CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers

Note: Content from this post first appeared in r/CrowdStrike

We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX.

On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. 

The CrowdStrike Falcon® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike® Falcon OverWatch™ helps customers stay vigilant against hands-on-keyboard activity.

CrowdStrike customers can log into the customer support portal and follow the latest updates in Trending Threats & Vulnerabilities: Intrusion Campaign Targeting 3CX Customers

The 3CXDesktopApp is available for Windows, macOS, Linux and mobile. At this time, activity has been observed on both Windows and macOS.

CrowdStrike Intelligence has assessed there is suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA. CrowdStrike Intelligence customers received an alert this morning on this active intrusion. 

Get fast and easy protection with built-in threat intelligence — request a free trial of CrowdStrike Falcon® Pro today

CrowdStrike Falcon Detection and Protection

The CrowdStrike Falcon platform protects customers from this attack and has coverage utilizing behavior-based indicators of attack (IOAs) and indicators of compromise (IOCs) based detections targeting malicious behaviors associated with 3CX on both macOS and Windows. 

Customers should ensure that prevention policies are properly configured with Suspicious Processes enabled.

Figure 1. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in macOS (click to enlarge)

Figure 2. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in Windows (click to enlarge)

Hunting in the CrowdStrike Falcon Platform

Falcon Discover

CrowdStrike Falcon® Discover customers can use the following link: US-1 | US-2 | EU | Gov to look for the presence of 3CXDesktopApp in their environment.

Falcon Insight customers can assess if the 3CXDesktopApp is running in their environment with the following query:

Event Search — Application Search

event_simpleName IN (PeVersionInfo, ProcessRollup2) FileName IN ("3CXDesktopApp.exe", "3CX Desktop App")
| stats dc(aid) as endpointCount by event_platform, FileName, SHA256HashData

Falcon Long Term Repository — Application Search

#event_simpleName=/^(PeVersionInfo|ProcessRollup2)$/ AND (event_platform=Win ImageFileName=/\\3CXDesktopApp\.exe$/i) OR (event_platform=Mac ImageFileName=/\/3CX\sDesktop\sApp/i)
| ImageFileName = /.+(\\|\/)(?.+)$/i
| groupBy([event_platform, FileName, SHA256HashData], function=count(aid, distinct=true, as=endpointCount))

Atomic Indicators

The following domains have been observed beaconing, which should be considered an indication of malicious intent.

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

CrowdStrike Falcon® Insight customers, regardless of retention period, can search for the presence of these domains in their environment spanning back one year using Indicator Graph: US-1 | US-2 | EU | Gov.

Event Search — Domain Search

event_simpleName=DnsRequest DomainName IN (akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com)
| stats dc(aid) as endpointCount, earliest(ContextTimeStamp_decimal) as firstSeen, latest(ContextTimeStamp_decimal) as lastSeen by DomainName
| convert ctime(firstSeen) ctime(lastSeen)

Falcon LTR — Domain Search

#event_simpleName=DnsRequest
| in(DomainName, values=[akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com])
| groupBy([DomainName], function=([count(aid, distinct=true, as=endpointCount), min(ContextTimeStamp, as=firstSeen), max(ContextTimeStamp, as=lastSeen)]))
| firstSeen := firstSeen * 1000 | formatTime(format="%F %T.%L", field=firstSeen, as="firstSeen")
| lastSeen := lastSeen * 1000 | formatTime(format="%F %T.%L", field=lastSeen, as="lastSeen")
| sort(endpointCount, order=desc)

File Details

SHA256Operating SystemInstaller SHA256FileName
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0accWindowsaa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d8683cxdesktopapp-18.12.407.msi
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405Windows59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c09833cxdesktopapp-18.12.416.msi
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61macOS5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed3142903CXDesktopApp-18.11.1213.dmg
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadbmacOSe6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec3cxdesktopapp-latest.dmg

Recommendations 

The current recommendation for all CrowdStrike customers is:

  1. Locate the presence of 3CXDesktopApp software in your environment by using the queries outlined above.
  2. Ensure Falcon is deployed to applicable systems. 
  3. Ensure “Suspicious Processes” is enabled in applicable Prevention Policies.
  4. Hunt for historical presence of atomic indicators in third-party tooling (if available).

Additional Resources

Source :
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

Is Once-Yearly Pen Testing Enough for Your Organization?

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization’s reputation and bottom line.

There are two main reasons why regular pen testing is necessary for secure web application development:

  • Security: Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could be exploited by hackers and allows you to fix them before they can do any damage.
  • Compliance: Depending on your industry and the type of data you handle, you may be required to comply with certain security standards (e.g., PCI DSS, NIST, HIPAA). Regular pen testing can help you verify that your web applications meet these standards and avoid penalties for non-compliance.

How Often Should You Pentest?#

Many organizations, big and small, have once a year pen testing cycle. But what’s the best frequency for pen testing? Is once a year enough, or do you need to be more frequent?

The answer depends on several factors, including the type of development cycle you have, the criticality of your web applications, and the industry you’re in.

You may need more frequent pen testing if:

You Have an Agile or Continuous Release Cycle#

Agile development cycles are characterized by short release cycles and rapid iterations. This can make it difficult to keep track of changes made to the codebase and makes it more likely that security vulnerabilities will be introduced.

If you’re only testing once a year, there’s a good chance that vulnerabilities will go undetected for long periods of time. This could leave your organization open to attack.

To mitigate this risk, pen testing cycles should align with the organization’s development cycle. For static web applications, testing every 4-6 months should be sufficient. But for web applications that are updated frequently, you may need to test more often, such as monthly or even weekly.

Your Web Applications Are Business-Critical#

Any system that is essential to your organization’s operations should be given extra attention when it comes to security. This is because a breach of these systems could have a devastating impact on your business. If your organization relies heavily on its web applications to do business, any downtime could result in significant financial losses.

For example, imagine that your organization’s e-commerce site went down for an hour due to a DDoS attack. Not only would you lose out on potential sales, but you would also have to deal with the cost of the attack and the negative publicity.

To avoid this scenario, it’s important to ensure that your web applications are always available and secure.

Non-critical web applications can usually get away with being tested once a year, but business-critical web applications should be tested more frequently to ensure they are not at risk of a major outage or data loss.

Your Web Applications Are Customer-Facing#

If all your web applications are internal, you may be able to get away with pen testing less frequently. However, if your web applications are accessible to the public, you must be extra diligent in your security efforts.

Web applications accessible to external traffic are more likely to be targeted by attackers. This is because there is a greater pool of attack vectors and more potential entry points for an attacker to exploit.

Customer-facing web applications also tend to have more users, which means that any security vulnerabilities will be exploited more quickly. For example, a cross-site scripting (XSS) vulnerability in an external web application with millions of users could be exploited within hours of being discovered.

To protect against these threats, it’s important to pen test customer-facing web applications more frequently than internal ones. Depending on the size and complexity of the application, you may need to pen test every month or even every week.

You Are in a High-Risk Industry#

Certain industries are more likely to be targeted by hackers due to the sensitive nature of their data. Healthcare organizations, for example, are often targeted because of the protected health information (PHI) they hold.

If your organization is in a high-risk industry, you should consider conducting pen testing more frequently to ensure that your systems are secure and meet regulatory compliance. This will help protect your data and reduce the chances of a costly security incident.

You Don’t Have Internal Security Operations or a Pen testing Team#

This might sound counterintuitive, but if you don’t have an internal security team, you may need to conduct pen testing more frequently.

Organizations that don’t have dedicated security staff are more likely to be vulnerable to attacks.

Without an internal security team, you will need to rely on external pen testers to assess your organization’s security posture.

Depending on the size and complexity of your organization, you may need to pen test every month or even every week.

You Are Focused on Mergers or Acquisitions#

During a merger or acquisition, there is often a lot of confusion and chaos. This can make it difficult to keep track of all the systems and data that need to be secured. As a result, it’s important to conduct pen testing more frequently during these times to ensure that all systems are secure.

M&A also means that you are adding new web applications to your organization’s infrastructure. These new applications may have unknown security vulnerabilities that could put your entire organization at risk.

In 2016, Marriott acquired Starwood without being aware that hackers had exploited a flaw in Starwood’s reservation system two years earlier. Over 500 million customer records were compromised. This placed Marriott in hot water with the British watchdog ICO, resulting in 18.4 million pounds in fines in the UK. According to Bloomberg, there is more trouble ahead, as the hotel giant could “face up to $1 billion in regulatory fines and litigation costs.”

To protect against these threats, it’s important to conduct pen testing before and after an acquisition. This will help you identify potential security issues so they can be fixed before the transition is complete.

The Importance of Continuous Pen Testing#

While periodic pen testing is important, it is no longer enough in today’s world. As businesses rely more on their web applications, continuous pen testing becomes increasingly important.

There are two main types of pen testing: time-boxed and continuous.

Traditional pen testing is done on a set schedule, such as once a year. This type of pen testing is no longer enough in today’s world, as businesses rely more on their web applications.

Continuous pen testing is the process of continuously scanning your systems for vulnerabilities. This allows you to identify and fix vulnerabilities before they can be exploited by attackers. Continuous pen testing allows you to find and fix security issues as they happen instead of waiting for a periodic assessment.

Continuous pen testing is especially important for organizations that have an agile development cycle. Since new code is deployed frequently, there is a greater chance for security vulnerabilities to be introduced.

Pen testing as a service models is where continuous pen testing shine. Outpost24’s PTaaS (Penetration-Testing-as-a-Service) platform enables businesses to conduct continuous pen testing with ease. The Outpost24 platform is always up-to-date with an organization’s latest security threats and vulnerabilities, so you can be confident that your web applications are secure.

