB-C port provides an RJ45 Ethernet socket, single USB-C and USB-A connectors, DisplayPort, and HDMI sockets to connect the machine to the wired world. Wi-Fi and Bluetooth handle the wireless side of things.

Continue reading

HTTP/2 200 date: Fri, 16 Jul 2021 14:00:22 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/5e3b42887de55c95121fd13d3d97af106450bb4e/javascript/_.js>; rel=preload; as=script;,/default/0cc922c7cb49cae9d575c0715e1a343954e8a091/scaffolding.css>; rel=preload; as=style;,/default/0cc922c7cb49cae9d575c0715e1a343954e8a091/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Fri, 16 Jul 2021 14:00:22 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 66fbc1a2aa2dfd52-SYD SonicWall suggests people unplug their end-of-life gateways under 'active attack' by ransomware crims • The Register

Redeploy in circular filing cabinet if you cannot patch


SonicWall has warned that its older Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) gateways are being attacked in the wild by crooks to spread ransomware – and as some of those devices are end-of-life, don't expect any patches to protect them.

In an emergency alert on Wednesday, the networking biz said miscreants are "actively targeting" the equipment to, as we understand it, steal credentials from them to compromise networks for "an imminent ransomware campaign."

The SRA 4600/1600 (which went end-of-life in 2019), the SRA 4200/1200 (2016), and SSL-VPN 200/2000/400 (2013-2014) running firmware version 8.x are too out of date for SonicWall to patch, so users are told to unplug the gear and reset any account passwords that share the same credentials as the details may have been stolen.

The SMA 400/200, which is just about still supported, can be updated to firmware versions 10.2.0.7-34 or 9.0.0.10, which are said to be safe from the attacks, though you should still reset any associated passwords that may have been stolen, and enable multi-factor authentication where you can.

The SMA 210/410/500v, which is still supported, should be upgraded to version 10.2.0.7-34sv or 9.0.0.10-28sv to mitigate the vulnerabilities, though we're told they are not under active attack.

"Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack," SonicWall advised.

"If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation."

Funnily enough, for customers with gear that can't be fixed, SonicWall is offering "a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained." See the above advisory for details.

"SonicWall would like to thank Mandiant and their team of threat researchers for collaboration on this subject," it added. ®

Similar topics


Other stories you might like

A survey of nearly 32,000 developers has confirmed the dominance of JavaScript, showing a remarkable 91 per cent using GitHub, and growth in use of AWS despite the efforts of Microsoft and Google.

The survey was huge, with sections on 13 different programming languages, big data, databases, DevOps, developer demographics, microservices, collaborating tools, testing, and more.

JavaScript topped the language popularity charts, with 69 per cent usage, or 39 per cent when developers were asked to specify their "primary programming language."

Continue readingBritney fan businessman accidentally buys 10,000 Celtic nationalist T-shirts Surplus stock specialist finds out the hard way how that kind of thing can happen

A UK businessman hoping to create merchandise to sell to fans of singer Britney Spears has found himself instead lumbered with 10,000 misspelled T-shirts advertising a nationalist breakaway for a region of northern France.

Karl Baxter, managing director of Wholesale Clearance UK Ltd – a company based in Poole, Dorset, specialising in "bankrupt and surplus stock, as well as end of line clearances to individuals and companies of all sizes" – had hoped to capitalise on the #FreeBritney movement and sell shirts to fans campaigning to end the 'Oops!... I Did It Again' star's controversial conservatorship.

Continue readingGoogle demonstrates impractical improvement in quantum error correction – but it does work Scale would need to be cranked way up to have an impact, however

Google has demonstrated a significant step forward in the error correction in quantum computing – although the method described in a paper this week remains some way off a practical application.

In December 2019, Google claimed quantum supremacy when its 54-qubits processor Sycamore completed a task in 200 seconds that the search giant said would take a classical computer 10,000 years to finish. The claim was then hotly contested by IBM, but that is another story.

Continue readingTeen turned away from roller rink after AI wrongly identifies her as banned troublemaker Software claimed it was 97% sure

A Black teenager in the US was barred from entering a roller rink after a facial-recognition system wrongly identified her as a person who had been previously banned for starting a fight there.

Lamya Robinson, 14, had been dropped off by her parents at Riverside Arena, an indoor rollerskating space in Livonia, Michigan, at the weekend to spend time with her pals. Facial-recognition cameras installed inside the premises matched her face to a photo of somebody else apparently barred following a skirmish with other skaters.

Robinson was thus told to leave the premises by staff. She said the person in the image couldn’t possibly be her because she had never been to the skating rink before. Her parents, Juliea and Derrick, are now mulling whether it’s worth suing Riverside Arena or not.

