Friday, July 23, 2021

SonicWall firewall maker hacked Via Zero-Day Flaw in its products

Must Read

Suspected Pakistani hackers targeting the Indian Power company with ReverseRat

According to a new study, a threat actor suspected of having links with Pakistan is targeting the government and...

83% of Top 30 US retailers have online vulnerabilities, cause security threats

Cyberpion published research now showing that nearly all (83 percent ) of those best U.S. retailers have links to...

NimzaLoader malware was written Nim Programming Language to be less detected

NimzaLoader malware is unusual because it's written in a programming language rarely used by cybercriminals - which could make...

SonicWall, who built the communications equipment, said on Friday night, he was investigating a security breach of his internal network after discovering what he described as a “sophisticated attack.”

SonicWall has issued an emergency security alert about threat actors using the zero-day risk on their VPN products to attack their internal systems.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gates, and network security solutions in their products widely used in SMB / SMEs and large business organizations.

In a brief statement posted on its website, the company said, “the most high-risk actors” have targeted their internal systems “by using zero-day risks on certain SonicWall secure access products.”

The company has Marked NetExtender VPN customers and Secure Mobile Access (SMA) gateways as affected:

  • The NetExtender VPN 10.x client version (released in 2020) was used to connect to SMA 100 series devices and SonicWall fire extinguishers.
  • Secure Mobile Access (SMA) version 10.x operating on SMA 200, SMA 210, SMA 400, SMA 410 consumables, and SMA 500v.
  • SonicWall said the new SMA 1000 series is unaffected as this particular product series uses a different VPN client than NetExtender.

The zero-day risk patches are not available at the time of writing.

To help keep its customers’ networks secure, the vendor has included a series of limitations in its information database, such as installing a firewall to limit who can interact with SMA devices or disable access to a NetExtender VPN client to its firewalls.

SonicWall also urged companies to enable two authentication options for their products on admin accounts.

The communications device manufacturer, whose product is often used to protect corporate networks, is now the fourth security vendor to expose security breaches over the past two months, following FireEye, Microsoft, and Malwarebyte.

All three previous companies were broken during the SolarWinds chain attack. CrowdStrike said it targeted the SolarWinds hack as well, but the attack was unsuccessful.

Cisco, another major retailer of communications and security devices, was also targeted by SolarWinds hackers. Last month, the company was investigating whether attackers increased their access for the first time from SolarWinds products to other parts of its network.

Several sources have also suggested that SonicWall may have been the victim of a ransomware attack.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This