  • Manual and automated pen testing: Outpost24’s PTaaS platform combines manual and automated pen testing to give you the best of both worlds. This means you can find and fix vulnerabilities faster while still getting the benefits of expert analysis.
  • Provides comprehensive coverage: Outpost24’s platform covers all OWASP Top 10 vulnerabilities and more. This means that you can be confident that your web applications are secure against the latest threats.
  • Is cost-effective: With Outpost24, you only pay for the services you need. This makes it more affordable to conduct continuous pen testing, even for small businesses.

The Bottom Line#

Regular pen testing is essential for secure web application development. Depending on your organization’s size, industry, and development cycle, you may need to revise your pen testing schedule.

Once-a-year pen testing cycle may be enough for some organizations, but for most, it is not. For business-critical, customer-facing, or high-traffic web applications, you should consider continuous pen testing.

Outpost24’s PTaaS platform makes it easy and cost-effective to conduct continuous pen testing. Contact us today to learn more about our platform and how we can help you secure your web applications.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Source :
https://thehackernews.com/2023/01/is-once-yearly-pen-testing-enough-for.html

The best productivity apps in 2023

The premise of this article’s headline is nonsense, sure, but it isn’t clickbait—I promise. 

You’re almost certainly here because you searched for “best productivity apps.” I understand that impulse. You want to get more done in less time, which is about as universal a feeling as humans can have at work. The problem: productivity is deeply personal, and the words “productivity tools” mean a lot of different things to different people. What works for you may or may not work for me, which is why—after over a decade of writing about productivity software—I don’t really believe there are objectively “best” productivity apps. 

5 things you should automate today

Start automating

I do, however, think there are categories of tools that can help you become a better version of yourself. Some of them work better for more people than others, and not everyone needs an app from every category. Knowing what kinds of apps exist, and what you should look for in an app, is more important than knowing what the “best” app in that category is. 

Having said that, you’re here for software recommendations, not my personal reflections on the nature of productivity. So I’m going to go over the main kinds of productivity apps I think most humans who use electronic devices at work should know about. I’ll explain why I think each category is important, point to an app or two that I think will work well for most people, then offer links to other options if you want to learn more. 

Just remember: the specific app doesn’t matter. The best productivity app is the one that works best for you. The most important thing is having a system. Sound good? Let’s jump in. 

How we evaluate and test apps

All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.


A to-do list like Todoist

We all have things we need to do—at work and in the rest of our lives. The worst place you could store those things, in my opinion, is in your mind. It’s just stressful: you’ll remember, at random moments, that there’s something you were supposed to be doing, and that memory will result in panic. Writing down everything you need to do allows you to make a plan, and (crucially) means you don’t have to panic. 

Not everyone benefits from a dedicated to-do list app—some of the most productive people I know prefer sticky notesemail inboxes, or even spreadsheets. I think that’s great, so long as you have some place to record the things you need to do. 

Todoist, our pick for the best to-do list app for balancing power and simplicity

I think that Todoist, shown above, is a great to-do list app for most people. It’s easy to use but also offers a lot of features. It can also be installed on basically any device you can imagine, meaning your to-do list is always available. It allows you to assign due dates to tasks, sort tasks by project, or even view a project using a Kanban board. You don’t have to worry about those features if you don’t want to, though, which is why I think it’s a great starting point for someone who needs a to-do list. 

If Todoist doesn’t work for you, though, check out our list of the best to-do list apps—it’s got a wide variety of recommendations. I, personally, use TickTick because I like how easy it is to add tasks, and I also can’t stop saying good things about Things for sheer simplicity on Apple devices. Find a tool you like—and that you remember to actually open. There’s nothing less useful than an app full of tasks you never look at. 

Once you’ve picked your to-do list app, make the most of it with automation, so you can easily add tasks that come in by email, team chat apps, project management tools, or notes. Read more about automating your to-do list.

A calendar like Google Calendar

There are only so many hours in the day, unfortunately, which means you have to budget them. A calendar is how you do that. You could use a paper wall calendar, sure, but a calendar app lets you invite other people to an event. Also, in a world where so many meetings are virtual, calendar apps give you a useful place to store the link to your Zoom call. 

Google Calendar, our pick for the best free calendar app

I think that Google Calendar, shown above, is the right calendar app for most people—particularly people who already use Gmail. Google Calendar is easy to load on any device, lets you see your calendar in several different views, and makes it easy to invite anyone else to any event or meeting you happen to plan. I could write multiple articles on Google Calendar features (and I have). This app does everything any other app can do, and more, all while being pretty easy to use.

If Google Calendar doesn’t work for you, though, check out our list of the best calendar apps for more options. Microsoft Outlook is a solid alternative, as is the Calendar app that comes with all Apple devices. 

I’d also consider looking into some kind of meeting scheduling app. These apps let anyone sign up for appointments with you, which is particularly useful if you have a meeting-heavy calendar. Calendly, shown below, is a solid option, with a lot of customizability and the ability to sync with Google Calendar. You can check out our list of the best meeting schedulers for a more complete rundown of Calendly and other options. 

Calendly, our pick for the best meeting scheduler app for simplified scheduling

Once you choose a calendar app, take it to the next level. With automation, you can do things like automatically turn calendar events into tasks on your to-do list or use forms to create calendar events. Here’s how you can bring context to your calendar by connecting other apps.

A note-taking app like OneNote

I’m constantly taking notes: before and during meetings; while researching an article; while brewing beer. And I think most people have some class of information they’ll need to reference later that doesn’t quite meet the threshold of a “document.” Who wants a sprawling series of folders with all of that information? 

This, to me, is what note-taking apps are for: quickly writing things down so you can read them later and (hopefully) follow up. They also work well as a personal journal, or a place to store files related to a particular project. 

Justin's beer brewing notes in OneNote

OneNote, above, is probably the note-taking app most people should try first. It’s free—so long as you don’t run out of OneDrive storage—and it gives you all kinds of ways to organize notes, from notebooks to sections to sub-headers. It also has powerful search, which includes the scanned contents of any images or PDFs you might drop in a note. 

But OneNote isn’t the only option. You should check out our list of the best note-taking apps for more choices. If you loved Evernote back in the day, you should check out Joplin, which is a completely free and open source replacement for that app. And I personally love Obsidian, which turns your notes into an entire database, complete with internal links and an extensive plugin collection. There are a lot of good choices out there—find something that lets you write things down and dig them up later.

See our favorite ways to use automation to improve how you put your notes to worktrack action items from meetings, and put an end to regular copy-paste actions.

A distraction blocker like Freedom

I’ve never tried to work in the middle of an amusement park, but I imagine it would be distracting. The internet is worse. Everything you could possibly imagine is available, all delivered by brilliant engineers who are doing everything they can to keep you looking at more and more and more of it. It’s understandable if you have trouble getting stuff done in that context, which is why apps that block distractions are so helpful. 

Freedom, our pick for the best focus app for blocking distractions on all your devices at once

Freedom is a great tool for the job. It runs on every platform and can block distractions—both websites and apps—on all of your devices. That means you can’t, for example, block Twitter on your computer only to pick up your phone and look at it there. With Freedom, you can set up multiple block lists, then start timers for any of them.

I personally love Serene, which combines distraction blocking with a sort of to-do list. You say what you want to do and how long it will take, then you start a distraction-free session to work on it. There’s also Cold Turkey Blocker, which can optionally prevent you from changing the time settings on your computer as a way of working around the block you set up. You’ve got more choices, though, particularly if you’re a Mac user. Check out our list of the best distraction blockers to learn more. 

Remember: the internet is distracting on purpose. There’s no shame in using a tool to build discipline. 

A habit tracker like Streaks or HabitNow

My dentist tells me I should brush my teeth twice a day, and I believe him, but I tended to only brush at night. I used a habit tracker to change that. 

These applications might sound similar to a to-do list, but they’re very different. You can’t add individual tasks to a habit tracker—only recurring ones. The idea is to set an intention to do something regularly, then keep track of how often you regularly do it. Eventually, you have a streak going, which psychologically motivates you to keep it up until the habit becomes second nature. Don’t laugh—it works. 

Streaks, our pick for the best habit tracker for iPhone

We recommend checking out Streaks, shown above, for iPhone and HabitNow, below, for Android. These apps both live on your phone, which is the place you’re most likely to look. They both let you create a list of habits you’d like to build, then remind you about that intention. They also both show you your progress in various ways. 

HabitNow, our pick for the best habit tracker for Android users

They’re not the only options, however; check out our list of the best habit tracker apps for more ideas. Also keep in mind that some to-do lists have habit-tracking capabilities built right in. I, personally, use TickTick‘s built-in habit tracker—I love it. And some people use a paper calendar for tracking a simple habit—just add an X every day you stick to your habit. 

An app to save things for later like Pocket

I’d love to read articles or watch YouTube videos all day. We all would. Sometimes, though, you have to do something else—even though your friend just sent you a really, really interesting article. That’s where read-it-later apps come in. They let you quickly save something you intend to read, so that you can come back to it when you have time.

Pocket, our pick for the best read it later app for turning articles into a podcast

I think that Pocket, above, is the app of choice in this class. It’s free to use, offers extensions for every major browser, and also has great mobile versions that sync your articles for offline reading. There’s even built-in support for highlighting, then reviewing your highlights later. 

Instapaper is a close second, and it even lets you send articles to your Kindle. These aren’t your only choices, though—check out our list of the best read-it-later apps for some more options. It’s also worth noting that some people use bookmarking apps or even note-taking apps for the same purpose, and that’s great—they both make it easy to save things for future reference. 

Automate the process of saving articles by connecting your read-it-later app to Zapier. Here are some ideas to get you started.

A screen recording tool like Loom

Whether it’s for a quick presentation or troubleshooting a problem, sometimes recording what’s on your screen and sharing it just makes life easier. Screen recording tools are perfect for this, allowing you to quickly record your screen, your voice, and even your face if you have a webcam. 

A screenshot of Loom, our pick for the best screen recording software for quickly recording and sharing on desktop

Loom is a great first tool to check out in this category. It’s easy to set up, works on all major platforms, and makes it really simple to share recordings. You can even add your face, via a webcam, to the recording. 

