SonicWall

SonicWall has addressed concerns regarding a recent increase in attacks targeting Gen 7 and newer firewalls with SSL VPN enabled, clarifying that the surge is not linked to any new, undisclosed vulnerabilities. Following a thorough investigation, the company determined that the activity stems primarily from the exploitation of an older, now-patched vulnerability (CVE-2024-40766) combined with the reuse of passwords, particularly among organizations that migrated user accounts from Gen 6 to Gen 7 devices without enforcing password resets.

SonicWall has issued a critical advisory for network administrators to immediately disable SSLVPN services on Gen 7 firewall and Secure Mobile Access (SMA) devices due to an unprecedented wave of targeted cyberattacks, including high-profile ransomware exploits.

SonicWall has addressed a critical security vulnerability impacting its Secure Mobile Access (SMA) 100 series devices by releasing an urgent firmware patch. This action follows recent reports of sophisticated malware attacks targeting these devices, underscoring the urgent need for organizations to secure their networks promptly.

A newly discovered malware campaign is targeting legacy SonicWall Secure Mobile Access (SMA) 100 series appliances, deploying a sophisticated user-mode rootkit known as OVERSTEP. The campaign, attributed to the financially motivated threat group UNC6148, has enabled persistent access to enterprise networks, credential theft, and facilitated follow-on extortion activities linked to ransomware operators.

SonicWall has issued an alert about an active campaign distributing a trojanized version of its NetExtender SSL VPN client designed to steal user information, specifically VPN credentials and configuration details. This fake NetExtender app closely mimics the legitimate version 10.3.2.27 but has been modified by threat actors to exfiltrate sensitive data to a remote server.