Continue readingCyberlaw experts: Take back control. No, we're not talking about Brexit. It's Automated Lane Keeping Systems They're not self-driving cars, did you know that?

Comment The UK government said in April that "the first types of self-driving cars could be on UK roads this year" but this is not entirely accurate.

Firstly, the announcement refers not to self-driving vehicles, but vehicles fitted with automated lane-keeping systems (ALKS), and secondly, we already have technology similar to this driving on our roads. For example, Tesla’s Autopilot and Nissan’s ProPilot can drive in a single lane, however under the current law, drivers must keep their hands on the wheel and their eyes on the road.

The government’s announcement seemingly indicates the intention to allow drivers to take their eyes off the road, and for the driving assistance system to be responsible while the system is engaged. The change is proposed to be restricted to motorways and to speeds of 37mph (+- 60km/h). No doubt, manufacturers will be releasing new versions of vehicles fitted with ALKS in UK showrooms before the end of the year.

Continue readingBOFH: But soft! What light through yonder filing cabinet breaks? It is green, and BOFH is not the one. It's only a, er, miner problem...

SonicWall suggests people unplug their end-of-life gateways under 'active attack' by ransomware crimsEpisode 12 "Everything's just so expensive!" the Boss says.

"Yeah, well, that's the way it goes - nothing's getting cheaper."

"But we're always being told computers are getting cheaper."

Continue readingThe lights go off, broadband drops out, the TV freezes … and nobody knows why (spooky music) It might be because technicians maintain an open-door policy

Something for the Weekend, Sir?Bzzz. The number of the incoming call is "Unknown". I reject it, obviously. While I am intrigued by the idea of receiving mystery calls from The Unknown, they are disappointing to answer.

Bzzz. This guy's insistent: it's the fourth time he's tried to call in the last minute. He must really want me to install that new kitchen / swimming pool / solar panels / conservatory / sheep farm / fibre broadband / large hadron collider.

Hang on. Fibre broadband… that rings a bell.

Continue readingXiaomi parties like a winner after coming second on world smartphone sales charts CEO predicts ‘many vicious and fierce battles coming, bulks R&D budget by 30 percent and hires 5,000 engineers to chase top slot

Analyst firm Canalys has, for the first time, found Chinese firm Xiaomi the world’s second-ranked smartphone vendor, as measured by unit shipments.

The firm stated that Xiaomi achieved the feat in Q2 2021, when it enjoyed 17 percent market share, behind Samsung’s 19 percent but ahead of Apple’s 14 points.

Canalys’ market share numbers are preliminary data: it is yet to offer its assessment of how many handsets shipped in the quarter, making it hard to assess if Xiaomi stood out in a competitive quarter or during a slower sales period.

Continue readingTry placing a pot plant directly above your CRT monitor – it really ties the desk together Actually, no. Don't do this

On Call The week is over once again. Celebrate with a watery On Call tale involving a cathode ray tube, a pot plant, and an absent-minded user.

Our hero, Regomised as "Sean", had taken his first steps into the glorious world of IT as a trainee support technician for a housing association at the impossibly young age of 18.

"One afternoon," he told us, "I got a call from an agitated lady in the same building complaining her monitor screen was all bendy."

Continue readingBuyer of $28m Blue Origin space ticket has a scheduling conflict – so this teen will go instead Bezos and his bro on rocket jaunt

A Dutch 18-year-old is set to be the youngest person to go into space after securing at the last minute a seat on Blue Origin’s first commercial spaceflight.

Oliver Daemen will ride atop the aerospace upstart's New Shepard rocket, which is expected to launch on July 20. And he’ll have Blue Origin supremo Jeff Bezos, Bezos’ younger brother Mark, and Wally Funk, a member of the Mercury 13 group, for company on the journey. If all goes well, the lad will be the youngest person to fly to space, and 82-years-old Funk will be the oldest.

"I am super excited to go into space," Daemen said in a video shared on Twitter. "I've been dreaming about this all my life. Now I'll become the youngest astronaut ever because I'm 18 years old."

Continue readingFancy a handheld Linux PC that runs Windows apps, sports a custom AMD Zen APU and a touch screen? Steam just announced one for gamers on the go, but it can also behave like any other PC

Gaming house Steam has just revealed a rather intriguing portable PC.

The "Steam Deck" boasts an AMD "accelerated processing unit" (APU) that incorporates four Zen cores that run at between 2.4GHz and 3.5GHz, plus an AMD RDNA 2 GPU and a substantial 16GB of RAM.

A dock - which will be sold separately - connecting via the device's sole USB-C port provides an RJ45 Ethernet socket, single USB-C and USB-A connectors, DisplayPort, and HDMI sockets to connect the machine to the wired world. Wi-Fi and Bluetooth handle the wireless side of things.

Continue reading

Source: https://bit.ly/36GvuUQ