I personally use Zappy, which was originally an internal tool used by Zapier. It’s honestly the best screenshot tool I’ve ever used, and it’s free—if you use a Mac, it’s worth a try. Check out our list of the best screen recording tools for more options, and keep in mind you can actually record your screen without any software, if you don’t mind managing the file yourself. 

Want to share your screen in real-time? You need a screen sharing tool (Zoom works pretty well, surprisingly).

Other productivity tools worth checking out

This article could go on forever. There’s no end to great software out there, and I love writing about it. I think the above categories should save you all kinds of time—and take up plenty of your time to set up—but here are a few other suggestions if you’re feeling particularly motivated.

  • Password managers, like LastPass or 1Password, help you generate random passwords for all of your different services without the need for memorization. This is great for security, but it also makes logging in to stuff faster. Here’s a list of the best password managers.
  • Mobile scanning apps, like Microsoft Lens, let you scan documents using your phone while also digitizing any text using optical character recognition (OCR). Check out our list of the best mobile scanning OCR apps for more choices. 
  • Text expansion tools, like PhraseExpress, mean you’ll never need to look up and copy-paste the same message to multiple people ever again. Read more about text expansion software, or learn how it can make you better at dating
  • Dictation software, like Dragon by Nuance, lets you type by talking, which can save you all sorts of time. Here’s our list of the best dictation software.
  • Time tracking apps, like Toggl Track, are great for keeping track of how long projects take and making sure you’re not spending too much time on the wrong things. Take a look at our list of the best time tracking apps to find the right one for you.
  • Mind mapping software, like Coggle, helps you map the connections between different ideas while you’re brainstorming. Here are our picks for the best mind mapping software.
  • AI software, like OpenAI, could make all kinds of tasks easier in the future. It’s early, granted, but I already find it useful when I’m in the brainstorming phase of a project—I can ask the bot to generate ideas.

Once you have apps set up in some of these categories, you can take the whole productivity thing even further. Automation software like ours at Zapier connects all the other apps you use, with workflows you can build yourself—no code required. Like the tools above, Zapier won’t solve every problem you have, but it’s a great way to connect tools that otherwise don’t integrate well—which means you can use the best tools for you, as opposed to the tools that happen to play nice together. And it’s not limited to productivity—eventually, you’ll find yourself automating even your most business-critical workflows.

Plus, if you sign up for Zapier, we’ll be able to write more useful articles like this one. Here are five things you should automate today to get started.

This post was originally published in September 2018 by Matthew Guay. The most recent update was in December 2022.

Source :
https://zapier.com/blog/best-productivity-apps/

The 8 best to do list apps in 2023

There are too many to-do list apps. Trying them all would be a massive task, and I know because I did. 

Why are there so many apps for something easily done on sticky notes? Because managing tasks is an intensely personal thing. People will reject anything that doesn’t feel right. That’s a good instinct, but it makes it hard to find the right app. 

Make the most of your to-do list with Zapier

Automate your tasks

To that end, we’ve been hard at work researching the best to-do apps, trying to find the right ones for various use cases. Research for these pieces was exhaustive. We started by finding the best apps for every platform: AndroidWindowsmacOS, and iPhone/iPad. We then tried the top-rated apps in every respective app store, and spent way too much time migrating our personal to-do lists from one app to another.

And now I’m offering you what I feel is the cream of the crop. Whatever you’re looking for, one of these apps is going to be right for you. Click on any app to learn more about why I chose it, or keep reading for more context on to-do list apps.

The best to-do list apps

  • Todoist for balancing power and simplicity
  • TickTick for embedded calendars and timers
  • Microsoft To Do for Microsoft power users (and Wunderlist refugees)
  • Things for elegant design
  • OmniFocus for specific organizational systems
  • Habitica for making doing things fun
  • Google Tasks for Google power users
  • Any.do for people who forget to use to-do apps
  • Other options, including project management software, note-taking apps, and other tools that can do the job

What makes the best to-do list app?

How we evaluate and test apps

All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.

I’ve written about technology in general, and productivity specifically, since 2009. In that time, I’ve personally tried basically every to-do list app that has come out, and I’m usually depending on at least one of them to function.

Of course, when it comes to managing a to-do list online, everyone has different criteria. I kept this in mind as I tested, and I noticed a few features that made certain apps stand out.

The best to-do list apps:

  • Make it fast to add and organize tasks. Ideally, a task is added and categorized in a couple taps or keystrokes.
  • Offer multiple ways to organize your tasks. Tags, lists, projects, and due dates are all helpful, and the best to-do apps offer at least a few categories like this.
  • Remind you about self-imposed deadlines. Notifications, widgets, emails—if you’re using an online to-do list, it should help you track what needs to happen when.
  • Offer clean user interfaces. The best to-do app fits into your workflow so you can get back to what you’re supposed to be doing.
  • Sync between every platform you use. Which platforms will depend on what you personally use, but I didn’t consider anything that doesn’t sync between desktop and mobile.

I tried to find the task list apps that balance these things in various ways. None of these options will be right for everyone, but hopefully one of them is right for you. Let’s dive in.


Make 2023 your most efficient year yet

Start the year off right with our five-email course that helps you streamline work across your whole business.

Register now

Best to-do list app for balancing power and simplicity

Todoist (Web, Windows, macOS, Android, iPhone, iPad)

Todoist, our pick for the best to-do list app for balancing power and simplicity

Todoist isn’t the most powerful to-do list website out there. It’s also not the simplest. That’s kind of the point: this app balances power with simplicity, and it does so while running on basically every platform that exists. That’s a strong selling point—which is probably why Todoist is one of the most popular to-do lists right now.

Adding tasks was quick on every platform in my tests, thanks in part to natural language processing (type “buy milk Monday” and the task “buy milk” will be added with the next Monday set as your due date). You can put new tasks in your Inbox and then move them to relevant projects; you can also set due dates. Paid users can create custom filters and labels, and there are also some basic collaboration features.

Todoist is flexible enough to adapt to most workflows but not so complicated as to overwhelm. And it adds new features regularly: you can view projects as a Kanban board, for example, and navigating the app by keyboard is much smoother after recent updates. Overall, this is a great first to-do list app to try out, especially if you don’t know where to start.

Todoist also integrates with Zapier, which means you can automatically create tasks in Todoist whenever something happens in one of your favorite apps. Here are some examples.

Add new Google Calendar events to Todoist as tasks

Try it

  • Google Calendar logo
  • Todoist logo

Google Calendar, Todoist

Google Calendar + TodoistMore details

Add new starred emails to Todoist as tasks [Business Gmail Accounts Only]

Try it

  • Gmail logo
  • Todoist logo

Gmail, Todoist

Gmail + TodoistMore details

Add new Trello cards to Todoist as tasks

Try it

  • Trello logo
  • Todoist logo

Trello, Todoist

Trello + TodoistMore details

Todoist price: Free version available; paid version from $4/month.

Check out more ideas for automating Todoist with Zapier.

Best to-do list app with embedded calendars and timers

TickTick (Web, Android, Windows, macOS, iPhone and iPad)

TickTick, our pick for the best to-do list app with embedded calendars and timers

TickTick is a fast-growing task list app that offers a wide array of features on just about every platform you can imagine. Adding tasks is quick thanks to natural language processing. There’s also a universal keyboard shortcut offered on the desktop versions and pinned notifications and widgets on mobile, which makes it quick to add a task before getting back to what you’re doing. Tasks can be organized using lists, tags, and due dates, and there’s also the ability to add subtasks to any task. 

TickTick offers all of this with apps that feel native—the macOS version is distinct from the Windows version, for example, in ways that make sense given the differences between those two systems. TickTick also offers a few features that are above and beyond what other apps offer.

First, there’s a built-in Pomodoro timer, allowing you to start a 25-minute work session for any of your tasks (complete with numerous white noise options, if you want). Second, there’s integration with various third-party calendars, allowing you to see your tasks and your appointments in one place, and even do some time blocking. There’s also a built-in habit-tracking tool, allowing you to review how many days you did or didn’t stick to your exercise and diet commitments. And an Eisenhower Matrix view allows you to prioritize your tasks based on what’s urgent and what’s important. It’s a great collection of features, unlike anything else on the market.

With TickTick’s Zapier integration, you can connect TickTick to the other tools in your tech stack to automatically create tasks whenever you get new leads, deals, or emails.

Create TickTick tasks for newly-labeled Gmail emails [Business Gmail Accounts Only]

Try it

  • Gmail logo
  • TickTick logo

Gmail, TickTick

Gmail + TickTickMore details

Generate TickTick tasks from new Facebook Leads

Try it

  • Facebook Lead Ads logo
  • TickTick logo

Facebook Lead Ads, TickTick

Facebook Lead Ads + TickTickMore details

Generate TickTick tasks from new HubSpot deals

Try it

  • HubSpot logo
  • TickTick logo

HubSpot, TickTick

HubSpot + TickTickMore details

TickTick price: Free version available; paid version from $2.40/month.

Check out other ways you can automate TickTick with Zapier.

Best to-do list app for Microsoft power users (and Wunderlist refugees)

Microsoft To Do (Web, Android, Windows, iPhone and iPad)

Microsoft To Do, our pick for the best to-do list app for Microsoft power users (and Wunderlist refugees)

In 2015, Microsoft bought Wunderlist and put that team to work on a new to-do list app. Microsoft To Do is the result of that, and you can find Wunderlist’s DNA throughout the project. The main interface is clean and friendly, adding tasks is quick, but there’s a lot of flexibility below the surface.

But the real standout feature here is the deep integration with Microsoft’s ecosystem. Any email flagged in Outlook, for example, shows up as a task. Outlook users can also sync their tasks from that app over to Microsoft To Do, meaning there’s finally a way to sync Outlook tasks to mobile. Windows users can add tasks using Cortana or by typing in the Start menu. For example, you can type “add rice to my shopping list,” and rice will be added to a list called “shopping.” If you’re a Windows user and an Outlook user, this is the app for you.

