WatchGuard announces Dark Web Scan Feature

WatchGuard announced in the last days a new feature called Dark Web Scan. The feature is hosted in the WatchGuard cloud. With this new tool, you can perform searches based on email addresses and domain names to see which accounts have been exposed on the dark web during known data breaches.

Here are some screenshots from my test:

You can find the Dark Web Scan in your WatchGuard Cloud account under Administration –> Dark Web Scan
«WatchGuard announces Dark Web Scan Feature» weiterlesen

Menlo Security Prevents Zero-Day Threat on Internet Explorer

The still-active Zero-Day Exploit threatens the frequently vulnerable JavaScript Engine

Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380.

The remote code execution vulnerability allows an attacker to take advantage of how the engine handles memory and to force corruption.

«Menlo Security Prevents Zero-Day Threat on Internet Explorer» weiterlesen

WatchGuard Authentication fails with AuthPoint Gateway lower than version 5.1.5

What is the problem?
AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.

When must I update my AuthPoint Gateway?
If you use AuthPoint Gateway software v5.1.3.158 or lower, you must update your Gateway software to v5.1.5 as soon as possible. If you update your Gateway software before the dates referenced below, this issue will not impact you.

  • For AuthPoint users in the APAC cloud region – 10 October 2019
  • For AuthPoint users in the EMEA cloud region – 16 October 2019
  • For AuthPoint users in the AMER cloud region – 17 October 2019
«WatchGuard Authentication fails with AuthPoint Gateway lower than version 5.1.5» weiterlesen

WatchGuard Fireware 12.5

Watchguard is going to release Fireware version 12.5 in the next few days / weeks. From the public beta phase some new features are already known, which I would like to introduce here:

Update: Fireware 12.5 has been released.
Please check the » What’s New in Fireware v12.5 » presentation for detailed information.

Reverse Proxy for the Access Portal

In the Access Portal configuration, you can now configure reverse proxy actions so remote users can connect to internal web applications and Microsoft Exchange services with an external URL. With reverse proxy actions, you can give remote teams access to internal resources without the need for a VPN. Multi-factor authentication is supported as well.

«WatchGuard Fireware 12.5» weiterlesen

WatchGuard Fireware Version 12.4

WatchGuard hat die neuste Version von Fireware 12.4. herausgebracht. Wir haben hier die grössten Änderungen dokumentiert.

Die Software können Sie auf folgender Seite herunterladen:
Ebenfalls gibt es ein komplettes What’s new in 12.4 Dokument hier: What’s new in 12.4 oder ein Webinar.


Fireware bietet bereits seit der Version 12.3. die Funktionalität SD-WAN an, welche die bisherige Funktion policy-based routing ersetzt. Mit SD-WAN ist es möglich, Interface Failover und Failback detailliert zu konfigurieren. Dabei ist es möglich, neu mit 12.4 auch interne Interfaces und BOVPN virtual Interface Tunnels in diese SD-WAN Aktionen miteinzubeziehen. So lassen sich jetzt zum Beispiel eine Aussenstelle mittels einem BOVPN und einer Mitleitung, welche intern geroutet wird, überwachen und bei Ausfall entsprechend zu reagieren. Auf den jeweiligen Interfaces lassen sich die Paketverlustrate, Latency und Jitter messen und anhand diesen Kriterien ein Failover veranlassen.

«WatchGuard Fireware Version 12.4» weiterlesen

Update: Boll USB RJ45 Serial Konsolen Kabel. Auch als USB-C Variante verfügbar!

Unser Boll Serial Konsolen Kabel gibt es ab sofort auch als USB-C Variante. Administratoren mit modernen USB-C Notebooks benötigen somit keinen Adapter mehr. Einfach direkt einstecken. Den Artikel finden sie in unserem Partner Shop in der Kategorie Boll Accessoires. Oder einfach in der  Suchmaske mit dem Artikelnamen ‹UCON90C› eingeben. Für weitere Infos siehe Original Betrag weiter unten

«Update: Boll USB RJ45 Serial Konsolen Kabel. Auch als USB-C Variante verfügbar!» weiterlesen

Locky – New Crypto Ransomware in the Wild


Jonas Spieckermann, Watchguard

Artikel vom WatchGuard Security Center:

Last week,  a new ransomware variant called Locky began spreading in the wild.

Locky encrypts data on an infected system using AES encryption, and then leaves a blackmail letter (which is localized in several languages) asking for half a bitcoin to get your data back. More disturbingly, it also searches for any network share (not just mapped shares), and encrypts data on those remote shares as well. If you leverage cloud storage solutions, your backup may get infected as well when it synchronizes the encrypted files. Currently, researchers have not found a way to decrypt files Locky has locked.

Figure 1: Example of Locky’s ransom warning.
«Locky – New Crypto Ransomware in the Wild» weiterlesen

FortiGate Service ALL nach Firmware Upgrade verändert

Update: Fortinet hat das Problem erkannt und in einem Customer Support Bulletin beschrieben.

In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.

The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.

Executing a factory-reset on the FortiGate device does NOT change the default value to 6.

Affected Products:

All FortiGate models.


FortiOS v5.0.10 and v5.2.3 has fixed the issue.  Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.

«FortiGate Service ALL nach Firmware Upgrade verändert» weiterlesen