This is also the prettiest to-do list app on the market, in my opinion. You can set custom background images for every one of your lists, allowing you to tell at a glance which list you’re looking at. You’re going to be looking at your task list all day—it might as well look good. 

Microsoft To Do integrates with Zapier, which means you can make sure Microsoft To Do is talking to all the other apps you use, not just the Microsoft ones. Here are some examples to get started.

Create Workboard action items from new tasks in Microsoft To-Do

Try it

  • Microsoft To Do logo
  • Workboard logo

Microsoft To Do, Workboard

Microsoft To Do + WorkboardMore details

Send direct Slack messages with new Microsoft To-Do lists

Try it

  • Microsoft To Do logo
  • Slack logo

Microsoft To Do, Slack

Microsoft To Do + SlackMore details

Create Microsoft To-Do tasks from new Salesforce leads

Try it

  • Salesforce logo
  • Microsoft To Do logo

Salesforce, Microsoft To Do

Salesforce + Microsoft To DoMore details

Microsoft To Do price: Free

Learn how you can make Microsoft To Do a productivity powerhouse with Zapier.

The best to-do list app with elegant design

Things (macOS, iPhone, iPad)

Things, our pick for the best to-do list app with elegant design

To-do list apps tend to fall into two categories: the complex and the minimalist. Things is somehow both.

That’s about the highest praise I can give a to-do list app. This is an app with no shortage of features, and yet it always feels simple to use. Adding tasks is quick and so is organizing them, but there’s seemingly no end of variation in ways to organize them. Areas can contain tasks or projects; projects can contain tasks or headers that can also contain tasks; and tasks can contain subtasks if you want. It sounds confusing, but it isn’t, which really speaks to how well Things is designed.

Other apps offer these features, but Things does it in a way that never feels cluttered, meaning you can quickly be done with looking at your to-do list and get back to whatever it is you’re doing. Combine this blend of functionality and beauty with features like a system-wide tool for quickly adding tasks, integration with your calendar so you can see your appointments while planning your day, intuitive keyboard shortcuts, reminders with native notifications, and syncing to an iPhone and iPad app.

The only downside here is the complete lack of versions for Windows and Android, though this decision is probably part of what allows the team to focus on making such a clean product. If you’re an Apple user, you owe it to yourself to try out Things.

You can automatically add to-dos to Things from your other apps with Things’ integrations on Zapier. Here’s some inspiration.

Add saved Slack messages to Things as to-dos

Try it

  • Slack logo
  • Things logo

Slack, Things

Slack + ThingsMore details

Add new Trello cards to Things as to-dos

Try it

  • Trello logo
  • Things logo

Trello, Things

Trello + ThingsMore details

Create Things to-dos from starred emails in Gmail [Business Gmail Accounts Only]

Try it

  • Gmail logo
  • Things logo

Gmail, Things

Gmail + ThingsMore details

Things price: $49.99 for macOS (15-day free trial), $19.99 for iPad, $9.99 for iPhone.

Best to-do list app for users with a very specific organizational system

OmniFocus (Web, macOS, iPhone, iPad)

OmniFocus, our pick for the best to-do list app for users with a very specific organizational system

OmniFocus is nothing if not flexible. This Apple-exclusive application is built around the Getting Things Done (GTD) philosophy trademarked by David Allen, but an array of features means it can be used for just about any organizational system you can imagine. There are three different kinds of projects you can set up, for example, depending on whether you need to do tasks in a specific order or not. There are six main views by default, allowing you to organize your tasks by things like due date, projects, and tags. You can even add more views, assuming you have the Pro version.

You get the idea. OmniFocus is a power user’s dream, with more features than anyone can hope to incorporate into a workflow, which is kind of the point: if there’s a feature you want, OmniFocus has it, so you can organize your tasks basically any way you can imagine.

Syncing is offered only between Apple devices. There’s a web version that’s intended for occasional usage away from your Apple machines, but non-Apple users should probably look elsewhere.

You can connect OmniFocus to your other favorite apps with OmniFocus’s Zapier integration. Whenever something happens in another app that you want to keep track of in OmniFocus, Zapier will automatically send it there.

Create OmniFocus tasks from new saved Slack messages

Try it

  • Slack logo
  • OmniFocus logo

Slack, OmniFocus

Slack + OmniFocusMore details

Create OmniFocus tasks for new starred emails on Gmail

Try it

  • Gmail logo
  • OmniFocus logo

Gmail, OmniFocus

Gmail + OmniFocusMore details

Create OmniFocus tasks from new or moved Trello cards

Try it

  • Trello logo
  • OmniFocus logo

Trello, OmniFocus

Trello + OmniFocusMore details

OmniFocus price: From $99.99/year for the recurring plan, which includes all apps and the web version. Also available as a one-time purchase from $49.99 (14-day free trial).

Best to-do list app for making doing things fun

Habitica (Web, Android, iPhone and iPad)

Habitica, our pick for the best to-do list app for making doing things fun

Games are fantastic at motivating mundane activity—how else can you explain all that time you’ve spent on mindless fetch quests? Habitica, formerly known as HabitRPG, tries to use principles from game design to motivate you to get things done, and it’s remarkably effective. You can add tasks, daily activities, and habits to a list. You also have a character, who levels up when you get things done and takes damage when you put things off. You can also earn in-game currency for buying offline rewards, such as a snack, or in-game items like weapons or even silly hats.

This is even better when you join a few friends and start a party. You can all fight bosses together, but be careful: fail to finish some tasks on time and your friends will take damage. If that doesn’t motivate you, nothing will.

What’s the downside? Habitica isn’t a great to-do list for managing long-term projects, so you might need something else for that. But if motivation is your problem, Habitica is well worth a spin.

Habitica price: Free version available; paid version from $5/month.

Best to-do list app for Google power users

Google Tasks (Web, Android, iPhone and iPad)

Google Tasks, our pick for the best to-do list app for Google power users

If you live in Gmail and Google Calendar, Google Tasks is an obvious free to-do list app to try out. That’s because it lives right in the sidebar of those two apps, and offers more than a few integrations. Plus, there’s a dedicated mobile app.

The app itself is spartan. Adding tasks is quick, particularly if you spend a lot of time in Gmail anyway, but there’s not a lot of organizational offerings. There are due dates, lists, descriptions, subtasks, and the ability to “Star” tasks. There’s not much beyond that, which is ok. On the desktop, the integration with Gmail is a key selling point. You can drag an email to Google Tasks to turn it into a task, for example. You also can see your tasks on your Google Calendar, if you want.

The best to-do app is one that’s always handy. If you’re the kind of person who always has Gmail open on your computer, it’s hard for any app to be handier than Google Tasks. The mobile versions make those tasks accessible on the go.

You can automatically move information between Google Tasks and your other apps with Google Tasks’ integration on Zapier. Here are a few examples of workflows you can automate, so you can stop manually moving your tasks.

Create Trello cards from new Google Tasks tasks

Try it

  • Google Tasks logo
  • Trello logo

Google Tasks, Trello

Google Tasks + TrelloMore details

Add new Google Tasks to Todoist as tasks

Try it

  • Google Tasks logo
  • Todoist logo

Google Tasks, Todoist

Google Tasks + TodoistMore details

Add Google Tasks tasks for new Google Calendar events

Try it

  • Google Calendar logo
  • Google Tasks logo

Google Calendar, Google Tasks

Google Calendar + Google TasksMore details

Google Tasks price: Free

Take a look at how you can power up all of your Google apps using automation.

Best to-do list app for people who forget to use to-do apps

Any.do (Web, Android, iPhone and iPad)

Any.do, our pick for the best to-do list app for people who forget to use to-do apps

Any.do offers a really slick mobile app that makes it quick to add tasks, organize them into lists, and add due dates. But where it really shines is with its daily “Plan my Day” feature, which forces you to schedule when you’ll accomplish your various tasks, so that you remember to actually do things. Any.do also integrates nicely with Google and Outlook calendars, allowing you to see your appointments and your tasks in one place. This is exactly what you need if you’re the kind of person who adds things to a list and forgets about them.

The desktop version isn’t quite as slick as the mobile version—it feels cluttered and is more than a little confusing. Still, Any.do’s mobile version alone makes a compelling reason to give it a shot, especially if that’s where you do most of your task management.

Any.do integrates with Zapier, so you can automatically add tasks to Any.do whenever there’s a new calendar event, note, or task in your other apps.

Add Evernote reminders to Any.do as tasks

Try it

  • Evernote logo
  • Any.do logo

Evernote, Any.do

Evernote + Any.doMore details

Create tasks in Any.do for new saved messages in Slack

Try it

  • Slack logo
  • Any.do logo

Slack, Any.do

Slack + Any.doMore details

Add new incomplete Todoist tasks to Any.do

Try it

  • Todoist logo
  • Any.do logo

Todoist, Any.do

Todoist + Any.doMore details

Any.do price: Free version available; paid version from $2.99/month.

Other to-do list options

We focused on dedicated to-do list apps in this roundup, but plenty of other software can fulfill the same function. Here are a few ideas if none of the above quite fit what you’re looking for:

Finding the right task management system is hard because it’s so personal. To that end, let me know if there’s anything you think I missed.

Related reading:

This post was originally published in April 2018 by Andrew Kunesh. The most recent update was in November 2022.

Source :
https://zapier.com/blog/best-todo-list-apps/

How To Install Kimai Time Tracking App in Docker

In this guide, I’ll show you how to deploy the open source time tracking app Kimai in a Docker container. Kimai is free, browser-based (so it’ll work on mobile devices), and is extremely flexible for just about every use case.

It has a stopwatch feature where you can start/stop/pause a worklog timer. Then, it accumulates the total into daily, weekly, monthly or yearly reports, which can be exported or printed as invoices.

It supports single or multi users, so you can even track time for your entire department. All statistics are visible on a beautiful dashboard, which makes historical time-tracking a breeze.


Why use Kimai Time Tracker?

For my scenario, I am salaried at work. However, since I’m an IT Manager, I often find myself working after hours or on weekends to patch servers, reboot systems, or perform system and infrastructure upgrades. Normally, I use a pen and paper or a notetaking app to track overtime, although this is pretty inefficent. Sometimes I forget when I started or stopped, or if I’ve written down the time on a notepade at home, I can’t view that time at work.

And when it comes to managing a team of others who also perform after hours maintenance, it becomes even harder to track their total overtime hours.

Over the past few weeks, I stumbled across Kimai and really love all the features. Especially when I can spin it up in a docker or docker compose container!

If you don’t have Docker installed, follow this guide: https://smarthomepursuits.com/how-to-install-docker-ubuntu/

If you don’t have Docker-Compose installed, follow this guide: https://smarthomepursuits.com/how-to-install-portainer-with-docker-in-ubuntu-20-04/

In this tutorial, we will be installing Kimai for 1 user using standard Docker run commands. Other users can be added from the webui after initial setup.


Step 1: SSH into your Docker Host

Open Putty and SSH into your server that is running docker and docker compose.


Step 2: Create Kimai Database container

Enter the command below to create a new database to use with Kimai. You can copy and paste into Putty by right-clicking after copy, or CTRL+SHIFT+V into other ssh clients.

sudo docker run --rm --name kimai-mysql \
    -e MYSQL_DATABASE=kimai \
    -e MYSQL_USER=kimai \
    -e MYSQL_PASSWORD=kimai \
    -e MYSQL_ROOT_PASSWORD=kimai \
    -p 3399:3306 -d mysql

Step 3: Start Kimai

Next, start the Kimai container using the already created database. If you look at the Kimai github page, you’ll notice that this isn’t the same command as what shows there.

Here’s the original command (which I’m not using):

docker run --rm --name kimai-test -ti -p 8001:8001 -e DATABASE_URL=mysql://kimai:kimai@${HOSTNAME}:3399/kimai kimai/kimai2:apache

And here’s my command. I had to explicitly add TRUSTED_HOSTS, the ADMINMAIL and ADMINPASS, and change the ${HOSTNAME} to the IP address of your docker host. Otherwise, I wasn’t able to access Kimai from other computers on my local network.

  • Green = change port here if already in use
  • Red = Add the IP address of your docker host
  • Orange = Manually specifying the admin email and password. This is what you’ll use to log in with.
  • Blue = Change to docker host IP address
sudo docker run --rm --name kimai -ti -p 8001:8001 -e TRUSTED_HOSTS=192.168.68.141,localhost,127.0.0.1 -e ADMINMAIL=example@gmail.com -e ADMINPASS=8charpassword -e DATABASE_URL=mysql://kimai:kimai@192.168.68.141:3399/kimai kimai/kimai2:apache

Note that 8 characters is the minimum for the password.


Step 4: Log In via Web Browser

Next, Kimai should now be running!

To check, you can go to your http://dockerIP:8001 in a web browser (192.168.68.141:8001)

Then simply log in with the credentials you created.


Step 5: Basic Setup

This app is extremely powerful and customizeable, so I won’t be going over all the available options since everyone has different needs.

Like I mentioned earlier, I’m using Kimai for overtime tracking only, so the first step for me is to create a new “customer”.

Create a Customer

This is sort of unintuitive, but you need to create a customer before you can start tracking time to a project. I’m creating a generic “Employee” customer.

Click Customers on the left sidebar, then click the + button in the top right corner.

Create A Project

Click Projects on the left sidebar:

Then click the + button in the top right corner.

Add a name, choose the customer you just created, and then choose a date range.

Create An Activity

Click Activity on the left, then create an activity. I’m calling mine Overtime Worked and assigning it to the Project “Overtime 2021” I just created.


Step 6: Change “Timetracking Mode” to Time-clock

Click Settings. Under Timetracking mode, change it to Time-Clock. This will let you click the Play button to start/stop time worked vs having to manually enter start and stop times.


Step 7: Start Tracking Time!

To start tracking time, simply click the timer widget in the top right corner.

A screen will pop up asking you what project and activity you want to apply the time to.

The selfhosted stopwatch will start tracking time right after. You can then view the timesheets for yourself under the My Times section or for all users under the Timesheets or Reporting tabs.


Wrapping Up

Hopefully this guide helped you get Kimai installed and setup! If you have any questions, feel free to let me know in the comments below and I’ll do my best to help you out.


My Homelab Equipment

Here is some of the gear I use in my Homelab. I highly recommend each of them.

The full list of server components I use can be found on my Equipment List page.

Source :
https://smarthomepursuits.com/how-to-install-kimai-time-tracking-app-in-docker/

Port Forwarding configured using SonicOS API

Description

This article describes the steps involved in creating Polices using SonicOS APIs that will let you access internal devices or servers behind the SonicWall firewall.

Cause

SonicWall by default does not allow inbound traffic which not a part of a session that was initiated by an internal device on the network. This is done to protect the devices in the internal network from malicious access. If required certain parts of the network can be opened to external access, for example Webservers, Exchange servers and so on.

To open the network, we need to specify an access rule from the external network to the internal network and a NAT Policy so we direct traffic only to the intended device.

With APIs this can be achieved on scale for example you can create multiple Access Rules and NAT policies with one command and all the attributes can be specified into Json Objects.

Resolution

Manually opening Ports / enabling Port forwarding to allow traffic from the Internet to a Server behind the SonicWall using sonicos API involves the following steps:

Step1: Enabling the API Module.

Step2:Getting into Swagger.

Step3:Login to the SonicWall with API.

Step4:Create Address Objects and Service Objects with API.

Step5:Creating NAT Policy with API.

Step6: Creating Access Rules with API.

Step7:Committing all the configurational changes made with APIs.

Step8: Log out the SonicWall with API:

Scenario Overview

The following walk-through details allowing TCP 3389 From the Internet to a Terminal Server on the Local Network.Once the configuration is complete, Internet Users can RDP into the Terminal Server using the WAN IP address.Although the examples below show the LAN Zone and TCP 3389 they can apply to any Zone and any Port that is required.

Step 1: Enabling the API Module:               
 

  1.  Log into the SonicWall GUI.
  2.  Click Manage in the top navigation menu.
  3. Click Appliance | Base Settings
  4. Under Base Settings search for sonicos API
  5. Click Enable sonicos API  
  6. Click Enable RFC-2617 HTTP Basic Access authentication
Enabling API on the SonicOS

Step2: Getting into Swagger

  1. Click on the Mange Tab
  2. Scroll Down to find API
  3. Click on the Link https://sonicos-api.sonicwall.com
  4. Swagger will prepopulate your SonicWalls’s IP, MGMT Port, Firmware so it can give you a list of applicable APIs.

 NOTE: All the APIs required for configuring Port Forwarding will be listed in this Article.

API on the SonicOS

Step3:Login to the SonicWall with API:

  1.  curl -k -i -u “admin:password” -X POST https://192.168.168.168:443/api/sonicos/auth

      “admin:password” – Replace this with your SonicWalls username : password

      https://192.168.168.168:443/– Replace this with your SonicWalls Public or private IP address

Command Output should contain a string: “success”: true

Login with API

 NOTE: You are free to choose Swagger, Postman, Git bash or any application that allows API calls, if you are using a Linux based operating system you can execute cURL from the terminal.For this article I am using Git bash on Windows.

Step4:Create Address Objects and Service Objects with API:

  1.   curl -k -i -X POST “https://192.168.168.168:443/api/sonicos/address-objects/ipv4” -H “accept: application/Json” -H “Content-Type: application/Json” -d “{\”address_object\”:{\”ipv4\”:{\”name\”:\”Term Server Private\”,\”zone\”:\”LAN\”,\”host\”:{\”ip\”:\”192.168.168.10\”}}}}”  &&  curl -k -i -X POST “https://192.168.168.168:443/api/sonicos/address-objects/ipv4” -H “accept: application/Json” -H “Content-Type: application/Json” -d “{\”address_object\”:{\”ipv4\”:{\”name\”:\”Term Server Public\”,\”zone\”:\”WAN\”,\”host\”:{\”ip\”:\”1.1.1.1\”}}}}”

 OR 

curl -k -i -X POST “https://192.168.168.168:443/api/sonicos/address-objects/ipv4” -H “accept: application/Json” -H “Content-Type: application/Json” -d @add.Json

@add.Json is a file with the following information:

{
“address_objects”: [
{
“ipv4”: {
“name”: “Term Server Private”,
“zone”: “LAN”,
“host”: {
“ip”: “192.168.168.10”
}
}
},
{
“ipv4”: {
“name”: “Term Server Public”,
“zone”: “WAN”,
“host”: {
“ip”: “1.1.1.1”
}
}
}
]
}

Output of the First command where we have parsed the address object data on the command instead of creating a separate File:

Image

 Output of the second Command where we have used a file called @add instead of specifying data on the command:

Image

 TIP: If you are creating only one Address Object then the First command should be sufficient, if you are creating multiple address objects then the second command should be used.

 CAUTION: I have the add.Json file saved on to my desktop and hence I was able to call it into the command, if you have created the Json the file in a different location then make sure you are executing the command from that location.

2. Adding Service Object:

 curl -k -i -X POST “https://192.168.168.168:443/api/sonicos/service-objects” -H “accept: application/Json” -H “Content-Type: application/Json” -d @serviceobj.Json

https://192.168.168.168:443 – Replace that with the IP of the SonicWall

@serviceobj.Json is a file that contains the Attributes of the service object:

{

  “service_object”: {

    “name”: “Terminal Server 3389”,

    “TCP”: {

      “begin”: 3389,

      “end”: 3389

    }

  }

}

Output of the command:

Image

 3. Committing the changes made to the SonicWall: We need to do this to be able to use the Address Objects and service objects that we just created to make a NAT Policy and an Access Rule.

  curl -k -X POST “https://192.168.168.168:443/api/sonicos/config/pending” -H “accept: application/Json”

  https://192.168.168.168:443 – Replace that with the IP of the SonicWall

Output of the command: 

Image

Step5: Creating NAT Policy with API:

1.     curl -k -i -X POST “https://192.168.168.168:443/api/sonicos/nat-policies/ipv4” -H “accept: application/Json” -H “Content-Type: application/Json” -d @natpolicy.Json

         https://192.168.168.168:443 – Replace that with the IP of the SonicWall

         @natpolicy.Json is a file that contains the Attributes of the NAT Policy:

{

  “nat_policies”: [

    {

      “ipv4”: {

        “name”: “Inbound NAT 3389”,

        “enable”: true,

        “comment”: “”,

        “inbound”: “X1”,

        “outbound”: “any”,

        “source”: {

          “any”: true

        },

        “translated_source”: {

          “original”: true

        },

        “destination”: {

          “name”: “Term Server Public”

        },

        “translated_destination”: {

          “name”: “Term Server Private”

        },

        “service”: {

          “name”: “Terminal Server 3389”

        },

        “translated_service”: {

          “original”: true

        }

      }

    }

  ]

}

Output of the command:

Image

Step6: Creating Access Rules with API:

1.     curl -k -X POST “https://192.168.168.168:443/api/sonicos/access-rules/ipv4” -H “accept: application/Json” -H “Content-Type: application/Json” -d @accessrule.Json

https://192.168.168.168:443 – Replace that with the IP of the SonicWall

@accessrule.Json is a file that contains the Attributes of the access rule:

{

  “access_rules”: [

    {

      “ipv4”: {

        “name”: “Inbound 3389”,

        “enable”: true,

        “from”: “WAN”,

        “to”: “LAN”,

        “action”: “allow”,

        “source”: {

          “address”: {

            “any”: true

          },

          “port”: {

            “any”: true

          }

        },

        “service”: {

          “name”: “Terminal Server 3389”

        },

        “destination”: {

          “address”: {

            “name”: “Term Server Public”

          }

        }

        }

    }

  ]

}

Output of the command:

Image

Step7: Committing all the configurational changes made with APIs:

1.     We have already committed Address objects and Service Objects in Step 4, In this step we are committing the NAT Policy and the Access Rule to the SonicWalls configuration:

curl -k -X POST “https://192.168.168.168:443/api/sonicos/config/pending” -H “accept: application/Json”

https://192.168.168.168:443 – Replace that with the IP of the SonicWall

We have Only used the POST method in most of the API calls for this Article because we are only Adding things into the configuration, there are other methods Like GET,DELETE,PUT and etc. I recommend that you go through https://sonicos-api.sonicwall.com for more API commands.

Step8: Log out the SonicWall with API:

1.       It is recommended to log out from the SonicWall via API once the desired configuration is committed.

         curl -k -i -u “admin:password” -X DELETE https://192.168.168.168:443/api/sonicos/auth

         https://192.168.168.168:443 – Replace that with the IP of the SonicWall

         “admin:password” – is the actual username and password for the SonicWall.

Output of the command:

Image

 CAUTION: Caution: If you miss to perform the action in Step 7 and Execute the command in Step 8 you will lose all the configuration changes made in the current session.

Summary:We have successfully configured a Port Forwarding for a user in the Internet to access a Term Server that is behind a Firewall on port 3389 using sonicos API.

 NOTE: It is always recommended to use Client VPN for RDP connections this article here is just an example.

Related Articles

Categories

Source :
https://www.sonicwall.com/support/knowledge-base/port-forwarding-with-sonicos-api-using-postman-and-curl/190224162643523/

What FQDN’s and IP’s are used by SonicWall products to update their services?

Description

This article lists the Fully Qualified Domain Names (FQDNs) in use by SonicWall for its licensing and security services.

Resolution

SonicWall firewalls:

  • lm2.sonicwall.com – Registration information/licensing.
  • licensemanager.sonicwall.com – Registration information/licensing for older firewalls.
  • software.sonicwall.com – Softwares, firmwares, NetExtender, GVC.
  • responder.global.sonicwall.com – Probe target.
  • clientmanager.sonicwall.com – Client CF enforcement download.
  • policymanager.sonicwall.com – Global Security Client.
  • convert.global.sonicwall.com – Preference processor server.
  • geodnsd.global.sonicwall.com – Used for flow reporting and GeoIP.
  • webcfs00.global.sonicwall.com – Content filter server.
  • webcfs01.global.sonicwall.com – Content filter server.
  • webcfs02.global.sonicwall.com – Content filter server.
  • webcfs03.global.sonicwall.com – Content filter server.
  • webcfs04.global.sonicwall.com – Content filter server.
  • webcfs05.global.sonicwall.com – Content filter server.
  • webcfs06.global.sonicwall.com – Content filter server.
  • webcfs07.global.sonicwall.com – Content filter server.
  • webcfs08.global.sonicwall.com – Content filter server.
  • webcfs10.global.sonicwall.com – Content filter server.
  • webcfs11.global.sonicwall.com – Content filter server.
  • gcsd.global.sonicwall.com – Cloud antivirus and status.
  • sig2.sonicwall.com – Signature updates.
  • sigserver.global.sonicwall.com – Signature updates for older firewalls.
  • lmdashboard.global.sonicwall.com – License manager dashboard.
  • appreports.global.sonicwall.com – App reports server.
  • sonicsandbox.global.sonicwall.com – Default Capture ATP server (west coast) UDP 2259, and https (tcp 443).
  • sonicsandboxmia.global.sonicwall.com  – East coast capture ATP server UDP 2259, and https (tcp 443).
  • utmgbdata.global.sonicwall.com – Map info URL domain.
  • cfssupport.sonicwall.com – View rating of a website.
  • cloudtt.global.sonicwall.com – Zero Touch provisioning
  • eprs2.global.sonicwall.com (204.212.170.36, 204.212.170.11, 204.212.170.10) – Content Filter Client servers.
  • wsdl.mysonicwall.com  – Automatic preference backups and firmware downloads.
  • sonicsandbox.global.sonicwall.com
  • sonicsandboxmia.global.sonicwall.com
  • sonicsandboxams.global.sonicwall.com
  • sonicsandboxfra.global.sonicwall.com
  • sonicsandboxtko.global.sonicwall.com

    This information can also be found in the Tech Support Report (TSR). More information about the TSR can be found in the following article:
    How to Download Tech Support Files (TSR, EXP, Logs) From SonicWall UTM Firewalls

Capture Client software:

  • captureclient-36.sonicwall.com
  • captureclient.sonicwall.com
  • sonicwall.sentinelone.net (S1 agent)
  • software.sonicwall.com (software package updates)
  • sonicsandbox.global.sonicwall.com (Capture ATP- Applicable for Capture Client Advanced License)

SonicWall CSC:

  • For SanJose Colo

    FQDN: cloudgms.sonicwall.com
    Zero Touch FQDN: cloudtt.global.sonicwall.com
    IP: 4.16.47.168, 4.16.47.188

  • For AWS Colo

    FQDN: cscma.sonicwall.com
    Zero Touch FQDN: cscmatt.global.sonicwall.com
    IP: 34.211.138.110, 52.37.12.168, 52.89.82.203, 52.11.92.114

  • For AMS Colo

    FQDN: cloudgmsams.sonicwall.com
    Zero Touch FQDN: cloudttams.global.sonicwall.com
    IP: 213.244.188.168, 213.244.188.188

  • For AWS-FRA Colo

    FQDN: cscmafra.sonicwall.com
    Zero Touch FQDN: cscmafratt.global.sonicwall.com, cscmafratta.global.sonicwall.com
    IP: 18.197.234.66, 18.197.234.59

SonicWall NSM:

  • For Oregon AWS Colo

    FQDN: nsm-uswest.sonicwall.com (Use it in GMS settings under Administration Page)
    Zero Touch FQDN: nsm-uswest-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
    IP: 13.227.130.81, 13.227.130.63, 3.227.130.69, 13.227.130.12, 52.39.29.75, 44.233.105.101, 44.227.248.206

  • For AWS-FRA Colo

    FQDN: nsm-eucentral.sonicwall.com (Use it in GMS settings under Administration Page)
    Zero Touch FQDN: nsm-eucentral-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
    IP: 13.227.130.70, 13.227.130.69, 13.227.130.15, 13.227.130.92, 18.156.16.24, 18.157.240.148, 3.127.176.56

Related Articles

Categories

Source :
https://www.sonicwall.com/support/knowledge-base/what-fqdn-s-and-ip-s-are-used-by-sonicwall-products-to-update-their-services/170503941664663/

The 12 Most Impactful Internet Outages

An internet outage can have major consequences for a digital business, especially when it happens during peak usage times and on holidays. Outages can lead to revenue loss, complaints, and customer churn. 

Of course, internet outages regularly impact companies across all verticals, including some of the largest internet companies in the world. And they can happen when you least expect them. 

Read on to learn about some of the most impactful internet outages to date and some steps you can take to keep your business out of harm’s way.

Historical Internet Outages You Need to Know About 

1. Amazon Web Services 

Amazon Web Services (AWS) experienced a major outage in December 2021, lasting for several hours. The outage impacted operations for many leading businesses, including Netflix, Disney, Spotify, DoorDash, and Venmo. 

Amazon blames the outage on an automation error causing multiple systems to act abnormally. The outage also prevented users from accessing some cloud services. 

This outage proved the largest and safest cloud providers are also susceptible to downtime.

2. Facebook 

Facebook as well suffered a major outage in 2021, leaving billions of users unable to access its services, including its main social network, Instagram, and WhatsApp. 

According to Facebook, the cause of the outage was a configuration change on its backbone routers responsible for transmitting traffic across its data centers. The outage lasted roughly six hours, an eternity for a social network.

3. Fastly 

Cloud service provider Fastly had its network go down in June 2021, taking down several sizeable global news websites, including the New York Times and CNN. It also impacted retailers like Target and Amazon, and several other organizations.

The outage resulted from a faulty software update, stemming from a misconfiguration, causing disruptions across multiple servers.  

4. British Airways 

British Airways experienced a massive IT failure in 2017 during one of the busiest travel weekends in the United Kingdom. 

This event created a nightmare scenario for the organization and its customers. Altogether, it grounded 672 flights and stranded tens of thousands of customers.

According to the company, the outage ensued when an engineer disconnected the data center’s power supply. A massive power surge came next, bringing the business’s network down in the process.

5. Google

Google had a major service outage in 2020. It only lasted about forty-five minutes, but it still impacted users worldwide. 

Services including Gmail, YouTube, and Google Calendar all crashed. So did Google Home apps. The outage also impacted third-party applications using Google for authentication.

The issue happened due to inadequate storage capacity for the company’s authentication services.

6.  Dyn

Undoubtedly, one of the biggest distributed denial of service (DDoS) attacks in history occurred in 2016 against Dyn, which was a major backbone provider.

The attack occurred in three waves, overwhelming the company’s servers. As a result, many internet users were unable to access partnering platforms like Twitter, Spotify, and Netflix. 

7. Verizon Fios

Verizon had a major internet outage in January 2021, which disrupted tens of thousands of customers along the East Coast.

While the internet outage lasted only about an hour, Verizon experienced a sharp drop in traffic volume. Naturally, many customers complained about the loss of service. 

At first, the company reported the incident was the result of someone cutting fiber cables. However, it was unrelated and turned out to be a “software issue” during routine network maintenance activities. 

8. Microsoft 

Another major internet outage occurred at Microsoft when its Azure service went under in December 2021. Azure’s Active Directory service crashed for about ninety minutes. 

Compared to some other outages, this one was relatively small. Nonetheless, it prevented users from signing in to Microsoft services such as Office 365. Although applications remained online, users couldn’t access them, making this a major productivity killer for many organizations worldwide.

9. Comcast

There was an internet outage at Comcast in November 2021, which happened when its San Francisco backbone shut down for about two hours.

Following the outage, a broader issue occurred, spanning multiple U.S. cities, including hubs like Philadelphia and Chicago. Several thousand customers lost service, leaving them unable to access basic network functionality during the height of the pandemic. 

10. Akamai Edge DNS

Akamai, a global content delivery provider, experienced an outage with its DNS service in 2021. The Akamai outage resulted from a faulty software configuration update activating a bug in its Secure Edge Content Delivery Network. 

In a similar fashion to other attacks against service providers, Akamai’s outage caused widespread damage. Other websites—including American Airlines, Fox News, and Steam—all experienced performance issues following the incident.

11. Cox Communications

Cox Communications reported a major internet outage in March 2022, impacting nearly seven thousand customers in the Las Vegas region. 

The problem resulted from an NV Energy backhoe damaging a transmission line and triggering a power event. The surge caused a cable modem to reset, and many customers tried to reconnect simultaneously. As a result, it took several hours for service to resume. 

12.  Slack

The recent Slack outage in  January 2021 created havoc for distributed workers who rely on the platform for communication and collaboration. 

The platform’s outage impacted organizations across the US, UK, Germany, Japan, and India, with interruptions occurring for about two and a half hours. Slack says the issue came from scaling problems on the AWS Transit Gateway, which couldn’t accommodate a spike in traffic. 

Best Practices for Avoiding Internet Outages

At the end of the day, there’s nothing you can do to prevent outages entirely, especially if your business relies on multiple third-party systems. Eventually, your company or a partner will experience some level of service disruption.   It’s best to plan for them and, where possible, enable systems to ‘fail gracefully.’ 

As part of your resiliency planning, here are some steps to mitigate damage, maximize uptime, and keep your organization safe, along with some best practices to help you avoid disruptions from network and connectivity issues. 

Set Up a Backup Internet Solution

It’s impossible to protect your business from local internet outages completely. They can stem from issues like local construction, service disruptions, and more. 

Consider setting up a backup internet solution as a workaround, so you never lose connectivity. For example, you may choose to combine broadband with a wireless failover solution.

Consider a Multi-Cloud Strategy

If your business is in the cloud, it’s a good idea to explore a multi-cloud strategy. By spreading your workloads across multiple cloud providers, you can prevent cloud service disruptions from knocking your digital applications offline. This approach can also improve uptime and resiliency.

Use Website Performance and Availability Monitoring

One of the best ways to protect your business is to use website performance and availability monitoring. It provides real-time visibility into how end users are interacting with and experiencing your website.

A robust website performance and availability monitoring solution can provide actionable insights into the health and stability of your website. As a result, you can track uptime and performance over time and troubleshoot issues when they occur.

The Pingdom Approach to Website Performance Monitoring

SolarWinds® Pingdom® provides real-time and historical end-user experience monitoring, giving your team deep visibility from a single pane of glass. With Pingdom, it’s possible to protect against the kind of outages helping your company make headlines for the wrong reasons.

When you’re ready to jump in, try Pingdom by requesting a free trial today

This post was written by Justin Reynolds. Justin is a freelance writer who enjoys telling stories about how technology, science, and creativity can help workers be more productive. In his spare time, he likes seeing or playing live music, hiking, and traveling.

Source :
https://www.pingdom.com/outages/internet-outages-the-12-most-impactful/

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is part of a larger project known as Wordfence Intelligence Community Edition, which we are launching today.

This year at Blackhat in Las Vegas, Wordfence launched Wordfence Intelligence, an enterprise product providing organizations with data feeds derived from the attack telemetry we receive from Wordfence users. We did this with one goal in mind: to further secure the Web by enabling enterprises and network defenders with the ability to implement our threat intelligence in a way that will better secure their infrastructure and customers. Wordfence Intelligence includes malware signatures, IP threat feeds and a malware hash feed to enable enterprises to deploy our data at the network and server level.

Wordfence Intelligence Community Edition is a set of data available free for the community to use, and it includes an enterprise quality vulnerability database, and an API that provides a full up-to-date download in JSON format, completely free with no registration required. We are investing heavily in this database by growing the team, maintaining and curating the existing data, and adding new vulnerabilities as soon as they are discovered.

There is no delay on how quickly we add vulnerabilities to this free database. As soon as a vulnerability is disclosed, we add it. There is also no limitation on the use of this data, other than an attribution requirement for vulnerabilities sourced from MITRE, and an attribution requirement for our own vulnerabilities. Each vulnerability record includes the data you need to provide this attribution on your user interface.

Our hope is that hosting companies, software developers and security providers will turn this data into free and commercial security products that will improve the security of the WordPress community. By giving the data away for free, and allowing commercial use, we are acting as a catalyst for innovation in the vulnerability scanning space. Individual developers no longer have an expensive barrier to entry if they want to implement a new kind of vulnerability scanning software for the community. It is our hope that this database will foster innovation in the WordPress security space and improve the security of the WordPress community as a whole.

Wordfence Intelligence Community Edition has the stated goal of uplifting the research community and raising the profile of talented security researchers who make valuable contributions to our community, and who make us all safer. To this end, we are launching with security researcher profile pages, a security researcher leaderboard, and each vulnerability will link to the relevant researcher who discovered the vulnerability. We will also be adding the ability for researchers to edit their own profile page so that they can add links to their resume or personal website. Expect this in the coming weeks.

We will be launching web hooks in the coming weeks that will proactively and programmatically alert users and applications to the release of a new vulnerability. This provides real-time awareness of a new vulnerability, and makes the time between announcement and mitigation of a new vulnerability approach zero.

Defiant Inc and the Wordfence team are investing heavily in this vulnerability database. We are actively recruiting talented security analysts to triage inbound vulnerabilities, and we are recruiting researchers to discover new vulnerabilities in WordPress core, plugins and themes.

Yesterday evening I sat down with Chloe Chamberland, head of product for Wordfence Intelligence, in our studio in Centennial, Colorado, to chat about this exciting product that her and her team are launching today. Here is the conversation.

That concludes the executive summary portion of this post. The rest of this post is written by Chloe Chamberland who heads up the Wordfence Intelligence product. Chloe describes Wordfence Intelligence Community Edition and the vulnerability database and API in more detail.  I’d like to extend my congratulations and thanks to Chloe and her team, our security analysts who worked so hard on creating the data in this database, and continue to do so, and to our engineering team for this launch.

~Mark Maunder – Wordfence Founder & CEO.

Introducing Wordfence Intelligence Community Edition

Wordfence Intelligence Community Edition is a threat intelligence data platform which currently consists of an incredibly comprehensive database of WordPress vulnerabilities. We’ve designed this platform with vulnerability researchers, site owners, and security analysts in mind. Each vulnerability has been manually curated by our team of vulnerability analysts and has been populated using historical data from the CVE list, Google fu’ing, and many other vulnerability sources. Each vulnerability record contains details such as the CVSS score, CWE type, a description of the vulnerability, affected software components, the original researcher(s), and more.

Our goal is to provide site owners with as much information needed to effectively secure their WordPress websites while also providing security analysts and researchers the information needed to be able monitor the WordPress threat landscape so they can respond to threats in a timely manner and provide their insights back to the community.

The Wordfence Intelligence Community Edition vulnerability database currently contains over 8,000 unique vulnerability records covering nearly 10,000 vulnerabilities across WordPress core, themes, and plugins. Over the coming months we will continue to actively develop and release features that will enrich the experience of users accessing and using the platform.

We will continue to populate historical vulnerability data while also ensuring we have the most comprehensive and current vulnerability database on the market for the community to use.

Key Features of Wordfence Intelligence Community Edition

Overview of Attack Data Targeting WordPress Sites

On the dashboard of Wordfence Intelligence Community Edition, users can see insights on data related to attack volume targeting WordPress websites. This includes the total number of login attacks and exploit attempts the Wordfence Firewall has blocked, the total number of malware sightings the Wordfence Scanner and our incident response team has observed, along with the top 10 attacking IP addresses in the past 24 hours, the top 10 unique WordPress vulnerabilities being targeted in the past 24 hours, and the top 5 generic vulnerability types being targeted in the past 24 hours in addition to their attack volume. This data can be used to make more informed decisions on the threats faced by WordPress site owners for better risk mitigation. This data can also be used to enhance security research in the WordPress space.

Select Vulnerabilities Enriched with Attack Data

Select vulnerabilities in the database are enriched with data on the attack volume targeting those particular vulnerabilities in the past 24 hours. This gives unparalleled insight into the threat landscape for WordPress, providing site owners, analysts, and security researchers with current and up to date information on the most attacked WordPress vulnerabilities.

Researcher Hall of Fame & Leaderboard

All researchers credited with discoveries in our database are in our Researcher Hall of Fame with their total vulnerability count for the past 30 days and for all time. Researchers can see their all time and 30 day ranking compared to other researchers in the field. Researchers who want to be higher up on the leaderboard will need to find and responsibly disclose more vulnerabilities than their fellow researchers. We hope that this will create a friendly competition to encourage more vulnerability research that in turn makes the WordPress ecosystem more secure.

Individual Researcher Vulnerability Finds All in One Place

Each researcher has their own unique page that lists the total number of vulnerabilities they have discovered in the past 30 days and all time, along with the list of all the vulnerability finds that have been attributed to that researcher. This can be shared with anyone from prospective job employers who may want to see an individual’s previous research, to friends and family researchers may want to show off their work to. Whatever the purpose, this was designed for researchers to be able to hold all of their vulnerability discoveries in one central place.

If you’re a researcher, and your page is missing some of your vulnerability discoveries, please make sure to fill out our vulnerability submissions form here. Any vulnerability reported to us will receive a CVE ID and we will gladly assign CVE IDs to any older discoveries you may have already in our database upon request.

Wordfence Scan Results Enhanced

The Wordfence scanner will now provide a link to the Wordfence Intelligence Community Edition Vulnerability Database’s applicable record when a vulnerability has been detected on a site. This can be used to obtain more information about a vulnerability so that site owners can make informed decisions on how to proceed with remediating any given vulnerability. In most cases the solution is to update to a newer patched version, however, in cases where a plugin or theme has been closed and there is no patch available, this information will help guide decision making when assessing a site’s risk.

It takes a community.

That is why we are calling this Wordfence Intelligence Community Edition. A vast majority of the vulnerabilities in our database are from independent researchers and other organizations conducting security research on WordPress plugins, themes, and core. Without them and their dedicated work finding and responsibly disclosing vulnerabilities, there would be no database of WordPress vulnerabilities to catalog and there would not be nearly as many patches, or opportunities to secure WordPress websites, available to site owners. That’s why we will make sure finding information about vulnerabilities is as easy as possible and researchers get the credit they deserve with Wordfence Intelligence Community Edition.

As we continue to evolve this platform, we will keep this at the forefront of our minds and ensure we continue to deliver a product that will help make the WordPress ecosystem more secure and have a positive impact on the community of security researchers working to make this possible.

In return, we would like to ask the community to help us in making sure this remains the best resource for the community. If you’d like to add any additional details to our vulnerability records or have vulnerabilities you have discovered that should be added to the database, we hope that you’ll reach out to us so we can further improve the database that will remain accessible to all.

A Gift to the Community.

As part of this launch, we have made the vulnerability data feed from Wordfence Intelligence, completely free to access. The feed contains a complete dump of the vulnerabilities and related data in our database  You can find the documentation on what is included in this API and how to query it here.  You are more than welcome to implement this data in whatever way you would like commercially and personally. We hope that by making this accessible to everyone, we can create a more secure WordPress ecosystem and better platform for researchers to get the credit they deserve.

This is just the beginning. Stay tuned, and make sure you are signed up for our mailing list, for more exciting things to come!

CHECK OUT WORDFENCE INTELLIGENCE COMMUNITY EDITION NOW!

I would like to say a huge congratulations and special thank you to everyone on the Wordfence team that made Wordfence Intelligence Community Edition come to life. From our threat intelligence team processing and manually creating thousands of vulnerability records over a several month period, to our engineering and QA teams who have developed and tested this incredible platform. Without your dedicated work, we would not be able to make the online WordPress community a more secure place for all.

Did you enjoy this post? Share it!

Source :
https://www.wordfence.com/blog/2022/12/wordfence-free-vulnerability-database/

PSA: YITH WooCommerce Gift Cards Premium Plugin Exploited in the Wild

The Wordfence Threat Intelligence team has been tracking exploits targeting a Critical Severity Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium, a plugin with over 50,000 installations according to the vendor.

The vulnerability, reported by security researcher Dave Jong and publicly disclosed on November 22, 2022, impacts plugin versions up to and including 3.19.0 and allows unauthenticated attackers to upload executable files to WordPress sites running a vulnerable version of the plugin. This allows attackers to place a back door, obtain Remote Code Execution, and take over the site.

All Wordfence customers, including Wordfence PremiumCare, and Response customers as well as Wordfence free users, are protected against exploits targeting this vulnerability by the Wordfence firewall’s built-in file upload rules which prevent the upload of files with known dangerous extensions, files containing executable PHP code, and known malicious files.

We highly recommend updating to the latest version of the plugin, which is 3.21.0 at the time of this writing.


Description: Unauthenticated Arbitrary File Upload
Affected Plugin: Yith WooCommerce Gift Cards Premium
Plugin Slug: yith-woocommerce-gift-cards-premium
Affected Versions: <= 3.19.0
CVE IDCVE-2022-45359
CVSS Score: 9.8 (Critical)
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Researcher/s: Dave Jong
Fully Patched Version: 3.20.0

We were able to reverse engineer the exploit based on attack traffic and a copy of the vulnerable plugin and are providing information on its functionality as this vulnerability is already being exploited in the wild and a patch has been available for some time.

The issue lies in the import_actions_from_settings_panel function which runs on the admin_init hook.

Since admin_init runs for any page in the /wp-admin/ directory, it is possible to trigger functions that run on admin_init as an unauthenticated attacker by sending a request to /wp-admin/admin-post.php.

Since the import_actions_from_settings_panel function also lacks a capability check and a CSRF check, it is trivial for an attacker to simply send a request containing a page parameter set to yith_woocommerce_gift_cards_panel, a ywgc_safe_submit_field parameter set to importing_gift_cards, and a payload in the file_import_csv file parameter.

Since the function also does not perform any file type checks, any file type including executable PHP files can be uploaded.

151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541publicfunctionimport_actions_from_settings_panel() {    if( ! isset( $_REQUEST['page'] ) || 'yith_woocommerce_gift_cards_panel'!= $_REQUEST['page'] || ! isset( $_REQUEST['ywgc_safe_submit_field'] ) ) {        return;    }    if( $_REQUEST['ywgc_safe_submit_field'] == 'importing_gift_cards') {        if( ! isset( $_FILES['file_import_csv'] ) || ! is_uploaded_file( $_FILES['file_import_csv']['tmp_name'] ) ) {            return;        }        $uploaddir= wp_upload_dir();        $temp_name= $_FILES['file_import_csv']['tmp_name'];        $file_name= $_FILES['file_import_csv']['name'];        if( ! move_uploaded_file( $temp_name, $uploaddir['basedir'] . '\\'. $file_name) ) {            return;        }        $this->import_from_csv( $uploaddir['basedir'] . '\\'. $file_name, get_option( 'ywgc_csv_delimitier', ';') );    }}

Cyber Observables

These attacks may appear in your logs as unexpected POST requests to wp-admin/admin-post.php from unknown IP addresses. Additionally, we have observed the following payloads which may be useful in determining whether your site has been compromised. Note that we are providing normalized hashes (hashes of the file with all extraneous whitespace removed):

kon.php/1tes.php – this file loads a copy of the “marijuana shell” file manager in memory from a remote location at shell[.]prinsh[.]com and has a normalized sha256 hash of 1a3babb9ac0a199289262b6acf680fb3185d432ed1e6b71f339074047078b28c

b.php – this file is a simple uploader with a normalized sha256 hash of 3c2c9d07da5f40a22de1c32bc8088e941cea7215cbcd6e1e901c6a3f7a6f9f19

admin.php – this file is a password-protected backdoor and has a normalized sha256 hash of 8cc74f5fa8847ba70c8691eb5fdf8b6879593459cfd2d4773251388618cac90d

Although we’ve seen attacks from more than a hundred IPs, the vast majority of attacks were from just two IP addresses:

103.138.108.15, which sent out 19604 attacks against 10936 different sites
and
188.66.0.135, which sent 1220 attacks against 928 sites.

The majority of attacks occurred the day after the vulnerability was disclosed, but have been ongoing, with another peak on December 14, 2022. As this vulnerability is trivial to exploit and provides full access to a vulnerable website we expect attacks to continue well into the future.

Recommendations

If you are running a vulnerable version of YITH WooCommerce Gift Cards Premium, that is, any version up to and including 3.19.0, we strongly recommend updating to the latest version available. While the Wordfence firewall does provide protection against malicious file uploads even for free users, attackers may still be able to cause nuisance issues by abusing the vulnerable functionality in less critical ways.

If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance. If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of YITH WooCommerce Gift Cards Premium as soon as possible.

If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence Community Edition leaderboard.

Did you enjoy this post? Share it!

Source :
https://www.wordfence.com/blog/2022/12/psa-yith-woocommerce-gift-cards-premium-plugin-exploited-in-the-wild/